Skip to content
/ capirca_acl Public

This collection includes a module (translate) to use Capirca from your Ansible playbooks.

License

GPL-3.0 license
10 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nleiva/capirca_acl

BranchesTags

Repository files navigation

Capirca ACL Collection for Ansible

CI

This repo hosts an unofficial Capirca Ansible Collection.

This collection includes a module (translate) to use Capirca from your Ansible playbooks as well as a lookup plugins for resolving symbols into networks and services.

Included content

Click on the name of a plugin or module to view that content's documentation:

  • Modules:
  • Plugins:
    • network: Lookup network definition.
    • service: Lookup service definition.

Installation and Usage

Installing the Collection from Ansible Galaxy

Before using this collection, you need to install it with the Ansible Galaxy CLI:

ansible-galaxy collection install nleiva.capirca_acl

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml, using the format:

---
collections:
  - name: nleiva.capirca_acl
    version: 0.3.1

Using modules from the Capirca ACL Collection in your playbooks

You can either call modules by their Fully Qualified Collection Namespace (FQCN), like nleiva.capirca_acl.translate, or you can call modules by their short name if you list the nleiva.capirca_acl collection in the playbook's collections, like so:

---
- hosts: localhost
  gather_facts: no
  connection: local

  collections:
    - nleiva.capirca_acl

  tasks:
    - name: Run this module to generate an ACL
      translate:
        platform: 'ciscoxr'
        filter_options:
          - ipv6-test-filter
          - inet6
        def_folder: "files/def"
        pol_file: "files/policies/terms.pol"
      register: testout

    - name: Dump the resulting ACL
      debug:
        msg: '{{ testout.message }}'

See translate for more details.

Using plugins from the Capirca ACL Collection in your playbooks

    - name: Lookup services
      ansible.builtin.debug:
        msg:
          - "{{ lookup('nleiva.capirca_acl.service', 'HTTP', 'HTTPS', def_folder='tests/integration/targets/translate/files/def') }}"
    #  '80/tcp,443/tcp'

  - name: Lookup network
      ansible.builtin.debug:
        msg:
          - "{{ lookup('nleiva.capirca_acl.network', 'WEB_SERVERS', def_folder='tests/integration/targets/translate/files/def') }}"
    # [IPv4('200.1.1.1/32'), IPv4('200.1.1.2/32')]

Run an example

The example documented in translate can be run with:

make example

Testing and Development

Testing with ansible-test

The tests directory contains configuration for running sanity and integration tests using ansible-test.

You can run the collection's test suites with the command:

make test-remote

Testing locally with Ansible

You can run the collection's test suites without ansible-test with the command:

make test-local

Publishing New Versions

We first need to make sure the test cases run successfully:

make test-local

Then we need to TAG the version with a version number greater than the latest one: And finally, build:

make build

It will end up on Capirca Collection Galaxy page](https://galaxy.ansible.com/nleiva/capirca_acl) if you have access to the namespace.

More Information

For more information about Capirca, join the #capirca channel on NetworkToCode Slack, and browse the resources in the Capirca Wiki page.

License

GNU General Public License v3.0 or later

See LICENCE to see the full text.

About

This collection includes a module (translate) to use Capirca from your Ansible playbooks.

Topics

security ansible juniper cisco acl iptables arista ansible-galaxy ansible-modules nftables paloalto

Resources

Readme

License

GPL-3.0 license
Activity

Stars

10 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

10 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages