Merge pull request netbox-community#1287 from richbibby/1156-feature-…

…netbox-37-vpn
richbibby · Jul 26, 2024 · d2d9c71 · d2d9c71
2 parents eea1aec + 73c6565
commit d2d9c71
Show file tree

Hide file tree

Showing 11 changed files with 760 additions and 0 deletions.
diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -78,6 +78,8 @@ action_groups:
     - netbox_tag
     - netbox_tenant
     - netbox_tenant_group
+    - netbox_tunnel
+    - netbox_tunnel_group
     - netbox_virtual_chassis
     - netbox_virtual_machine
     - netbox_vlan

diff --git a/plugins/module_utils/netbox_utils.py b/plugins/module_utils/netbox_utils.py
@@ -131,6 +131,9 @@
     vpn={
         "l2vpns": {"introduced": "3.7"},
         "l2vpn_terminations": {"introduced": "3.7"},
+        "tunnels": {"introduced": "3.7"},
+        "tunnel_groups": {"introduced": "3.7"},
+        "ipsec_profiles": {"introduced": "3.7"},
     },
 )
 
@@ -201,6 +204,7 @@
     site_group="slug",
     tenant="slug",
     tenant_group="slug",
+    tunnel="name",
     time_zone="timezone",
     virtual_chassis="name",
     virtual_machine="name",
@@ -257,6 +261,7 @@
     "inventory_item_role": "inventory_item_roles",
     "ip_addresses": "ip_addresses",
     "ipaddresses": "ip_addresses",
+    "ipsec_profile": "ipsec_profiles",
     "location": "locations",
     "lag": "interfaces",
     "manufacturer": "manufacturers",
@@ -313,6 +318,7 @@
     "tenant_groups": "tenant_groups",
     "termination_a": "interfaces",
     "termination_b": "interfaces",
+    "tunnel_group": "tunnel_groups",
     "untagged_vlan": "vlans",
     "virtual_chassis": "virtual_chassis",
     "virtual_machine": "virtual_machines",
@@ -399,6 +405,8 @@
     "tags": "tags",
     "tenants": "tenant",
     "tenant_groups": "tenant_group",
+    "tunnels": "tunnel",
+    "tunnel_groups": "tunnel_group",
     "virtual_chassis": "virtual_chassis",
     "virtual_machines": "virtual_machine",
     "virtual_disks": "virtual_disk",
@@ -537,6 +545,8 @@
     "tenant_group": set(["slug"]),
     "termination_a": set(["name", "device", "virtual_machine"]),
     "termination_b": set(["name", "device", "virtual_machine"]),
+    "tunnel": set(["name"]),
+    "tunnel_group": set(["slug"]),
     "untagged_vlan": set(["group", "name", "site", "vid", "vlan_group", "tenant"]),
     "virtual_chassis": set(["name", "master"]),
     "virtual_machine": set(["name", "cluster"]),
@@ -630,6 +640,7 @@
     "tenant_group": "group",
     "termination_a": "termination_a_id",
     "termination_b": "termination_b_id",
+    "tunnel_group": "group",
     "virtual_machine_role": "role",
     "vlan_role": "role",
     "vlan_group": "group",
@@ -660,6 +671,7 @@
     "tags",
     "tenants",
     "tenant_groups",
+    "tunnel_groups",
     "manufacturers",
     "platforms",
     "providers",

diff --git a/plugins/module_utils/netbox_vpn.py b/plugins/module_utils/netbox_vpn.py
@@ -17,6 +17,8 @@
 
 NB_L2VPNS = "l2vpns"
 NB_L2VPN_TERMINATIONS = "l2vpn_terminations"
+NB_TUNNELS = "tunnels"
+NB_TUNNEL_GROUPS = "tunnel_groups"
 
 
 class NetboxVpnModule(NetboxModule):
@@ -30,6 +32,8 @@ def run(self):
         Supported endpoints:
         - l2vpns
         - l2vpn_terminations
+        - tunnels
+        - tunnel_groups
         """
         # Used to dynamically set key when returning results
         endpoint_name = ENDPOINT_NAME_MAPPING[self.endpoint]

diff --git a/plugins/modules/netbox_tunnel.py b/plugins/modules/netbox_tunnel.py
@@ -0,0 +1,211 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2024, Rich Bibby, NetBox Labs (@richbibby)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = r"""
+---
+module: netbox_tunnel
+short_description: Create, update or delete tunnels within NetBox
+description:
+  - Creates, updates or removes tunnels from NetBox
+notes:
+  - Tags should be defined as a YAML list
+  - This should be ran with connection C(local) and hosts C(localhost)
+author:
+  - Rich Bibby, NetBox Labs (@richbibby)
+requirements:
+  - pynetbox
+version_added: '3.20.0'
+extends_documentation_fragment:
+  - netbox.netbox.common
+options:
+  data:
+    type: dict
+    description:
+      - Defines the tunnel configuration
+    suboptions:
+      name:
+        description:
+          - The name of the tunnel
+        required: true
+        type: str
+      status:
+        description:
+          - Status of the tunnel
+        required: false
+        type: raw
+      tunnel_group:
+        description:
+          - The Tunnel group the VLAN will be associated with. Must exist in NetBox
+        required: false
+        type: raw
+      encapsulation:
+        description:
+          - The encapsulation protocol or technique employed to effect the tunnel
+        choices:
+          - ipsec-transport
+          - ipsec-tunnel
+          - ip-ip
+          - gre
+        required: true
+        type: str
+      ipsec_profile:
+        description:
+          - The IPSec Profile employed to negotiate security associations
+        required: false
+        type: raw
+      tenant:
+        description:
+          - The tenant that the tunnel will be associated with
+        required: false
+        type: raw
+      tunnel_id:
+        description:
+          - The ID of the tunnel
+        required: false
+        type: int
+      description:
+        description:
+          - The description of the tunnel
+        required: false
+        type: str
+      comments:
+        description:
+          - Comments that may include additional information in regards to the tunnel
+        required: false
+        type: str
+      tags:
+        description:
+          - Any tags that the tunnel may need to be associated with
+        required: false
+        type: list
+        elements: raw
+      custom_fields:
+        description:
+          - Must exist in NetBox
+        required: false
+        type: dict
+    required: true
+"""
+
+EXAMPLES = r"""
+- name: "Test NetBox modules"
+  connection: local
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+    - name: Create tunnel within NetBox with only required information
+      netbox.netbox.netbox_tunnel:
+        netbox_url: http://netbox.local
+        netbox_token: thisIsMyToken
+        data:
+          name: Test Tunnel
+          encapsulation: ipsec-tunnel
+        state: present
+
+    - name: Delete tunnel within NetBox
+      netbox.netbox.netbox_tunnel:
+        netbox_url: http://netbox.local
+        netbox_token: thisIsMyToken
+        data:
+          name: Test Tunnel
+          encapsulation: ipsec-tunnel
+        state: absent
+
+    - name: Create tunnel with all information
+      netbox.netbox.netbox_tunnel:
+        netbox_url: http://netbox.local
+        netbox_token: thisIsMyToken
+        data:
+          name: Test Tunnel
+          status: planned
+          tunnel_group: Test Tunnel Group
+          encapsulation: ipsec-tunnel
+          ipsec_profile: ipsec-profile
+          description: Test Description
+          tenant: Test Tenant
+          tunnel_id: 200
+          tags:
+            - Schnozzberry
+        state: present
+"""
+
+RETURN = r"""
+tunnel:
+  description: Serialized object as created or already existent within NetBox
+  returned: success (when I(state=present))
+  type: dict
+msg:
+  description: Message indicating failure or info about what has been achieved
+  returned: always
+  type: str
+"""
+
+from ansible_collections.netbox.netbox.plugins.module_utils.netbox_utils import (
+    NetboxAnsibleModule,
+    NETBOX_ARG_SPEC,
+)
+from ansible_collections.netbox.netbox.plugins.module_utils.netbox_vpn import (
+    NetboxVpnModule,
+    NB_TUNNELS,
+)
+from copy import deepcopy
+
+
+def main():
+    """
+    Main entry point for module execution
+    """
+    argument_spec = deepcopy(NETBOX_ARG_SPEC)
+    argument_spec.update(
+        dict(
+            data=dict(
+                type="dict",
+                required=True,
+                options=dict(
+                    name=dict(required=True, type="str"),
+                    status=dict(required=False, type="raw"),
+                    tunnel_group=dict(required=False, type="raw"),
+                    encapsulation=dict(
+                        required=True,
+                        type="str",
+                        choices=[
+                            "ipsec-transport",
+                            "ipsec-tunnel",
+                            "ip-ip",
+                            "gre",
+                        ],
+                    ),
+                    ipsec_profile=dict(required=False, type="raw"),
+                    tenant=dict(required=False, type="raw"),
+                    tunnel_id=dict(required=False, type="int"),
+                    description=dict(required=False, type="str"),
+                    comments=dict(required=False, type="str"),
+                    tags=dict(required=False, type="list", elements="raw"),
+                    custom_fields=dict(required=False, type="dict"),
+                ),
+            ),
+        )
+    )
+
+    required_if = [
+        ("state", "present", ["name", "encapsulation"]),
+        ("state", "absent", ["name", "encapsulation"]),
+    ]
+
+    module = NetboxAnsibleModule(
+        argument_spec=argument_spec, supports_check_mode=True, required_if=required_if
+    )
+
+    netbox_tunnel = NetboxVpnModule(module, NB_TUNNELS)
+    netbox_tunnel.run()
+
+
+if __name__ == "__main__":  # pragma: no cover
+    main()