I’m trying to define my argument_spec to AnsibleModule such that it will validate a nested list of dictionaries. I am supplying a series of firewall policy configurations, for which order matters, and I need access to the entire list of policies to ensure they are ordered correctly in the final configuration.
Here is an example YAML:
`
- name: update firewall policies
fortios_firewall_policy:
rules: - srcintf:
- {name: “port4”}
dstintf: - {name: “port3”,}
srcaddr: - {name: “”,}
dstaddr: - {name: “all”}
action: “accept”
schedule: “always”
service: “ALL_ICMP”
comments: “internet_outbound_nat”
name: “ICMP_out”
nat: “enable” - srcintf:
- {name: “port3”}
dstintf: - {name: “port4”}
srcaddr: - {name: “all”}
dstaddr: - {name: “all”}
action: “accept”
schedule: “always”
service: “ALL_ICMP”
comments: “allow_icmp_in”
name: “icmp_in”
`
And my attempt at defining argument_spec:
`
rule_spec = {
‘action’: dict(type=‘str’, options=[‘accept’, ‘deny’, ‘ipsec’, ‘ssl-vpn’]), ‘comments’: dict(type=‘str’),
‘dstaddr’: dict(type=‘list’),
‘dstaddr-negate’: dict(type=‘str’, options=[‘enable’, ‘disable’]),
‘dstintf’: dict(type=‘list’),
‘name’: dict(type=‘str’), ‘nat’: dict(type=‘str’, options=[‘enable’, ‘disable’]),
‘schedule’: dict(type=‘str’),
‘service’: dict(type=‘list’),
‘srcaddr’: dict(type=‘list’),
‘srcaddr-negate’: dict(type=‘str’, options=[‘enable’, ‘disable’]),
‘srcintf’: dict(type=‘list’),
}
firewall_argument_spec = arg_spec = {
‘rules’: dict(type=‘list’, elements=‘dict’, options=rule_spec)
}
`
This doesn’t work. At the correct level of the spec, _check_argument_types iterates over the entire list of dictionaries, and since none of the spec keys exist in that list, it doesn’t check any of them.
Is there a way to structure my argument spec so I can specify an entire list of resources in the YAML and have them validated by AnsibleModule.init, or am I going to have to write my own validation for this circumstance?
Thanks!
Will