[ansible-devel] How to correctly specify AnsibleModule sub specs

[Will Wagner]

I'm trying to define my argument_spec to AnsibleModule such that it will 
validate a nested list of dictionaries. I am supplying a series of firewall 
policy configurations, for which order matters, and I need access to the 
entire list of policies to ensure they are ordered correctly in the final 
configuration.

Here is an example YAML:
    
- name: update firewall policies
    fortios_firewall_policy:
      rules:
      - srcintf:
          - {name: "port4"}
        dstintf:
          - {name: "port3",}
        srcaddr:
          - {name: "",}
        dstaddr:
          - {name: "all"}
        action: "accept"
        schedule: "always"
        service: "ALL_ICMP"
        comments: "internet_outbound_nat"
        name: "ICMP_out"
        nat: "enable"
      - srcintf:
          - {name: "port3"}
        dstintf:
          - {name: "port4"}
        srcaddr:
          - {name: "all"}
        dstaddr:
          - {name: "all"}
        action: "accept"
        schedule: "always"
        service: "ALL_ICMP"
        comments: "allow_icmp_in"
        name: "icmp_in"

And my attempt at defining argument_spec:

rule_spec = {
 'action': dict(type='str', options=['accept', 'deny', 'ipsec', 'ssl-vpn']), 
'comments': dict(type='str'),
 'dstaddr': dict(type='list'),
 'dstaddr-negate': dict(type='str', options=['enable', 'disable']),
 'dstintf': dict(type='list'),

 'name': dict(type='str'), 'nat': dict(type='str', options=['enable', 
'disable']),
 'schedule': dict(type='str'),
 'service': dict(type='list'),
 'srcaddr': dict(type='list'),
 'srcaddr-negate': dict(type='str', options=['enable', 'disable']),
 'srcintf': dict(type='list'),

 
}

firewall_argument_spec = arg_spec = {
 'rules': dict(type='list', elements='dict', options=rule_spec)
}

This doesn't work. At the correct level of the spec, _check_argument_types 
iterates over the entire list of dictionaries, and since none of the spec 
keys exist in that list, it doesn't check any of them.

Is there a way to structure my argument spec so I can specify an entire 
list of resources in the YAML and have them validated by 
AnsibleModule.__init__, or am I going to have to write my own validation 
for this circumstance?

Thanks!
Will

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.