junipernetworks.junos.junos_security_zones 模块 – 管理 Juniper JUNOS 设备上的安全区域

注意

此模块是 junipernetworks.junos 集合 (版本 9.1.0) 的一部分。

如果您使用的是 ansible 包，则可能已安装此集合。它不包含在 ansible-core 中。要检查它是否已安装，请运行 ansible-galaxy collection list。

要安装它，请使用：ansible-galaxy collection install junipernetworks.junos。您需要其他要求才能使用此模块，有关详细信息，请参阅 要求。

要在 playbook 中使用它，请指定：junipernetworks.junos.junos_security_zones。

junipernetworks.junos 2.9.0 中的新增功能

概要

• 此模块提供对 Juniper JUNOS 设备上安全区域的声明式管理。

要求

执行此模块的主机需要以下要求。

• ncclient (>=v0.6.4)

• xmltodict (>=0.12.0)

参数

参数	注释
config 字典	安全区域参数字典
functional_zone_management 字典	配置用于带外管理接口的主机的功能区域
description 字符串	区域的文本描述
host_inbound_traffic 字典	允许的系统服务和协议
protocols 列表 / 元素=字典	要接受的传入流量的协议类型
except 布尔值	不允许指定的协议流量 选项 false true
name 字符串	要接受的传入协议类型
system_services 列表 / 元素=字典	要接受的传入系统服务流量类型
except 布尔值	不允许指定的传入系统服务流量 选项 false true
name 字符串	要接受的传入系统服务流量类型
interfaces 列表 / 元素=字符串	属于此区域的接口
screen 字符串	应用于区域的 ids 选项对象的名称
zones 列表 / 元素=字典	安全区域
address_book 字典	地址簿条目
address_sets 列表 / 元素=字典	定义安全地址集
address_sets 列表 / 元素=字符串	定义地址集名称
addresses 列表 / 元素=字符串	要包含在此集合中的地址
description 字符串	地址集的文本描述
name 字符串	地址集的名称
addresses 列表 / 元素=字典	定义安全地址
description 字符串	地址的文本描述
dns_name 字典	DNS 地址名称
ipv4_only 布尔值	IPv4 DNS 地址 选项 false true
ipv6_only 布尔值	IPv6 DNS 地址 选项 false true
name 字符串	完全限定的主机名
ip_prefix 字符串	带有前缀的数字 IPv4 或 IPv6 地址
name 字符串	地址的名称
range_address 字典	地址范围
from 字符串	地址范围的开始
to 字符串	地址范围的结束
wildcard_address 字符串	以 a.d.d.r/netmask 形式的数字 IPv4 通配符地址
advance_policy_based_routing_profile 字符串	在此区域启用高级基于策略的路由
advanced_connection_tracking 字典	在此区域启用高级基于策略的路由
mode 字符串	设置连接跟踪模式 选项 "allow-any-host" "allow-target-host" "allow-target-host-port"
timeout 整数	此区域的高级连接跟踪表的时间超时值（以秒为单位）
track_all_policies_to_this_zone 布尔值	强制所有将 to-zone 设置为此区域的策略执行连接跟踪表查找 选项 false true
application_tracking 布尔值	为此区域启用应用程序跟踪支持 选项 false true
description 字符串	区域的文本描述
enable_reverse_reroute 布尔值	当入口接口发生更改时启用反向路由查找 选项 false true
host_inbound_traffic 字典	允许的系统服务和协议
protocols 列表 / 元素=字典	要接受的传入流量的协议类型
except 布尔值	不允许指定的协议流量 选项 false true
name 字符串	要接受的传入协议类型
system_services 列表 / 元素=字典	要接受的传入系统服务流量类型
except 布尔值	不允许指定的传入系统服务流量 选项 false true
name 字符串	要接受的传入系统服务流量类型
interfaces 列表 / 元素=字符串	属于此区域的接口
name 字符串	安全区域的名称
screen 字符串	应用于区域的 ids 选项对象的名称
source_identity_log 布尔值	在此区域的会话日志中显示用户和组信息 选项 false true
tcp_rst 布尔值	为与 TCP 会话不匹配的非 SYN 数据包发送 RST 选项 false true
unidirectional_session_refreshing 布尔值	在此区域启用单向会话刷新 选项 false true
running_config 字符串	此选项仅与状态 *parsed* 一起使用。 此选项的值应为通过执行命令 **show security policies** 从 JunOS 设备接收的输出。 状态 *parsed* 从 running_config 选项读取配置并将其转换为 Ansible 结构化数据，该数据符合资源模块的 argspec，然后该值在结果中的 *parsed* 键中返回。
state 字符串	配置应保留到的状态 状态 *rendered*、*gathered* 和 *parsed* 不会对设备进行任何更改。 状态 *rendered* 将 config 选项中的配置转换为特定于平台的 CLI 命令，这些命令将在结果中的 *rendered* 键中返回。对于状态 *rendered*，不需要与远程主机的活动连接。此模块的行为。 状态 *gathered* 将从设备获取运行配置，并将其转换为符合资源模块 argspec 格式的结构化数据，该值在结果中的 *gathered* 键中返回。 parsed 状态从 running_config 选项读取配置，并根据资源模块参数将其转换为 JSON 格式，结果中的 parsed 键返回该值。 running_config 选项的值应与在设备上执行命令 show security policies detail 的输出格式相同。对于 parsed 状态，不需要与远程主机的活动连接。 选项 "merged" ← (默认) "replaced" "overridden" "deleted" "rendered" "gathered" "parsed"

备注

注意

• 此模块要求在被管理的设备上启用 netconf 系统服务。

• 此模块与连接 netconf 配合使用。

• 请参见 Junos OS 平台选项。

• 已针对 JunOS v18.4R1 进行测试

示例

# Using merged
#
# Before state
# ------------
#
# vagrant@vsrx# show security zones
#
# [edit]
# vagrant@vsrx# show security zones
#
- name: Merge the provided configuration with the exisiting running configuration
  junipernetworks.junos.junos_security_zones: &merged
    config:
      functional_zone_management:
        description: test description
        host_inbound_traffic:
          protocols:
            - name: all
            - name: bgp
              except: true
          system_services:
            - name: all
            - except: true
              name: dhcp
        interfaces:
          - ge-0/0/1.0
          - ge-0/0/2.0
        screen: test_screen
      security_zones:
        - address_book:
            address_sets:
              - addresses:
                  - test_adr1
                  - test_adr2
                name: test_adrset1
              - addresses:
                  - test_adr3
                  - test_adr4
                name: test_adrset2
              - address_sets:
                  - test_adrset1
                  - test_adrset2
                addresses:
                  - test_adr5
                description: test description
                name: test_adrset3
            addresses:
              - description: test desc
                ip_prefix: 10.0.0.0/24
                name: test_adr1
              - dns_name:
                  ipv6_only: true
                  name: 1.1.1.1
                name: test_adr2
              - name: test_adr3
                range_address:
                  from: 10.2.0.1
                  to: 10.2.0.2
              - name: test_adr4
                wildcard_address: 10.3.0.1/24
              - description: test desc
                ip_prefix: 10.1.0.0/24
                name: test_adr5
          advance_policy_based_routing_profile: test_profile
          application_tracking: true
          description: test description
          enable_reverse_reroute: true
          host_inbound_traffic:
            protocols:
              - name: all
              - except: true
                name: bgp
            system_services:
              - name: all
              - except: true
                name: dhcp
          interfaces:
            - ge-0/0/3.0
            - ge-0/0/4.0
          name: test_sec_zone1
          screen: test_screen
          source_identity_log: true
          tcp_rst: true
    state: merged
#
# -------------------------
# Module Execution Result
# -------------------------
#   "after": {
#     "functional_zone_management": {
#         "description": "test description",
#         "host_inbound_traffic": {
#             "protocols": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "bgp"
#                 }
#             ],
#             "system_services": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "dhcp"
#                 }
#             ]
#         },
#         "interfaces": [
#             "ge-0/0/1.0",
#             "ge-0/0/2.0"
#         ],
#         "screen": "test_screen"
#     },
#     "security_zones": [
#         {
#             "address_book": {
#                 "address_sets": [
#                     {
#                         "addresses": [
#                             "test_adr1",
#                             "test_adr2"
#                         ],
#                         "name": "test_adrset1"
#                     },
#                     {
#                         "addresses": [
#                             "test_adr3",
#                             "test_adr4"
#                         ],
#                         "name": "test_adrset2"
#                     },
#                     {
#                         "address_sets": [
#                             "test_adrset1",
#                             "test_adrset2"
#                         ],
#                         "addresses": [
#                             "test_adr5"
#                         ],
#                         "description": "test description",
#                         "name": "test_adrset3"
#                     }
#                 ],
#                 "addresses": [
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.0.0.0/24",
#                         "name": "test_adr1"
#                     },
#                     {
#                         "dns_name": {
#                             "ipv6_only": true,
#                             "name": "1.1.1.1"
#                         },
#                         "name": "test_adr2"
#                     },
#                     {
#                         "name": "test_adr3",
#                         "range_address": {
#                             "from": "10.2.0.1",
#                             "to": "10.2.0.2"
#                         }
#                     },
#                     {
#                         "name": "test_adr4",
#                         "wildcard_address": "10.3.0.1/24"
#                     },
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.1.0.0/24",
#                         "name": "test_adr5"
#                     }
#                 ]
#             },
#             "advance_policy_based_routing_profile": "test_profile",
#             "application_tracking": true,
#             "description": "test description",
#             "enable_reverse_reroute": true,
#             "host_inbound_traffic": {
#                 "protocols": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "bgp"
#                     }
#                 ],
#                 "system_services": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "dhcp"
#                     }
#                 ]
#             },
#             "interfaces": [
#                 "ge-0/0/3.0",
#                 "ge-0/0/4.0"
#             ],
#             "name": "test_sec_zone1",
#             "screen": "test_screen",
#             "source_identity_log": true,
#             "tcp_rst": true
#         }
#     ]
# },
# "before": {},
# "changed": true,
# "commands":
# '<nc:security xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:zones><nc:functional-zone><nc:management><nc:description>t'
# 'est description</nc:description><nc:host-inbound-traffic><nc:protocols><nc:name>all</nc:name></nc:protocols><nc:protocols><nc:na'
# 'me>bgp</nc:name><nc:except/></nc:protocols><nc:system-services><nc:name>all</nc:name></nc:system-services><nc:system-services><n'
# 'c:name>dhcp</nc:name><nc:except/></nc:system-services></nc:host-inbound-traffic><nc:interfaces><nc:name>ge-0/0/1.0</nc:name></nc'
# ':interfaces><nc:interfaces><nc:name>ge-0/0/2.0</nc:name></nc:interfaces><nc:screen>test_screen</nc:screen></nc:management></nc:f'
# 'unctional-zone><nc:security-zone><nc:name>test_sec_zone1</nc:name><nc:address-book><nc:address><nc:name>test_adr1</nc:name><nc:i'
# 'p-prefix>10.0.0.0/24</nc:ip-prefix><nc:description>test desc</nc:description></nc:address><nc:address><nc:name>test_adr2</nc:nam'
# 'e><nc:dns-name><nc:name>1.1.1.1</nc:name><nc:ipv6-only/></nc:dns-name></nc:address><nc:address><nc:name>test_adr3</nc:name><nc:r'
# 'ange-address><nc:name>10.2.0.1</nc:name><nc:to><nc:range-high>10.2.0.2</nc:range-high></nc:to></nc:range-address></nc:address><n'
# 'c:address><nc:name>test_adr4</nc:name><nc:wildcard-address><nc:name>10.3.0.1/24</nc:name></nc:wildcard-address></nc:address><nc:'
# 'address><nc:name>test_adr5</nc:name><nc:ip-prefix>10.1.0.0/24</nc:ip-prefix><nc:description>test desc</nc:description></nc:addre'
# 'ss><nc:address-set><nc:name>test_adrset1</nc:name><nc:address><nc:name>test_adr1</nc:name></nc:address><nc:address><nc:name>test'
# '_adr2</nc:name></nc:address></nc:address-set><nc:address-set><nc:name>test_adrset2</nc:name><nc:address><nc:name>test_adr3</nc:n'
# 'ame></nc:address><nc:address><nc:name>test_adr4</nc:name></nc:address></nc:address-set><nc:address-set><nc:name>test_adrset3</nc'
# ':name><nc:address><nc:name>test_adr5</nc:name></nc:address><nc:address-set><nc:name>test_adrset1</nc:name></nc:address-set><nc:a'
# 'ddress-set><nc:name>test_adrset2</nc:name></nc:address-set><nc:description>test description</nc:description></nc:address-set></n'
# 'c:address-book><nc:advance-policy-based-routing-profile><nc:profile>test_profile</nc:profile></nc:advance-policy-based-routing-p'
# 'rofile><nc:application-tracking/><nc:description>test description</nc:description><nc:enable-reverse-reroute/><nc:host-inbound-t'
# 'raffic><nc:protocols><nc:name>all</nc:name></nc:protocols><nc:protocols><nc:name>bgp</nc:name><nc:except/></nc:protocols><nc:sys'
# 'tem-services><nc:name>all</nc:name></nc:system-services><nc:system-services><nc:name>dhcp</nc:name><nc:except/></nc:system-servi'
# 'ces></nc:host-inbound-traffic><nc:interfaces><nc:name>ge-0/0/3.0</nc:name></nc:interfaces><nc:interfaces><nc:name>ge-0/0/4.0</nc'
# ':name></nc:interfaces><nc:screen>test_screen</nc:screen><nc:source-identity-log/><nc:tcp-rst/></nc:security-zone></nc:zones></nc'
# ':security>'

# After state
# -----------
#
# vagrant@vsrx# show system ntp
# functional-zone management {
#     interfaces {
#         ge-0/0/1.0;
#         ge-0/0/2.0;
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     description "test description";
# }
# security-zone test_sec_zone1 {
#     description "test description";
#     tcp-rst;
#     address-book {
#         address test_adr1 {
#             description "test desc";
#             10.0.0.0/24;
#         }
#         address test_adr2 {
#             dns-name 1.1.1.1 {
#                 ipv6-only;
#             }
#         }
#         address test_adr3 {
#             range-address 10.2.0.1 {
#                 to {
#                     10.2.0.2;
#                 }
#             }
#         }
#         address test_adr4 {
#             wildcard-address 10.3.0.1/24;
#         }
#         address test_adr5 {
#             description "test desc";
#             10.1.0.0/24;
#         }
#         address-set test_adrset1 {
#             address test_adr1;
#             address test_adr2;
#         }
#         address-set test_adrset2 {
#             address test_adr3;
#             address test_adr4;
#         }
#         address-set test_adrset3 {
#             description "test description";
#             address test_adr5;
#             address-set test_adrset1;
#             address-set test_adrset2;
#         }
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     interfaces {
#         ge-0/0/3.0;
#         ge-0/0/4.0;
#     }
#     application-tracking;
#     source-identity-log;
#     advance-policy-based-routing-profile {
#         test_profile;
#     }
#     enable-reverse-reroute;
# }
#
#
# Using Replaced
# Before state
# ------------
#
# vagrant@vsrx# show security zones
# functional-zone management {
#     interfaces {
#         ge-0/0/1.0;
#         ge-0/0/2.0;
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     description "test description";
# }
# security-zone test_sec_zone1 {
#     description "test description";
#     tcp-rst;
#     address-book {
#         address test_adr1 {
#             description "test desc";
#             10.0.0.0/24;
#         }
#         address test_adr2 {
#             dns-name 1.1.1.1 {
#                 ipv6-only;
#             }
#         }
#         address test_adr3 {
#             range-address 10.2.0.1 {
#                 to {
#                     10.2.0.2;
#                 }
#             }
#         }
#         address test_adr4 {
#             wildcard-address 10.3.0.1/24;
#         }
#         address test_adr5 {
#             description "test desc";
#             10.1.0.0/24;
#         }
#         address-set test_adrset1 {
#             address test_adr1;
#             address test_adr2;
#         }
#         address-set test_adrset2 {
#             address test_adr3;
#             address test_adr4;
#         }
#         address-set test_adrset3 {
#             description "test description";
#             address test_adr5;
#             address-set test_adrset1;
#             address-set test_adrset2;
#         }
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     interfaces {
#         ge-0/0/3.0;
#         ge-0/0/4.0;
#     }
#     application-tracking;
#     source-identity-log;
#     advance-policy-based-routing-profile {
#         test_profile;
#     }
#     enable-reverse-reroute;
# }
#
#

- name: Replaced running security zones configuration with provided configuration
  junipernetworks.junos.junos_security_zones:
    config:
      functional_zone_management:
        description: test description
        host_inbound_traffic:
          protocols:
            - name: all
            - name: bgp
              except: true
          system_services:
            - name: all
            - except: true
              name: dhcp
          interfaces:
            - ge-0/0/1.0
            - ge-0/0/2.0
        screen: test_screen
    state: replaced
#
# -------------------------
# Module Execution Result
# -------------------------
# "after": {
#     "functional_zone_management": {
#         "description": "test description",
#         "host_inbound_traffic": {
#             "protocols": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "bgp"
#                 }
#             ],
#             "system_services": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "dhcp"
#                 }
#             ]
#         },
#         "interfaces": [
#             "ge-0/0/1.0",
#             "ge-0/0/2.0"
#         ],
#         "screen": "test_screen"
#     }
# },
# "before": {
#     "functional_zone_management": {
#         "description": "test description",
#         "host_inbound_traffic": {
#             "protocols": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "bgp"
#                 }
#             ],
#             "system_services": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "dhcp"
#                 }
#             ]
#         },
#         "interfaces": [
#             "ge-0/0/1.0",
#             "ge-0/0/2.0"
#         ],
#         "screen": "test_screen"
#     },
#     "security_zones": [
#         {
#             "address_book": {
#                 "address_sets": [
#                     {
#                         "addresses": [
#                             "test_adr1",
#                             "test_adr2"
#                         ],
#                         "name": "test_adrset1"
#                     },
#                     {
#                         "addresses": [
#                             "test_adr3",
#                             "test_adr4"
#                         ],
#                         "name": "test_adrset2"
#                     },
#                     {
#                         "address_sets": [
#                             "test_adrset1",
#                             "test_adrset2"
#                         ],
#                         "addresses": [
#                             "test_adr5"
#                         ],
#                         "description": "test description",
#                         "name": "test_adrset3"
#                     }
#                 ],
#                 "addresses": [
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.0.0.0/24",
#                         "name": "test_adr1"
#                     },
#                     {
#                         "dns_name": {
#                             "ipv6_only": true,
#                             "name": "1.1.1.1"
#                         },
#                         "name": "test_adr2"
#                     },
#                     {
#                         "name": "test_adr3",
#                         "range_address": {
#                             "from": "10.2.0.1",
#                             "to": "10.2.0.2"
#                         }
#                     },
#                     {
#                         "name": "test_adr4",
#                         "wildcard_address": "10.3.0.1/24"
#                     },
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.1.0.0/24",
#                         "name": "test_adr5"
#                     }
#                 ]
#             },
#             "advance_policy_based_routing_profile": "test_profile",
#             "application_tracking": true,
#             "description": "test description",
#             "enable_reverse_reroute": true,
#             "host_inbound_traffic": {
#                 "protocols": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "bgp"
#                     }
#                 ],
#                 "system_services": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "dhcp"
#                     }
#                 ]
#             },
#             "interfaces": [
#                 "ge-0/0/3.0",
#                 "ge-0/0/4.0"
#             ],
#             "name": "test_sec_zone1",
#             "screen": "test_screen",
#             "source_identity_log": true,
#             "tcp_rst": true
#         }
#     ]
# },
# "changed": true,
# "commands":
# '<nc:security xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:zones delete="delete"/><nc:zones><nc:functional-zone><nc'
# ':management><nc:description>test description</nc:description><nc:host-inbound-traffic><nc:protocols><nc:name>all</nc:name></nc:p'
# 'rotocols><nc:protocols><nc:name>bgp</nc:name><nc:except/></nc:protocols><nc:system-services><nc:name>all</nc:name></nc:system-se'
# 'rvices><nc:system-services><nc:name>dhcp</nc:name><nc:except/></nc:system-services></nc:host-inbound-traffic><nc:interfaces><nc:'
# 'name>ge-0/0/1.0</nc:name></nc:interfaces><nc:interfaces><nc:name>ge-0/0/2.0</nc:name></nc:interfaces><nc:screen>test_screen</nc:'
# 'screen></nc:management></nc:functional-zone></nc:zones></nc:security>'
#
#
# After state
# -----------
#
# vagrant@vsrx# show system ntp
# functional-zone management {
#     interfaces {
#         ge-0/0/1.0;
#         ge-0/0/2.0;
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     description "test description";
# }
#
#
# Using overridden
#
# Before state
# ------------
#
# vagrant@vsrx# show security zones
# functional-zone management {
#     interfaces {
#         ge-0/0/1.0;
#         ge-0/0/2.0;
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     description "test description";
# }
# security-zone test_sec_zone1 {
#     description "test description";
#     tcp-rst;
#     address-book {
#         address test_adr1 {
#             description "test desc";
#             10.0.0.0/24;
#         }
#         address test_adr2 {
#             dns-name 1.1.1.1 {
#                 ipv6-only;
#             }
#         }
#         address test_adr3 {
#             range-address 10.2.0.1 {
#                 to {
#                     10.2.0.2;
#                 }
#             }
#         }
#         address test_adr4 {
#             wildcard-address 10.3.0.1/24;
#         }
#         address test_adr5 {
#             description "test desc";
#             10.1.0.0/24;
#         }
#         address-set test_adrset1 {
#             address test_adr1;
#             address test_adr2;
#         }
#         address-set test_adrset2 {
#             address test_adr3;
#             address test_adr4;
#         }
#         address-set test_adrset3 {
#             description "test description";
#             address test_adr5;
#             address-set test_adrset1;
#             address-set test_adrset2;
#         }
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     interfaces {
#         ge-0/0/3.0;
#         ge-0/0/4.0;
#     }
#     application-tracking;
#     source-identity-log;
#     advance-policy-based-routing-profile {
#         test_profile;
#     }
#     enable-reverse-reroute;
# }
#
#

- name: Override running security zones configuration with provided configuration
  junipernetworks.junos.junos_security_zones:
    config:
      functional_zone_management:
        description: test description
        host_inbound_traffic:
          protocols:
            - name: all
            - name: bgp
              except: true
          system_services:
            - name: all
            - except: true
              name: dhcp
        interfaces:
          - ge-0/0/1.0
          - ge-0/0/2.0
        screen: test_screen
    state: overridden
#
# -------------------------
# Module Execution Result
# -------------------------
# "after": {
#     "functional_zone_management": {
#         "description": "test description",
#         "host_inbound_traffic": {
#             "protocols": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "bgp"
#                 }
#             ],
#             "system_services": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "dhcp"
#                 }
#             ]
#         },
#         "interfaces": [
#             "ge-0/0/1.0",
#             "ge-0/0/2.0"
#         ],
#         "screen": "test_screen"
#     }
# },
# "before": {
#     "functional_zone_management": {
#         "description": "test description",
#         "host_inbound_traffic": {
#             "protocols": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "bgp"
#                 }
#             ],
#             "system_services": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "dhcp"
#                 }
#             ]
#         },
#         "interfaces": [
#             "ge-0/0/1.0",
#             "ge-0/0/2.0"
#         ],
#         "screen": "test_screen"
#     },
#     "security_zones": [
#         {
#             "address_book": {
#                 "address_sets": [
#                     {
#                         "addresses": [
#                             "test_adr1",
#                             "test_adr2"
#                         ],
#                         "name": "test_adrset1"
#                     },
#                     {
#                         "addresses": [
#                             "test_adr3",
#                             "test_adr4"
#                         ],
#                         "name": "test_adrset2"
#                     },
#                     {
#                         "address_sets": [
#                             "test_adrset1",
#                             "test_adrset2"
#                         ],
#                         "addresses": [
#                             "test_adr5"
#                         ],
#                         "description": "test description",
#                         "name": "test_adrset3"
#                     }
#                 ],
#                 "addresses": [
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.0.0.0/24",
#                         "name": "test_adr1"
#                     },
#                     {
#                         "dns_name": {
#                             "ipv6_only": true,
#                             "name": "1.1.1.1"
#                         },
#                         "name": "test_adr2"
#                     },
#                     {
#                         "name": "test_adr3",
#                         "range_address": {
#                             "from": "10.2.0.1",
#                             "to": "10.2.0.2"
#                         }
#                     },
#                     {
#                         "name": "test_adr4",
#                         "wildcard_address": "10.3.0.1/24"
#                     },
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.1.0.0/24",
#                         "name": "test_adr5"
#                     }
#                 ]
#             },
#             "advance_policy_based_routing_profile": "test_profile",
#             "application_tracking": true,
#             "description": "test description",
#             "enable_reverse_reroute": true,
#             "host_inbound_traffic": {
#                 "protocols": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "bgp"
#                     }
#                 ],
#                 "system_services": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "dhcp"
#                     }
#                 ]
#             },
#             "interfaces": [
#                 "ge-0/0/3.0",
#                 "ge-0/0/4.0"
#             ],
#             "name": "test_sec_zone1",
#             "screen": "test_screen",
#             "source_identity_log": true,
#             "tcp_rst": true
#         }
#     ]
# },
# "changed": true,
# "commands":
# '<nc:security xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:zones delete="delete"/><nc:zones><nc:functional-zone><nc'
# ':management><nc:description>test description</nc:description><nc:host-inbound-traffic><nc:protocols><nc:name>all</nc:name></nc:p'
# 'rotocols><nc:protocols><nc:name>bgp</nc:name><nc:except/></nc:protocols><nc:system-services><nc:name>all</nc:name></nc:system-se'
# 'rvices><nc:system-services><nc:name>dhcp</nc:name><nc:except/></nc:system-services></nc:host-inbound-traffic><nc:interfaces><nc:'
# 'name>ge-0/0/1.0</nc:name></nc:interfaces><nc:interfaces><nc:name>ge-0/0/2.0</nc:name></nc:interfaces><nc:screen>test_screen</nc:'
# 'screen></nc:management></nc:functional-zone></nc:zones></nc:security>'
#
#
# After state
# -----------
#
# vagrant@vsrx# show system ntp
# functional-zone management {
#     interfaces {
#         ge-0/0/1.0;
#         ge-0/0/2.0;
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     description "test description";
# }
#
#
# Using deleted
#
# Before state
# ------------
#
# vagrant@vsrx# show security zones
# functional-zone management {
#     interfaces {
#         ge-0/0/1.0;
#         ge-0/0/2.0;
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     description "test description";
# }
#
#
- name: Delete running security zones configuration
  junipernetworks.junos.junos_security_zones:
    config:
    state: deleted
#
# -------------------------
# Module Execution Result
# -------------------------
#     "after": {},
#     "before": {
#     "functional_zone_management": {
#         "description": "test description",
#         "host_inbound_traffic": {
#             "protocols": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "bgp"
#                 }
#             ],
#             "system_services": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "dhcp"
#                 }
#             ]
#         },
#         "interfaces": [
#             "ge-0/0/1.0",
#             "ge-0/0/2.0"
#         ],
#         "screen": "test_screen"
#     }
# },
# "changed": true,
# "commands":
#   "<nc:security xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">"
#   "<nc:zones delete="delete"/></nc:security>"
#
#
# After state
# -----------
#
# vagrant@vsrx# show security zones
#
# [edit]
# Using gathered
#
# Before state
# ------------
#
# vagrant@vsrx# show system ntp
# functional-zone management {
#     interfaces {
#         ge-0/0/1.0;
#         ge-0/0/2.0;
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     description "test description";
# }
# security-zone test_sec_zone1 {
#     description "test description";
#     tcp-rst;
#     address-book {
#         address test_adr1 {
#             description "test desc";
#             10.0.0.0/24;
#         }
#         address test_adr2 {
#             dns-name 1.1.1.1 {
#                 ipv6-only;
#             }
#         }
#         address test_adr3 {
#             range-address 10.2.0.1 {
#                 to {
#                     10.2.0.2;
#                 }
#             }
#         }
#         address test_adr4 {
#             wildcard-address 10.3.0.1/24;
#         }
#         address test_adr5 {
#             description "test desc";
#             10.1.0.0/24;
#         }
#         address-set test_adrset1 {
#             address test_adr1;
#             address test_adr2;
#         }
#         address-set test_adrset2 {
#             address test_adr3;
#             address test_adr4;
#         }
#         address-set test_adrset3 {
#             description "test description";
#             address test_adr5;
#             address-set test_adrset1;
#             address-set test_adrset2;
#         }
#     }
#     screen test_screen;
#     host-inbound-traffic {
#         system-services {
#             all;
#             dhcp {
#                 except;
#             }
#         }
#         protocols {
#             all;
#             bgp {
#                 except;
#             }
#         }
#     }
#     interfaces {
#         ge-0/0/3.0;
#         ge-0/0/4.0;
#     }
#     application-tracking;
#     source-identity-log;
#     advance-policy-based-routing-profile {
#         test_profile;
#     }
#     enable-reverse-reroute;
# }
- name: Gather running security zones configuration
  junipernetworks.junos.junos_security_zones:
    state: gathered
#
# -------------------------
# Module Execution Result
# -------------------------
# "gathered": {
#     "functional_zone_management": {
#         "description": "test description",
#         "host_inbound_traffic": {
#             "protocols": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "bgp"
#                 }
#             ],
#             "system_services": [
#                 {
#                     "name": "all"
#                 },
#                 {
#                     "except": true,
#                     "name": "dhcp"
#                 }
#             ]
#         },
#         "interfaces": [
#             "ge-0/0/1.0",
#             "ge-0/0/2.0"
#         ],
#         "screen": "test_screen"
#     },
#     "security_zones": [
#         {
#             "address_book": {
#                 "address_sets": [
#                     {
#                         "addresses": [
#                             "test_adr1",
#                             "test_adr2"
#                         ],
#                         "name": "test_adrset1"
#                     },
#                     {
#                         "addresses": [
#                             "test_adr3",
#                             "test_adr4"
#                         ],
#                         "name": "test_adrset2"
#                     },
#                     {
#                         "address_sets": [
#                             "test_adrset1",
#                             "test_adrset2"
#                         ],
#                         "addresses": [
#                             "test_adr5"
#                         ],
#                         "description": "test description",
#                         "name": "test_adrset3"
#                     }
#                 ],
#                 "addresses": [
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.0.0.0/24",
#                         "name": "test_adr1"
#                     },
#                     {
#                         "dns_name": {
#                             "ipv6_only": true,
#                             "name": "1.1.1.1"
#                         },
#                         "name": "test_adr2"
#                     },
#                     {
#                         "name": "test_adr3",
#                         "range_address": {
#                             "from": "10.2.0.1",
#                             "to": "10.2.0.2"
#                         }
#                     },
#                     {
#                         "name": "test_adr4",
#                         "wildcard_address": "10.3.0.1/24"
#                     },
#                     {
#                         "description": "test desc",
#                         "ip_prefix": "10.1.0.0/24",
#                         "name": "test_adr5"
#                     }
#                 ]
#             },
#             "advance_policy_based_routing_profile": "test_profile",
#             "application_tracking": true,
#             "description": "test description",
#             "enable_reverse_reroute": true,
#             "host_inbound_traffic": {
#                 "protocols": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "bgp"
#                     }
#                 ],
#                 "system_services": [
#                     {
#                         "name": "all"
#                     },
#                     {
#                         "except": true,
#                         "name": "dhcp"
#                     }
#                 ]
#             },
#             "interfaces": [
#                 "ge-0/0/3.0",
#                 "ge-0/0/4.0"
#             ],
#             "name": "test_sec_zone1",
#             "screen": "test_screen",
#             "source_identity_log": true,
#             "tcp_rst": true
#         }
#     ]
# }
# "changed": false,
#
#
# Using rendered
#
# Before state
# ------------
#
- name: Render xml for provided facts.
  junipernetworks.junos.junos_security_zones:
    config:
      functional_zone_management:
        description: test description
        host_inbound_traffic:
          protocols:
            - name: all
            - name: bgp
              except: true
          system_services:
            - name: all
            - except: true
              name: dhcp
        interfaces:
          - ge-0/0/1.0
          - ge-0/0/2.0
        screen: test_screen
      security_zones:
        - address_book:
            address_sets:
              - addresses:
                  - test_adr1
                  - test_adr2
                name: test_adrset1
              - addresses:
                  - test_adr3
                  - test_adr4
                name: test_adrset2
              - address_sets:
                  - test_adrset1
                  - test_adrset2
              - addresses:
                  - test_adr5
                description: test description
                name: test_adrset3
            addresses:
              - description: test desc
                ip_prefix: 10.0.0.0/24
                name: test_adr1
              - dns_name:
                  ipv6_only: true
                  name: 1.1.1.1
                name: test_adr2
              - name: test_adr3
                range_address:
                  from: 10.2.0.1
                  to: 10.2.0.2
              - name: test_adr4
                wildcard_address: 10.3.0.1/24
              - description: test desc
                ip_prefix: 10.1.0.0/24
                name: test_adr5
          advance_policy_based_routing_profile: test_profile
          application_tracking: true
          description: test description
          enable_reverse_reroute: true
          host_inbound_traffic:
            protocols:
              - name: all
              - except: true
                name: bgp
            system_services:
              - name: all
              - except: true
                name: dhcp
          interfaces:
            - ge-0/0/3.0
            - ge-0/0/4.0
          name: test_sec_zone1
          screen: test_screen
          source_identity_log: true
          tcp_rst: true
    state: rendered
#
# -------------------------
# Module Execution Result
# -------------------------
# "rendered":
# '<nc:security xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:zones><nc:functional-zone><nc:management><nc:description>t'
# 'est description</nc:description><nc:host-inbound-traffic><nc:protocols><nc:name>all</nc:name></nc:protocols><nc:protocols><nc:na'
# 'me>bgp</nc:name><nc:except/></nc:protocols><nc:system-services><nc:name>all</nc:name></nc:system-services><nc:system-services><n'
# 'c:name>dhcp</nc:name><nc:except/></nc:system-services></nc:host-inbound-traffic><nc:interfaces><nc:name>ge-0/0/1.0</nc:name></nc'
# ':interfaces><nc:interfaces><nc:name>ge-0/0/2.0</nc:name></nc:interfaces><nc:screen>test_screen</nc:screen></nc:management></nc:f'
# 'unctional-zone><nc:security-zone><nc:name>test_sec_zone1</nc:name><nc:address-book><nc:address><nc:name>test_adr1</nc:name><nc:i'
# 'p-prefix>10.0.0.0/24</nc:ip-prefix><nc:description>test desc</nc:description></nc:address><nc:address><nc:name>test_adr2</nc:nam'
# 'e><nc:dns-name><nc:name>1.1.1.1</nc:name><nc:ipv6-only/></nc:dns-name></nc:address><nc:address><nc:name>test_adr3</nc:name><nc:r'
# 'ange-address><nc:name>10.2.0.1</nc:name><nc:to><nc:range-high>10.2.0.2</nc:range-high></nc:to></nc:range-address></nc:address><n'
# 'c:address><nc:name>test_adr4</nc:name><nc:wildcard-address><nc:name>10.3.0.1/24</nc:name></nc:wildcard-address></nc:address><nc:'
# 'address><nc:name>test_adr5</nc:name><nc:ip-prefix>10.1.0.0/24</nc:ip-prefix><nc:description>test desc</nc:description></nc:addre'
# 'ss><nc:address-set><nc:name>test_adrset1</nc:name><nc:address><nc:name>test_adr1</nc:name></nc:address><nc:address><nc:name>test'
# '_adr2</nc:name></nc:address></nc:address-set><nc:address-set><nc:name>test_adrset2</nc:name><nc:address><nc:name>test_adr3</nc:n'
# 'ame></nc:address><nc:address><nc:name>test_adr4</nc:name></nc:address></nc:address-set><nc:address-set><nc:name>test_adrset3</nc'
# ':name><nc:address><nc:name>test_adr5</nc:name></nc:address><nc:address-set><nc:name>test_adrset1</nc:name></nc:address-set><nc:a'
# 'ddress-set><nc:name>test_adrset2</nc:name></nc:address-set><nc:description>test description</nc:description></nc:address-set></n'
# 'c:address-book><nc:advance-policy-based-routing-profile><nc:profile>test_profile</nc:profile></nc:advance-policy-based-routing-p'
# 'rofile><nc:application-tracking/><nc:description>test description</nc:description><nc:enable-reverse-reroute/><nc:host-inbound-t'
# 'raffic><nc:protocols><nc:name>all</nc:name></nc:protocols><nc:protocols><nc:name>bgp</nc:name><nc:except/></nc:protocols><nc:sys'
# 'tem-services><nc:name>all</nc:name></nc:system-services><nc:system-services><nc:name>dhcp</nc:name><nc:except/></nc:system-servi'
# 'ces></nc:host-inbound-traffic><nc:interfaces><nc:name>ge-0/0/3.0</nc:name></nc:interfaces><nc:interfaces><nc:name>ge-0/0/4.0</nc'
# ':name></nc:interfaces><nc:screen>test_screen</nc:screen><nc:source-identity-log/><nc:tcp-rst/></nc:security-zone></nc:zones></nc'
# ':security>'
#
# Using parsed
# parsed.cfg
# ------------
# <?xml version="1.0" encoding="UTF-8"?>
# <rpc-reply message-id="urn:uuid:0cadb4e8-5bba-47f4-986e-72906227007f">
#     <configuration changed-seconds="1590139550" changed-localtime="2020-05-22 09:25:50 UTC">
#         <version>18.4R1-S2.4</version>
#         <security>
#             <zones>
#                 <functional-zone>
#                     <management>
#                         <description>test description</description>
#                         <host-inbound-traffic>
#                             <protocols>
#                                 <name>all</name>
#                             </protocols>
#                             <protocols>
#                                 <name>bgp</name>
#                                 <except />
#                             </protocols>
#                             <system-services>
#                                 <name>all</name>
#                             </system-services>
#                             <system-services>
#                                 <name>dhcp</name>
#                                 <except />
#                             </system-services>
#                         </host-inbound-traffic>
#                         <interfaces>
#                             <name>ge-0/0/1.0</name>
#                         </interfaces>
#                         <interfaces>
#                             <name>ge-0/0/2.0</name>
#                         </interfaces>
#                         <screen>test_screen</screen>
#                     </management>
#                 </functional-zone>
#                 <security-zone>
#                     <name>test_sec_zone1</name>
#                     <address-book>
#                         <address>
#                             <name>test_adr1</name>
#                             <ip-prefix>10.0.0.0/24</ip-prefix>
#                             <description>test desc</description>
#                         </address>
#                         <address>
#                             <name>test_adr2</name>
#                             <dns-name>
#                                 <name>1.1.1.1</name>
#                                 <ipv6-only />
#                             </dns-name>
#                         </address>
#                         <address>
#                             <name>test_adr3</name>
#                             <range-address>
#                                 <name>10.2.0.1</name>
#                                 <to>
#                                     <range-high>10.2.0.2</range-high>
#                                 </to>
#                             </range-address>
#                         </address>
#                         <address>
#                             <name>test_adr4</name>
#                             <wildcard-address>
#                                 <name>10.3.0.1/24</name>
#                             </wildcard-address>
#                         </address>
#                         <address>
#                             <name>test_adr5</name>
#                             <ip-prefix>10.1.0.0/24</ip-prefix>
#                             <description>test desc</description>
#                         </address>
#                         <address-set>
#                             <name>test_adrset1</name>
#                             <address>
#                                 <name>test_adr1</name>
#                             </address>
#                             <address>
#                                 <name>test_adr2</name>
#                             </address>
#                         </address-set>
#                         <address-set>
#                             <name>test_adrset2</name>
#                             <address>
#                                 <name>test_adr3</name>
#                             </address>
#                             <address>
#                                 <name>test_adr4</name>
#                             </address>
#                         </address-set>
#                         <address-set>
#                             <name>test_adrset3</name>
#                             <address>
#                                 <name>test_adr5</name>
#                             </address>
#                             <address-set>
#                                 <name>test_adrset1</name>
#                             </address-set>
#                             <address-set>
#                                 <name>test_adrset2</name>
#                             </address-set>
#                             <description>test description</description>
#                         </address-set>
#                     </address-book>
#                     <advance-policy-based-routing-profile>
#                         <profile>test_profile</profile>
#                     </advance-policy-based-routing-profile>
#                     <application-tracking />
#                     <description>test description</description>
#                     <enable-reverse-reroute />
#                     <host-inbound-traffic>
#                         <protocols>
#                             <name>all</name>
#                         </protocols>
#                         <protocols>
#                             <name>bgp</name>
#                             <except />
#                         </protocols>
#                         <system-services>
#                             <name>all</name>
#                         </system-services>
#                         <system-services>
#                             <name>dhcp</name>
#                             <except />
#                         </system-services>
#                     </host-inbound-traffic>
#                     <interfaces>
#                         <name>ge-0/0/3.0</name>
#                     </interfaces>
#                     <interfaces>
#                         <name>ge-0/0/4.0</name>
#                     </interfaces>
#                     <screen>test_screen</screen>
#                     <source-identity-log />
#                     <tcp-rst />
#                 </security-zone>
#             </zones>
#         </security>
#     </configuration>
# </rpc-reply>
#
- name: Parse security zones running config
  junipernetworks.junos.junos_security_zones:
    running_config: "{{ lookup('file', './parsed.cfg') }}"
    state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed":  {
#     "functional_zone_management": {
#         "description": "test description 2",
#         "host_inbound_traffic": {
#             "protocols": [{"name": "all"}, {"except": True, "name": "bgp"}, {"except": True, "name": "bfd"}],
#             "system_services": [{"name": "all"}, {"except": True, "name": "dhcp"}, {"except": True, "name": "dhcpv6"}],
#         },
#         "interfaces": ["ge-0/0/1.0", "ge-0/0/2.0"],
#         "screen": "test_screen",
#     },
#     "security_zones": [
#         {
#             "address_book": {
#                 "address_sets": [
#                     {"addresses": ["test_adr1", "test_adr2"], "name": "test_adrset1"},
#                     {"addresses": ["test_adr3", "test_adr4"], "name": "test_adrset2"},
#                     {
#                         "address_sets": ["test_adrset1", "test_adrset2"],
#                         "addresses": ["test_adr5"],
#                         "description": "test description",
#                         "name": "test_adrset3",
#                     },
#                 ],
#                 "addresses": [
#                     {"description": "test desc", "ip_prefix": "10.0.0.0/24", "name": "test_adr1"},
#                     {"dns_name": {"ipv6_only": True, "name": "1.1.1.1"}, "name": "test_adr2"},
#                     {"name": "test_adr3", "range_address": {"from": "10.2.0.1", "to": "10.2.0.2"}},
#                     {"name": "test_adr4", "wildcard_address": "10.3.0.1/24"},
#                     {"description": "test desc", "ip_prefix": "10.1.0.0/24", "name": "test_adr5"},
#                 ],
#             },
#             "advance_policy_based_routing_profile": "test_profile",
#             "application_tracking": True,
#             "description": "test description",
#             "enable_reverse_reroute": True,
#             "host_inbound_traffic": {
#                 "protocols": [{"name": "all"}, {"except": True, "name": "bgp"}],
#                 "system_services": [{"name": "all"}, {"except": True, "name": "dhcp"}],
#             },
#             "interfaces": ["ge-0/0/3.0", "ge-0/0/4.0"],
#             "name": "test_sec_zone1",
#             "screen": "test_screen",
#             "source_identity_log": True,
#             "tcp_rst": True,
#         },
#         {"name": "test_sec_zone2", "source_identity_log": True, "tcp_rst": True},
#     ],
# }
#
#

返回值

常用返回值已在 此处 记录，以下是此模块特有的字段

键	描述
after 字典	模块执行后的最终配置。 返回：发生更改时 示例： "This output will always be in the same format as the module argspec.\n"
before 字典	模块执行前的配置。 返回：当状态为 merged、replaced、overridden、deleted 或 purged 时 示例： "This output will always be in the same format as the module argspec.\n"
commands 列表 / 元素=字符串	推送到远程设备的命令集。 返回：当状态为 merged、replaced、overridden、deleted 或 purged 时 示例： ["<rpc-reply> <configuration> <security> <policies> <global> <policy> <name>test_glob_1</name> <match> <source-address>any-ipv6</source-address> <destination-address>any-ipv6</destination-address> <application>any</application> </match> <then> <deny /> </then> </policy> </global> </policies> </security> </configuration> </rpc-reply>"]
gathered 字典	从远程设备收集的关于网络资源的事实信息，以结构化数据形式呈现。 返回：当状态为 gathered 时 示例： "This output will always be in the same format as the module argspec.\n"
parsed 字典	根据模块 argspec 将 running_config 选项中提供的设备原生配置解析为结构化数据。 返回：当状态为 parsed 时 示例： "This output will always be in the same format as the module argspec.\n"
rendered 字典	以设备原生格式（离线）呈现任务中提供的配置。 返回：当状态为 rendered 时 示例： ["<rpc-reply> <configuration> <security> <policies> <global> <policy> <name>test_glob_1</name> <match> <source-address>any-ipv6</source-address> <destination-address>any-ipv6</destination-address> <application>any</application> </match> <then> <deny /> </then> </policy> </global> </policies> </security> </configuration> </rpc-reply>"]

作者

• Pranav Bhatt (@pranav-bhatt)

资源链接

• 问题追踪
• 代码库 (源码)