Delete switch configuration when the switch is deleted from PacketFence

inverse-inc · Jul 11, 2024 · aef3559 · aef3559
1 parent 8c8a68e
commit aef3559
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 22 deletions.
diff --git a/conf/pfsetacls/switch_acls.yml b/conf/pfsetacls/switch_acls.yml
@@ -45,6 +45,7 @@
 [% END %]
 [% END %]
 
+[% IF delete == 0 %]
 [% FOREACH role IN interfaces.keys %]
 [% FOREACH interface IN interfaces.$role %]
     - name: Merge module attributes of given access-groups
@@ -61,3 +62,4 @@
       when: ansible_network_os == 'cisco.ios.ios'
 [% END %]
 [% END %]
+[% END %]
diff --git a/lib/pf/Switch.pm b/lib/pf/Switch.pm
@@ -4357,8 +4357,8 @@ Generate Ansible configuration to push ACLs
 
 =cut
 
-sub generateAnsibleConfiguration {
     my ($self,$oldSwitchConfig, $delete) = @_;
+    $delete //= $FALSE;
     my %vars;
     umask(0002);
     my $tt = Template->new(
@@ -4395,31 +4395,40 @@ sub generateAnsibleConfiguration {
             case /Aruba::CX/ { $vars{'switches'}{$switch_id}{'ansible_network_os'} = "arubanetworks.aoscx.aoscx" }
     }
 
-    # Remove
-    my %diff;
-    foreach my $old_role_interface (@{$oldSwitchConfig->{InterfaceMapping}}) {
-        #Old interface list
-        my @oldinterfaces = uniq split(',',$old_role_interface->{interface});
-        my $newinterfaces = $self->getInterfaceByName($old_role_interface->{role});
-        if ($newinterfaces) {
-            # New interface list
-            my @newinterfaces = uniq split(',',$newinterfaces);
-            @diff{ @oldinterfaces } = @oldinterfaces;
-            delete @diff{ @newinterfaces };
-            @oldinterfaces = uniq %diff;
-        }
-        if (@oldinterfaces) {
-            $vars{'switches'}{$switch_id}{'interfaces_delete'}{$old_role_interface->{role}} = \@oldinterfaces;
-        }
-    }
-
     foreach my $role (keys %ConfigRoles) {
         my $acls = $self->getRoleAccessListByName($role);
         my $interfaces = $self->getInterfaceByName($role);
         if ($interfaces) {
             my @interfaces = split(',',$interfaces);
-            $vars{'switches'}{$switch_id}{'interfaces'}{$role} = \@interfaces;
+            if ($delete) {
+                $vars{'switches'}{$switch_id}{'interfaces_delete'}{$role} = \@interfaces;
+            } else {
+                $vars{'switches'}{$switch_id}{'interfaces'}{$role} = \@interfaces;
+            }
+        }
+    }
+    if (!$delete) {
+        # Remove useless acl on old interfaces
+        my %diff;
+        foreach my $old_role_interface (@{$oldSwitchConfig->{InterfaceMapping}}) {
+            #Old interface list
+            my @oldinterfaces = uniq split(',',$old_role_interface->{interface});
+            my $newinterfaces = $self->getInterfaceByName($old_role_interface->{role});
+            if ($newinterfaces) {
+                # New interface list
+                my @newinterfaces = uniq split(',',$newinterfaces);
+                @diff{ @oldinterfaces } = @oldinterfaces;
+                delete @diff{ @newinterfaces };
+                @oldinterfaces = uniq %diff;
+            }
+            if (@oldinterfaces) {
+                $vars{'switches'}{$switch_id}{'interfaces_delete'}{$old_role_interface->{role}} = \@oldinterfaces;
+            }
         }
+    }
+
+    foreach my $role (keys %ConfigRoles) {
+        my $acls = $self->getRoleAccessListByName($role);
         if (defined($acls)) {
             my $out_acls;
             my $in_acls;

diff --git a/lib/pf/UnifiedApi/Controller/Config.pm b/lib/pf/UnifiedApi/Controller/Config.pm
@@ -537,7 +537,7 @@ sub remove {
 
 sub post_remove { }
 
-sub pre_remove {}
+sub pre_remove { }
 
 sub addFormWarnings {
     my ($self, $form, $response) = @_;

diff --git a/lib/pf/UnifiedApi/Controller/Config/Switches.pm b/lib/pf/UnifiedApi/Controller/Config/Switches.pm
@@ -28,6 +28,7 @@ use pf::ConfigStore::SwitchGroup;
 use pfappserver::Form::Config::Switch;
 use pf::db;
 use List::Util qw(first);
+use pf::constants qw($TRUE $FALSE);
 
 BEGIN {
     local $pf::db::NO_DIE_ON_DBH_ERROR = 1;
@@ -81,7 +82,7 @@ sub post_update {
     my ($self, $switch_id, $old) = @_;
     my $switch = pf::SwitchFactory->instantiate($switch_id);
     if ($switch) {
-        $switch->generateAnsibleConfiguration($old);
+        $switch->generateAnsibleConfiguration($old,$FALSE);
     }
 }