From a453ac31f3428614cceb99027f8efbdb9258a40b Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 14 May 2024 22:03:01 +0200 Subject: Adding upstream version 2.10.7+merged+base+2.10.8+dfsg. Signed-off-by: Daniel Baumann --- .../fortinet/fortios/FILES.json | 3400 ++++++++++++++++++++ .../fortinet/fortios/MANIFEST.json | 43 + .../ansible_collections/fortinet/fortios/README.md | 518 +++ .../fortios/examples/httpapi/inventory/hosts | 5 + .../fortinet/fortios/examples/httpapi/readme | 2 + .../fortios/examples/httpapi/set_system_global.yml | 19 + .../fortios/examples/set_firewall_address.yml | 27 + .../examples/set_firewall_address_group.yml | 25 + .../fortinet/fortios/examples/set_firewall_vip.yml | 27 + .../fortinet/fortios/examples/set_system_alias.yml | 23 + .../fortinet/fortios/examples/set_system_dns.yml | 21 + .../fortios/examples/set_system_global.yml | 24 + .../fortinet/fortios/examples/set_system_ha.yml | 24 + .../fortios/examples/set_system_ha_monitor.yml | 21 + .../fortinet/fortios/examples/set_system_ntp.yml | 22 + .../fortinet/fortios/examples/set_system_zone.yml | 27 + .../fortios/plugins/doc_fragments/fortios.py | 63 + .../fortinet/fortios/plugins/httpapi/fortios.py | 219 ++ .../plugins/module_utils/fortimanager/__init__.py | 0 .../plugins/module_utils/fortimanager/common.py | 291 ++ .../module_utils/fortimanager/fortimanager.py | 470 +++ .../plugins/module_utils/fortios/__init__.py | 0 .../module_utils/fortios/argspec/__init__.py | 0 .../module_utils/fortios/argspec/facts/__init__.py | 0 .../module_utils/fortios/argspec/facts/facts.py | 45 + .../fortios/argspec/system/__init__.py | 0 .../module_utils/fortios/argspec/system/system.py | 28 + .../plugins/module_utils/fortios/facts/__init__.py | 0 .../plugins/module_utils/fortios/facts/facts.py | 92 + .../module_utils/fortios/facts/system/__init__.py | 0 .../module_utils/fortios/facts/system/system.py | 63 + .../plugins/module_utils/fortios/fortios.py | 367 +++ .../fortinet/fortios/plugins/modules/__init__.py | 0 .../plugins/modules/fortios_alertemail_setting.py | 596 ++++ .../plugins/modules/fortios_antivirus_heuristic.py | 265 ++ .../plugins/modules/fortios_antivirus_profile.py | 1509 +++++++++ .../modules/fortios_antivirus_quarantine.py | 540 ++++ .../plugins/modules/fortios_antivirus_settings.py | 283 ++ .../plugins/modules/fortios_application_custom.py | 359 +++ .../plugins/modules/fortios_application_group.py | 354 ++ .../plugins/modules/fortios_application_list.py | 701 ++++ .../plugins/modules/fortios_application_name.py | 401 +++ .../modules/fortios_application_rule_settings.py | 302 ++ .../plugins/modules/fortios_authentication_rule.py | 416 +++ .../modules/fortios_authentication_scheme.py | 395 +++ .../modules/fortios_authentication_setting.py | 307 ++ .../plugins/modules/fortios_certificate_ca.py | 357 ++ .../plugins/modules/fortios_certificate_crl.py | 377 +++ .../plugins/modules/fortios_certificate_local.py | 462 +++ .../plugins/modules/fortios_configuration_fact.py | 2285 +++++++++++++ .../plugins/modules/fortios_dlp_filepattern.py | 456 +++ .../plugins/modules/fortios_dlp_fp_doc_source.py | 463 +++ .../plugins/modules/fortios_dlp_fp_sensitivity.py | 303 ++ .../fortios/plugins/modules/fortios_dlp_sensor.py | 613 ++++ .../plugins/modules/fortios_dlp_settings.py | 290 ++ .../modules/fortios_dnsfilter_domain_filter.py | 375 +++ .../plugins/modules/fortios_dnsfilter_profile.py | 492 +++ .../modules/fortios_endpoint_control_client.py | 333 ++ .../fortios_endpoint_control_forticlient_ems.py | 369 +++ ...dpoint_control_forticlient_registration_sync.py | 307 ++ .../modules/fortios_endpoint_control_profile.py | 1200 +++++++ ...tios_endpoint_control_registered_forticlient.py | 319 ++ .../modules/fortios_endpoint_control_settings.py | 365 +++ .../fortios_extender_controller_extender.py | 622 ++++ .../fortios/plugins/modules/fortios_facts.py | 281 ++ .../plugins/modules/fortios_firewall_address.py | 547 ++++ .../plugins/modules/fortios_firewall_address6.py | 513 +++ .../modules/fortios_firewall_address6_template.py | 378 +++ .../plugins/modules/fortios_firewall_addrgrp.py | 401 +++ .../plugins/modules/fortios_firewall_addrgrp6.py | 390 +++ .../modules/fortios_firewall_auth_portal.py | 288 ++ .../modules/fortios_firewall_central_snat_map.py | 436 +++ .../modules/fortios_firewall_dnstranslation.py | 323 ++ .../plugins/modules/fortios_firewall_dos_policy.py | 448 +++ .../modules/fortios_firewall_dos_policy6.py | 448 +++ .../fortios_firewall_identity_based_route.py | 354 ++ .../modules/fortios_firewall_interface_policy.py | 539 ++++ .../modules/fortios_firewall_interface_policy6.py | 539 ++++ .../modules/fortios_firewall_internet_service.py | 399 +++ .../fortios_firewall_internet_service_custom.py | 443 +++ ...rtios_firewall_internet_service_custom_group.py | 304 ++ .../fortios_firewall_internet_service_group.py | 325 ++ .../modules/fortios_firewall_ip_translation.py | 330 ++ .../fortios_firewall_ipmacbinding_setting.py | 285 ++ .../modules/fortios_firewall_ipmacbinding_table.py | 331 ++ .../plugins/modules/fortios_firewall_ippool.py | 403 +++ .../plugins/modules/fortios_firewall_ippool6.py | 321 ++ .../modules/fortios_firewall_ipv6_eh_filter.py | 332 ++ .../modules/fortios_firewall_ldb_monitor.py | 361 +++ .../modules/fortios_firewall_local_in_policy.py | 408 +++ .../modules/fortios_firewall_local_in_policy6.py | 396 +++ .../modules/fortios_firewall_multicast_address.py | 404 +++ .../modules/fortios_firewall_multicast_address6.py | 372 +++ .../modules/fortios_firewall_multicast_policy.py | 426 +++ .../modules/fortios_firewall_multicast_policy6.py | 402 +++ .../plugins/modules/fortios_firewall_policy.py | 1617 ++++++++++ .../plugins/modules/fortios_firewall_policy46.py | 502 +++ .../plugins/modules/fortios_firewall_policy6.py | 1075 +++++++ .../plugins/modules/fortios_firewall_policy64.py | 502 +++ .../modules/fortios_firewall_profile_group.py | 384 +++ .../fortios_firewall_profile_protocol_options.py | 1100 +++++++ .../modules/fortios_firewall_proxy_address.py | 555 ++++ .../modules/fortios_firewall_proxy_addrgrp.py | 401 +++ .../modules/fortios_firewall_proxy_policy.py | 877 +++++ .../modules/fortios_firewall_schedule_group.py | 325 ++ .../modules/fortios_firewall_schedule_onetime.py | 327 ++ .../modules/fortios_firewall_schedule_recurring.py | 360 +++ .../modules/fortios_firewall_service_category.py | 308 ++ .../modules/fortios_firewall_service_custom.py | 562 ++++ .../modules/fortios_firewall_service_group.py | 343 ++ .../fortios_firewall_shaper_per_ip_shaper.py | 363 +++ .../fortios_firewall_shaper_traffic_shaper.py | 371 +++ .../modules/fortios_firewall_shaping_policy.py | 645 ++++ .../modules/fortios_firewall_shaping_profile.py | 362 +++ .../plugins/modules/fortios_firewall_sniffer.py | 620 ++++ .../modules/fortios_firewall_ssh_host_key.py | 375 +++ .../modules/fortios_firewall_ssh_local_ca.py | 332 ++ .../modules/fortios_firewall_ssh_local_key.py | 332 ++ .../modules/fortios_firewall_ssh_setting.py | 313 ++ .../plugins/modules/fortios_firewall_ssl_server.py | 441 +++ .../modules/fortios_firewall_ssl_setting.py | 345 ++ .../modules/fortios_firewall_ssl_ssh_profile.py | 1109 +++++++ .../plugins/modules/fortios_firewall_ttl_policy.py | 379 +++ .../plugins/modules/fortios_firewall_vip.py | 1527 +++++++++ .../plugins/modules/fortios_firewall_vip46.py | 552 ++++ .../plugins/modules/fortios_firewall_vip6.py | 1408 ++++++++ .../plugins/modules/fortios_firewall_vip64.py | 552 ++++ .../plugins/modules/fortios_firewall_vipgrp.py | 344 ++ .../plugins/modules/fortios_firewall_vipgrp46.py | 338 ++ .../plugins/modules/fortios_firewall_vipgrp6.py | 338 ++ .../plugins/modules/fortios_firewall_vipgrp64.py | 338 ++ .../fortios_firewall_wildcard_fqdn_custom.py | 338 ++ .../fortios_firewall_wildcard_fqdn_group.py | 349 ++ .../plugins/modules/fortios_ftp_proxy_explicit.py | 293 ++ .../plugins/modules/fortios_icap_profile.py | 413 +++ .../fortios/plugins/modules/fortios_icap_server.py | 338 ++ .../fortios/plugins/modules/fortios_ips_custom.py | 404 +++ .../fortios/plugins/modules/fortios_ips_decoder.py | 325 ++ .../fortios/plugins/modules/fortios_ips_global.py | 377 +++ .../fortios/plugins/modules/fortios_ips_rule.py | 433 +++ .../plugins/modules/fortios_ips_rule_settings.py | 302 ++ .../fortios/plugins/modules/fortios_ips_sensor.py | 808 +++++ .../plugins/modules/fortios_ips_settings.py | 277 ++ .../plugins/modules/fortios_log_custom_field.py | 314 ++ .../plugins/modules/fortios_log_disk_filter.py | 623 ++++ .../plugins/modules/fortios_log_disk_setting.py | 522 +++ .../plugins/modules/fortios_log_eventfilter.py | 376 +++ .../modules/fortios_log_fortianalyzer2_filter.py | 418 +++ .../modules/fortios_log_fortianalyzer2_setting.py | 410 +++ .../modules/fortios_log_fortianalyzer3_filter.py | 418 +++ .../modules/fortios_log_fortianalyzer3_setting.py | 410 +++ .../modules/fortios_log_fortianalyzer_filter.py | 418 +++ .../fortios_log_fortianalyzer_override_filter.py | 418 +++ .../fortios_log_fortianalyzer_override_setting.py | 433 +++ .../modules/fortios_log_fortianalyzer_setting.py | 410 +++ .../modules/fortios_log_fortiguard_filter.py | 418 +++ .../fortios_log_fortiguard_override_filter.py | 418 +++ .../fortios_log_fortiguard_override_setting.py | 315 ++ .../modules/fortios_log_fortiguard_setting.py | 326 ++ .../plugins/modules/fortios_log_gui_display.py | 285 ++ .../plugins/modules/fortios_log_memory_filter.py | 611 ++++ .../modules/fortios_log_memory_global_setting.py | 277 ++ .../plugins/modules/fortios_log_memory_setting.py | 272 ++ .../modules/fortios_log_null_device_filter.py | 407 +++ .../modules/fortios_log_null_device_setting.py | 263 ++ .../fortios/plugins/modules/fortios_log_setting.py | 460 +++ .../plugins/modules/fortios_log_syslogd2_filter.py | 407 +++ .../modules/fortios_log_syslogd2_setting.py | 415 +++ .../plugins/modules/fortios_log_syslogd3_filter.py | 407 +++ .../modules/fortios_log_syslogd3_setting.py | 415 +++ .../plugins/modules/fortios_log_syslogd4_filter.py | 407 +++ .../modules/fortios_log_syslogd4_setting.py | 415 +++ .../plugins/modules/fortios_log_syslogd_filter.py | 407 +++ .../modules/fortios_log_syslogd_override_filter.py | 407 +++ .../fortios_log_syslogd_override_setting.py | 426 +++ .../plugins/modules/fortios_log_syslogd_setting.py | 415 +++ .../plugins/modules/fortios_log_threat_weight.py | 598 ++++ .../modules/fortios_log_webtrends_filter.py | 407 +++ .../modules/fortios_log_webtrends_setting.py | 269 ++ .../modules/fortios_registration_forticare.py | 289 ++ .../plugins/modules/fortios_registration_vdom.py | 288 ++ .../plugins/modules/fortios_report_chart.py | 856 +++++ .../plugins/modules/fortios_report_dataset.py | 403 +++ .../plugins/modules/fortios_report_layout.py | 867 +++++ .../plugins/modules/fortios_report_setting.py | 300 ++ .../plugins/modules/fortios_report_style.py | 514 +++ .../plugins/modules/fortios_report_theme.py | 497 +++ .../plugins/modules/fortios_router_access_list.py | 365 +++ .../plugins/modules/fortios_router_access_list6.py | 338 ++ .../plugins/modules/fortios_router_aspath_list.py | 315 ++ .../plugins/modules/fortios_router_auth_path.py | 314 ++ .../fortios/plugins/modules/fortios_router_bfd.py | 275 ++ .../fortios/plugins/modules/fortios_router_bfd6.py | 274 ++ .../fortios/plugins/modules/fortios_router_bgp.py | 2405 ++++++++++++++ .../modules/fortios_router_community_list.py | 332 ++ .../fortios/plugins/modules/fortios_router_isis.py | 1067 ++++++ .../plugins/modules/fortios_router_key_chain.py | 316 ++ .../plugins/modules/fortios_router_multicast.py | 747 +++++ .../plugins/modules/fortios_router_multicast6.py | 342 ++ .../modules/fortios_router_multicast_flow.py | 337 ++ .../fortios/plugins/modules/fortios_router_ospf.py | 1129 +++++++ .../plugins/modules/fortios_router_ospf6.py | 781 +++++ .../plugins/modules/fortios_router_policy.py | 496 +++ .../plugins/modules/fortios_router_policy6.py | 382 +++ .../plugins/modules/fortios_router_prefix_list.py | 360 +++ .../plugins/modules/fortios_router_prefix_list6.py | 339 ++ .../fortios/plugins/modules/fortios_router_rip.py | 664 ++++ .../plugins/modules/fortios_router_ripng.py | 617 ++++ .../plugins/modules/fortios_router_route_map.py | 651 ++++ .../plugins/modules/fortios_router_setting.py | 264 ++ .../plugins/modules/fortios_router_static.py | 445 +++ .../plugins/modules/fortios_router_static6.py | 369 +++ .../plugins/modules/fortios_spamfilter_bwl.py | 386 +++ .../plugins/modules/fortios_spamfilter_bword.py | 392 +++ .../plugins/modules/fortios_spamfilter_dnsbl.py | 339 ++ .../modules/fortios_spamfilter_fortishield.py | 280 ++ .../plugins/modules/fortios_spamfilter_iptrust.py | 345 ++ .../plugins/modules/fortios_spamfilter_mheader.py | 356 ++ .../plugins/modules/fortios_spamfilter_options.py | 258 ++ .../plugins/modules/fortios_spamfilter_profile.py | 722 +++++ .../plugins/modules/fortios_ssh_filter_profile.py | 438 +++ .../fortios_switch_controller_802_1x_settings.py | 275 ++ .../fortios_switch_controller_custom_command.py | 293 ++ .../modules/fortios_switch_controller_global.py | 310 ++ .../fortios_switch_controller_igmp_snooping.py | 269 ++ .../fortios_switch_controller_lldp_profile.py | 469 +++ .../fortios_switch_controller_lldp_settings.py | 293 ++ .../fortios_switch_controller_mac_sync_settings.py | 258 ++ .../fortios_switch_controller_managed_switch.py | 1482 +++++++++ ...s_switch_controller_network_monitor_settings.py | 263 ++ .../fortios_switch_controller_qos_dot1p_map.py | 474 +++ .../fortios_switch_controller_qos_ip_dscp_map.py | 388 +++ .../fortios_switch_controller_qos_qos_policy.py | 306 ++ .../fortios_switch_controller_qos_queue_policy.py | 346 ++ .../fortios_switch_controller_quarantine.py | 309 ++ ...ios_switch_controller_security_policy_802_1x.py | 407 +++ ...ch_controller_security_policy_captive_portal.py | 296 ++ .../modules/fortios_switch_controller_sflow.py | 264 ++ .../fortios_switch_controller_storm_control.py | 293 ++ .../fortios_switch_controller_stp_settings.py | 307 ++ .../fortios_switch_controller_switch_group.py | 304 ++ ...rtios_switch_controller_switch_interface_tag.py | 281 ++ .../fortios_switch_controller_switch_log.py | 286 ++ .../fortios_switch_controller_switch_profile.py | 299 ++ .../modules/fortios_switch_controller_system.py | 269 ++ .../fortios_switch_controller_virtual_port_pool.py | 287 ++ .../modules/fortios_switch_controller_vlan.py | 400 +++ .../modules/fortios_system_3g_modem_custom.py | 319 ++ .../plugins/modules/fortios_system_accprofile.py | 878 +++++ .../plugins/modules/fortios_system_admin.py | 1080 +++++++ .../modules/fortios_system_affinity_interrupt.py | 293 ++ ...ortios_system_affinity_packet_redistribution.py | 300 ++ .../plugins/modules/fortios_system_alarm.py | 410 +++ .../plugins/modules/fortios_system_alias.py | 287 ++ .../plugins/modules/fortios_system_api_user.py | 409 +++ .../plugins/modules/fortios_system_arp_table.py | 300 ++ .../plugins/modules/fortios_system_auto_install.py | 287 ++ .../plugins/modules/fortios_system_auto_script.py | 317 ++ .../modules/fortios_system_automation_action.py | 429 +++ .../fortios_system_automation_destination.py | 316 ++ .../modules/fortios_system_automation_stitch.py | 333 ++ .../modules/fortios_system_automation_trigger.py | 410 +++ .../fortios_system_autoupdate_push_update.py | 287 ++ .../modules/fortios_system_autoupdate_schedule.py | 304 ++ .../modules/fortios_system_autoupdate_tunneling.py | 288 ++ .../modules/fortios_system_central_management.py | 461 +++ .../plugins/modules/fortios_system_cluster_sync.py | 433 +++ .../fortios_system_config_backup_restore.py | 472 +++ .../plugins/modules/fortios_system_console.py | 303 ++ .../fortios/plugins/modules/fortios_system_csf.py | 402 +++ .../modules/fortios_system_custom_language.py | 293 ++ .../fortios/plugins/modules/fortios_system_ddns.py | 436 +++ .../modules/fortios_system_dedicated_mgmt.py | 306 ++ .../plugins/modules/fortios_system_dhcp6_server.py | 474 +++ .../plugins/modules/fortios_system_dhcp_server.py | 985 ++++++ .../fortios/plugins/modules/fortios_system_dns.py | 313 ++ .../plugins/modules/fortios_system_dns_database.py | 463 +++ .../plugins/modules/fortios_system_dns_server.py | 300 ++ .../modules/fortios_system_dscp_based_priority.py | 300 ++ .../plugins/modules/fortios_system_email_server.py | 344 ++ .../modules/fortios_system_external_resource.py | 337 ++ .../plugins/modules/fortios_system_fips_cc.py | 294 ++ .../fortios/plugins/modules/fortios_system_fm.py | 316 ++ .../plugins/modules/fortios_system_fortiguard.py | 484 +++ .../plugins/modules/fortios_system_fortimanager.py | 321 ++ .../plugins/modules/fortios_system_fortisandbox.py | 297 ++ .../plugins/modules/fortios_system_fsso_polling.py | 287 ++ .../plugins/modules/fortios_system_ftm_push.py | 275 ++ .../modules/fortios_system_geoip_override.py | 323 ++ .../plugins/modules/fortios_system_global.py | 2030 ++++++++++++ .../plugins/modules/fortios_system_gre_tunnel.py | 406 +++ .../fortios/plugins/modules/fortios_system_ha.py | 904 ++++++ .../plugins/modules/fortios_system_ha_monitor.py | 275 ++ .../plugins/modules/fortios_system_interface.py | 2765 ++++++++++++++++ .../plugins/modules/fortios_system_ipip_tunnel.py | 300 ++ .../modules/fortios_system_ips_urlfilter_dns.py | 303 ++ .../modules/fortios_system_ips_urlfilter_dns6.py | 292 ++ .../modules/fortios_system_ipv6_neighbor_cache.py | 300 ++ .../plugins/modules/fortios_system_ipv6_tunnel.py | 300 ++ .../plugins/modules/fortios_system_link_monitor.py | 463 +++ .../plugins/modules/fortios_system_lte_modem.py | 332 ++ .../modules/fortios_system_mac_address_table.py | 293 ++ .../modules/fortios_system_management_tunnel.py | 326 ++ .../modules/fortios_system_mobile_tunnel.py | 409 +++ .../plugins/modules/fortios_system_modem.py | 681 ++++ .../plugins/modules/fortios_system_nat64.py | 326 ++ .../plugins/modules/fortios_system_netflow.py | 296 ++ .../modules/fortios_system_network_visibility.py | 309 ++ .../fortios/plugins/modules/fortios_system_ntp.py | 373 +++ .../modules/fortios_system_object_tagging.py | 356 ++ .../modules/fortios_system_password_policy.py | 346 ++ .../fortios_system_password_policy_guest_admin.py | 344 ++ .../modules/fortios_system_physical_switch.py | 350 ++ .../modules/fortios_system_pppoe_interface.py | 402 +++ .../modules/fortios_system_probe_response.py | 315 ++ .../plugins/modules/fortios_system_proxy_arp.py | 300 ++ .../modules/fortios_system_replacemsg_admin.py | 315 ++ .../modules/fortios_system_replacemsg_alertmail.py | 315 ++ .../modules/fortios_system_replacemsg_auth.py | 315 ++ ...os_system_replacemsg_device_detection_portal.py | 315 ++ .../modules/fortios_system_replacemsg_ec.py | 315 ++ .../fortios_system_replacemsg_fortiguard_wf.py | 315 ++ .../modules/fortios_system_replacemsg_ftp.py | 315 ++ .../modules/fortios_system_replacemsg_group.py | 1208 +++++++ .../modules/fortios_system_replacemsg_http.py | 315 ++ .../modules/fortios_system_replacemsg_icap.py | 315 ++ .../modules/fortios_system_replacemsg_image.py | 302 ++ .../modules/fortios_system_replacemsg_mail.py | 315 ++ .../modules/fortios_system_replacemsg_nac_quar.py | 315 ++ .../modules/fortios_system_replacemsg_nntp.py | 315 ++ .../modules/fortios_system_replacemsg_spam.py | 315 ++ .../modules/fortios_system_replacemsg_sslvpn.py | 315 ++ .../fortios_system_replacemsg_traffic_quota.py | 315 ++ .../modules/fortios_system_replacemsg_utm.py | 315 ++ .../modules/fortios_system_replacemsg_webproxy.py | 315 ++ .../modules/fortios_system_resource_limits.py | 365 +++ .../modules/fortios_system_sdn_connector.py | 548 ++++ .../modules/fortios_system_session_helper.py | 337 ++ .../plugins/modules/fortios_system_session_ttl.py | 299 ++ .../plugins/modules/fortios_system_settings.py | 1407 ++++++++ .../plugins/modules/fortios_system_sflow.py | 271 ++ .../plugins/modules/fortios_system_sit_tunnel.py | 306 ++ .../plugins/modules/fortios_system_sms_server.py | 287 ++ .../modules/fortios_system_snmp_community.py | 582 ++++ .../plugins/modules/fortios_system_snmp_sysinfo.py | 307 ++ .../plugins/modules/fortios_system_snmp_user.py | 516 +++ .../plugins/modules/fortios_system_storage.py | 355 ++ .../fortios/plugins/modules/fortios_system_stp.py | 334 ++ .../modules/fortios_system_switch_interface.py | 373 +++ .../modules/fortios_system_tos_based_priority.py | 301 ++ .../fortios/plugins/modules/fortios_system_vdom.py | 321 ++ .../plugins/modules/fortios_system_vdom_dns.py | 294 ++ .../modules/fortios_system_vdom_exception.py | 330 ++ .../plugins/modules/fortios_system_vdom_link.py | 303 ++ .../plugins/modules/fortios_system_vdom_netflow.py | 282 ++ .../modules/fortios_system_vdom_property.py | 407 +++ .../modules/fortios_system_vdom_radius_server.py | 298 ++ .../plugins/modules/fortios_system_vdom_sflow.py | 286 ++ .../modules/fortios_system_virtual_switch.py | 382 +++ .../modules/fortios_system_virtual_wan_link.py | 1127 +++++++ .../modules/fortios_system_virtual_wire_pair.py | 315 ++ .../plugins/modules/fortios_system_vmlicense.py | 284 ++ .../plugins/modules/fortios_system_vxlan.py | 356 ++ .../fortios/plugins/modules/fortios_system_wccp.py | 470 +++ .../fortios/plugins/modules/fortios_system_zone.py | 352 ++ .../fortios/plugins/modules/fortios_user_adgrp.py | 308 ++ .../fortios/plugins/modules/fortios_user_device.py | 423 +++ .../modules/fortios_user_device_access_list.py | 326 ++ .../modules/fortios_user_device_category.py | 293 ++ .../plugins/modules/fortios_user_device_group.py | 345 ++ .../modules/fortios_user_domain_controller.py | 306 ++ .../plugins/modules/fortios_user_fortitoken.py | 335 ++ .../fortios/plugins/modules/fortios_user_fsso.py | 395 +++ .../plugins/modules/fortios_user_fsso_polling.py | 360 +++ .../fortios/plugins/modules/fortios_user_group.py | 591 ++++ .../plugins/modules/fortios_user_krb_keytab.py | 300 ++ .../fortios/plugins/modules/fortios_user_ldap.py | 450 +++ .../fortios/plugins/modules/fortios_user_local.py | 440 +++ .../modules/fortios_user_password_policy.py | 293 ++ .../fortios/plugins/modules/fortios_user_peer.py | 384 +++ .../plugins/modules/fortios_user_peergrp.py | 298 ++ .../fortios/plugins/modules/fortios_user_pop3.py | 307 ++ .../plugins/modules/fortios_user_quarantine.py | 309 ++ .../fortios/plugins/modules/fortios_user_radius.py | 825 +++++ .../modules/fortios_user_security_exempt_list.py | 372 +++ .../plugins/modules/fortios_user_setting.py | 414 +++ .../plugins/modules/fortios_user_tacacsplus.py | 381 +++ .../plugins/modules/fortios_voip_profile.py | 1398 ++++++++ .../plugins/modules/fortios_vpn_certificate_ca.py | 357 ++ .../plugins/modules/fortios_vpn_certificate_crl.py | 377 +++ .../modules/fortios_vpn_certificate_local.py | 462 +++ .../modules/fortios_vpn_certificate_ocsp_server.py | 324 ++ .../modules/fortios_vpn_certificate_remote.py | 314 ++ .../modules/fortios_vpn_certificate_setting.py | 410 +++ .../modules/fortios_vpn_ipsec_concentrator.py | 330 ++ .../modules/fortios_vpn_ipsec_forticlient.py | 327 ++ .../plugins/modules/fortios_vpn_ipsec_manualkey.py | 404 +++ .../fortios_vpn_ipsec_manualkey_interface.py | 439 +++ .../plugins/modules/fortios_vpn_ipsec_phase1.py | 1407 ++++++++ .../modules/fortios_vpn_ipsec_phase1_interface.py | 1651 ++++++++++ .../plugins/modules/fortios_vpn_ipsec_phase2.py | 804 +++++ .../modules/fortios_vpn_ipsec_phase2_interface.py | 838 +++++ .../fortios/plugins/modules/fortios_vpn_l2tp.py | 293 ++ .../fortios/plugins/modules/fortios_vpn_ocvpn.py | 292 ++ .../fortios/plugins/modules/fortios_vpn_pptp.py | 299 ++ .../plugins/modules/fortios_vpn_ssl_settings.py | 986 ++++++ .../fortios_vpn_ssl_web_host_check_software.py | 386 +++ .../plugins/modules/fortios_vpn_ssl_web_portal.py | 1239 +++++++ .../plugins/modules/fortios_vpn_ssl_web_realm.py | 299 ++ .../modules/fortios_vpn_ssl_web_user_bookmark.py | 504 +++ .../fortios_vpn_ssl_web_user_group_bookmark.py | 498 +++ .../plugins/modules/fortios_waf_main_class.py | 287 ++ .../fortios/plugins/modules/fortios_waf_profile.py | 1856 +++++++++++ .../plugins/modules/fortios_waf_signature.py | 287 ++ .../plugins/modules/fortios_waf_sub_class.py | 287 ++ .../plugins/modules/fortios_wanopt_auth_group.py | 325 ++ .../modules/fortios_wanopt_cache_service.py | 374 +++ ...fortios_wanopt_content_delivery_network_rule.py | 617 ++++ .../fortios/plugins/modules/fortios_wanopt_peer.py | 286 ++ .../plugins/modules/fortios_wanopt_profile.py | 801 +++++ .../modules/fortios_wanopt_remote_storage.py | 282 ++ .../plugins/modules/fortios_wanopt_settings.py | 282 ++ .../plugins/modules/fortios_wanopt_webcache.py | 416 +++ .../plugins/modules/fortios_web_proxy_debug_url.py | 310 ++ .../plugins/modules/fortios_web_proxy_explicit.py | 580 ++++ .../modules/fortios_web_proxy_forward_server.py | 348 ++ .../fortios_web_proxy_forward_server_group.py | 341 ++ .../plugins/modules/fortios_web_proxy_global.py | 408 +++ .../plugins/modules/fortios_web_proxy_profile.py | 462 +++ .../plugins/modules/fortios_web_proxy_url_match.py | 322 ++ .../plugins/modules/fortios_web_proxy_wisp.py | 319 ++ .../plugins/modules/fortios_webfilter_content.py | 396 +++ .../modules/fortios_webfilter_content_header.py | 351 ++ .../modules/fortios_webfilter_fortiguard.py | 346 ++ .../modules/fortios_webfilter_ftgd_local_cat.py | 319 ++ .../modules/fortios_webfilter_ftgd_local_rating.py | 319 ++ ...ortios_webfilter_ips_urlfilter_cache_setting.py | 264 ++ .../fortios_webfilter_ips_urlfilter_setting.py | 277 ++ .../fortios_webfilter_ips_urlfilter_setting6.py | 277 ++ .../plugins/modules/fortios_webfilter_override.py | 379 +++ .../plugins/modules/fortios_webfilter_profile.py | 1203 +++++++ .../modules/fortios_webfilter_search_engine.py | 352 ++ .../plugins/modules/fortios_webfilter_urlfilter.py | 447 +++ .../fortios_wireless_controller_ap_status.py | 307 ++ .../fortios_wireless_controller_ble_profile.py | 396 +++ .../fortios_wireless_controller_bonjour_profile.py | 355 ++ .../modules/fortios_wireless_controller_global.py | 399 +++ ...less_controller_hotspot20_anqp_3gpp_cellular.py | 310 ++ ...ss_controller_hotspot20_anqp_ip_address_type.py | 318 ++ ...wireless_controller_hotspot20_anqp_nai_realm.py | 454 +++ ..._controller_hotspot20_anqp_network_auth_type.py | 303 ++ ...controller_hotspot20_anqp_roaming_consortium.py | 311 ++ ...ireless_controller_hotspot20_anqp_venue_name.py | 310 ++ ...ss_controller_hotspot20_h2qp_conn_capability.py | 428 +++ ...less_controller_hotspot20_h2qp_operator_name.py | 310 ++ ...eless_controller_hotspot20_h2qp_osu_provider.py | 371 +++ ...ireless_controller_hotspot20_h2qp_wan_metric.py | 348 ++ ...ios_wireless_controller_hotspot20_hs_profile.py | 715 ++++ .../fortios_wireless_controller_hotspot20_icon.py | 339 ++ ...ortios_wireless_controller_hotspot20_qos_map.py | 345 ++ ...fortios_wireless_controller_inter_controller.py | 335 ++ .../fortios_wireless_controller_qos_profile.py | 462 +++ .../modules/fortios_wireless_controller_setting.py | 544 ++++ .../modules/fortios_wireless_controller_timers.py | 372 +++ .../fortios_wireless_controller_utm_profile.py | 358 +++ .../modules/fortios_wireless_controller_vap.py | 1573 +++++++++ .../fortios_wireless_controller_vap_group.py | 304 ++ .../fortios_wireless_controller_wids_profile.py | 723 +++++ .../modules/fortios_wireless_controller_wtp.py | 1201 +++++++ .../fortios_wireless_controller_wtp_group.py | 408 +++ .../fortios_wireless_controller_wtp_profile.py | 2251 +++++++++++++ 471 files changed, 207072 insertions(+) create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/FILES.json create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/MANIFEST.json create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/README.md create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/inventory/hosts create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/readme create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/set_system_global.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address_group.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_vip.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_alias.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_dns.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_global.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha_monitor.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ntp.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_zone.yml create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/doc_fragments/fortios.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/httpapi/fortios.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/common.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/fortimanager.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/facts/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/facts/facts.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/system/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/system/system.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/facts.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/system/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/system/system.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/__init__.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_alertemail_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_heuristic.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_quarantine.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_custom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_list.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_name.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_rule_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_rule.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_scheme.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_ca.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_crl.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_local.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_filepattern.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_doc_source.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_sensitivity.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_sensor.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_domain_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_client.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_ems.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_registration_sync.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_registered_forticlient.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_extender_controller_extender.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_facts.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6_template.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_auth_portal.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_central_snat_map.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dnstranslation.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_identity_based_route.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ip_translation.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_table.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipv6_eh_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ldb_monitor.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy46.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy64.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_protocol_options.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_address.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_addrgrp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_onetime.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_recurring.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_category.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_custom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_per_ip_shaper.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_traffic_shaper.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_sniffer.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_host_key.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_ca.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_key.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_ssh_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ttl_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip46.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip64.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp46.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp64.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_custom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ftp_proxy_explicit.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_custom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_decoder.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_global.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_sensor.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_custom_field.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_eventfilter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_gui_display.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_global_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_threat_weight.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_filter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_forticare.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_vdom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_chart.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_dataset.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_layout.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_style.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_theme.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_aspath_list.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_auth_path.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bgp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_community_list.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_isis.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_key_chain.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast_flow.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_rip.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ripng.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_route_map.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bwl.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bword.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_dnsbl.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_fortishield.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_iptrust.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_mheader.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_options.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ssh_filter_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_802_1x_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_custom_command.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_global.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_igmp_snooping.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_mac_sync_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_managed_switch.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_network_monitor_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_dot1p_map.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_ip_dscp_map.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_qos_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_queue_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_quarantine.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_802_1x.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_captive_portal.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_sflow.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_storm_control.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_stp_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_interface_tag.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_log.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_system.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_virtual_port_pool.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_vlan.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_3g_modem_custom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_accprofile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_interrupt.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_packet_redistribution.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alarm.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alias.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_api_user.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_arp_table.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_install.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_script.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_action.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_destination.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_stitch.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_trigger.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_push_update.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_schedule.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_tunneling.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_central_management.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_cluster_sync.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_console.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_csf.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_custom_language.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ddns.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dedicated_mgmt.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp6_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_database.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dscp_based_priority.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_email_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_external_resource.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fips_cc.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fm.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortiguard.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortimanager.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortisandbox.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fsso_polling.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ftm_push.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_geoip_override.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_global.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_gre_tunnel.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha_monitor.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_interface.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipip_tunnel.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_neighbor_cache.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_tunnel.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_link_monitor.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_lte_modem.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mac_address_table.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_management_tunnel.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mobile_tunnel.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_modem.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_nat64.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_netflow.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_network_visibility.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ntp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_object_tagging.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy_guest_admin.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_physical_switch.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_pppoe_interface.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_probe_response.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_proxy_arp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_admin.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_alertmail.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_auth.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_device_detection_portal.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ec.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_fortiguard_wf.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ftp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_http.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_icap.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_image.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_mail.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nac_quar.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nntp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_spam.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_sslvpn.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_traffic_quota.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_utm.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_webproxy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_resource_limits.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sdn_connector.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_helper.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_ttl.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sflow.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sit_tunnel.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sms_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_community.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_sysinfo.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_user.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_storage.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_stp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_switch_interface.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_tos_based_priority.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_dns.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_exception.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_link.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_netflow.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_property.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_radius_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_sflow.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_switch.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wan_link.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wire_pair.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vmlicense.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vxlan.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_wccp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_zone.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_adgrp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_access_list.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_category.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_domain_controller.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fortitoken.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso_polling.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_krb_keytab.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_ldap.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_local.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_password_policy.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peer.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peergrp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_pop3.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_quarantine.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_radius.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_security_exempt_list.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_tacacsplus.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_voip_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ca.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_crl.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_local.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ocsp_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_remote.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_concentrator.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_forticlient.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey_interface.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1_interface.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2_interface.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_l2tp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ocvpn.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_pptp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_host_check_software.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_portal.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_realm.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_bookmark.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_group_bookmark.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_main_class.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_signature.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_sub_class.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_auth_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_cache_service.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_content_delivery_network_rule.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_peer.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_remote_storage.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_settings.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_webcache.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_debug_url.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_explicit.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_global.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_url_match.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_wisp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content_header.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_fortiguard.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_cat.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_rating.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_cache_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting6.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_override.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_search_engine.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_urlfilter.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ap_status.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ble_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_bonjour_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_global.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_nai_realm.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_venue_name.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_operator_name.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_hs_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_icon.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_qos_map.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_inter_controller.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_qos_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_setting.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_timers.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_utm_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wids_profile.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_group.py create mode 100644 collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_profile.py (limited to 'collections-debian-merged/ansible_collections/fortinet/fortios') diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/FILES.json b/collections-debian-merged/ansible_collections/fortinet/fortios/FILES.json new file mode 100644 index 00000000..2d6ced13 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/FILES.json @@ -0,0 +1,3400 @@ +{ + "files": [ + { + "name": ".", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "examples", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "examples/set_system_ha_monitor.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0887e5247f23ecdf64dd7a89ddd7d1d686a5e1bba3043e3c8c31c8e1d5e3baa4", + "format": 1 + }, + { + "name": "examples/set_firewall_address_group.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2fa4664b850f35e19776314ffc47accd088d0d20a964eca7aa5b8b197aa39280", + "format": 1 + }, + { + "name": "examples/set_system_dns.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0fd8236e5ee9925636d04c67bc583388bccf25eb454b3b09a2f84cfb1ae2624a", + "format": 1 + }, + { + "name": "examples/set_firewall_address.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "825c89e6f960924b965350c3b4a29e1730b59a7906c857749340d373a2f400db", + "format": 1 + }, + { + "name": "examples/set_system_global.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b771c6cca7f68b5406a65f0201644a32e76e99120b90111934ed6b20cf735f6b", + "format": 1 + }, + { + "name": "examples/set_system_alias.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8f28fd1c84f857e6f7c7be19194dd52ffe6d85dbb51baa346350f953b579d8a7", + "format": 1 + }, + { + "name": "examples/set_system_zone.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f9ee9563bf21770f6b28cd9f29da54ace7150c4f586b89b2e0604b80e0bc39a1", + "format": 1 + }, + { + "name": "examples/set_system_ntp.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "108de43f3838294e9a15b902b4a51fb99b02ea784f01ce3ab7067fa496411122", + "format": 1 + }, + { + "name": "examples/httpapi", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "examples/httpapi/readme", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7a779d262526683f6a0ae4309c97b7758d3af5bddcae2fc61a6e1f7605fe6bf8", + "format": 1 + }, + { + "name": "examples/httpapi/inventory", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "examples/httpapi/inventory/hosts", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cbf074bb71d33b014d483ede2c049797d61a5909794292e11837a6299cb39514", + "format": 1 + }, + { + "name": "examples/httpapi/set_system_global.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e4f52a0c705ae55371663447468ed082c356fd37aabf7c02f9e1d25a9212c52b", + "format": 1 + }, + { + "name": "examples/set_system_ha.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3961bdfce654bbc8999796e73f00725965402d1f61ddf1fd8a0946e3fe5fe011", + "format": 1 + }, + { + "name": "examples/set_firewall_vip.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "81da4978204614eb9c5ea7b371aff2b20fcf4c1d0a23e8c9f9ed850216053507", + "format": 1 + }, + { + "name": "README.md", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "55201c1b1208ae0af0e2fdbbd3bc59f39be0123bfe84ed993d857545ec45d560", + "format": 1 + }, + { + "name": "plugins", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortimanager", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortimanager/common.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2429a4c142dc92d6dfee8f12fe45269ba172ca2b20323daa6d0c49ee7f1a1128", + "format": 1 + }, + { + "name": "plugins/module_utils/fortimanager/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/module_utils/fortimanager/fortimanager.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ab117cefbb7edee1bba309fd122de23de89d6ac955bfdcb1307f620080481540", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec/system", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec/system/system.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ca0d8be0e820b6326cf8f474824d9029916648f10571ef20e992376c49b1a384", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec/system/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec/facts", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec/facts/facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9b0e1461d68f19238b7d1e28abf42fa5bba503d7dfc2cbd06e0765aee3bdb312", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/argspec/facts/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/fortios.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fbc43cbc499c2023424890a71322276bfa8e0c4dd2926391545106a4c0e3806c", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/facts", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/facts/system", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/facts/system/system.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0f8364017078d88e58a9d98b8be491900d7a43704bc623617ab9ccdf49ec6873", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/facts/system/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/facts/facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "91596102a027c820f6756eb002aa80da510de5da749bde5390e250bd6090a43f", + "format": 1 + }, + { + "name": "plugins/module_utils/fortios/facts/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/modules", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_accprofile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4ba2154ab77c3c749026902ed262d75fdaa61626393364bd6ab1711a320545d1", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_dos_policy6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3562ff26ca5a78903ff08d9dbe02d415dcf83d28f0d933009007e84f7320d261", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ssl_web_user_group_bookmark.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "29a53cd49e6393280af2579cd5f8cf3e3ec00449a4d1a0b03c16bf4c075ac160", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ssl_web_portal.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "757fa47c55bf1a67dc05682c484b8caaf201fbe230299816f2676b2d53b587a8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_access_list.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "814918241e3b488fbaa1d490d1faa507d3f4280789db49dc127f5b43a2d1a53d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_virtual_wan_link.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a753ecb9cfb1bb1e30b562bf170aea965b94e5b1beddef0fc38334eb9e1e3d9b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_sdn_connector.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "65afd0d6023c159d8e185db0e6a7c8370fe7a98db910f906fed563be00ef199a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "93969272a12de62953b70f40f73fb4852da0c3e35d58de8ef9357b58d4e83d09", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_internet_service.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "89ce6b9fb4d8aa238599a5b20dc7955bf072bf28ca0c4d24f5f97e1bcdc093ff", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_policy46.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "87098d9d91c72db62591ea8495c62cbf8cfa25e57ebac4346c712b663237787b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_internet_service_custom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "481fcaab046939c044ed56f1503d306251c4db503a4032f642afdb761136ea17", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer2_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "752535917a3c6d2bdf00801f8263eb8099603671671077df893543d0f2543f6e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3c91d329b4555483076abec56c939221833245baf15b71e75d2c6260f4161ad0", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer2_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9357122acdf590c4fd0f1c8bc0a4ee2151c224c01b95237d70b23ae1d3816678", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom_exception.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5e3cc786122359af610f054ea72c39a511d91209fea653df299e2d0e5562c96c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_image.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "064fb31a4efd5dc779338a8e3b983eeadb7759aa0b257128737ebb632d9a8103", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_auto_script.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cad95042c925b3786c371cd4844540b010b79710282f53bc559fcb7a1526ad70", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_nac_quar.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9adab0da7ec763e5d5f2b35f3928a3a680e8906486599e1b0b410af5f5bf76b3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_ble_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "51d1f762eee3d6d794d1276d0e03019d5b867907f803d2e3f2026c1320913b28", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_automation_trigger.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "49cd1e435a37fe9c0296236159061197bb0213f2f7f3579adeae6ae2eac12d1c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_identity_based_route.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "47c54bbffb7790693f0bb048069a8222ee33e9ab801a5e015188b1ef7666194d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_ldap.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a9865e16547815e2b17db81a44a447e78b595a3facbff99de64717bf2f30d2db", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6ece21bdf6e6c0923e129c368494b08607486ef8a1c5841d842160bdaab66929", + "format": 1 + }, + { + "name": "plugins/modules/fortios_report_layout.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9498936b717b4dc37754fddd5403c68c707090f876993d42d088def1a9e2cabf", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_pptp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21ee14162aa1b3b43f6a7be8c9bf97271536a761d1977be5ab0ea663e983370c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_nat64.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "00e2165a2c881c71d6903e943d23936065fa6404b6f5f8105e0490793a62e189", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ssh_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "975339a938c5be1cd1676667f8af739c46455519fd7dcf19c188d8bdeb42eafa", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_affinity_packet_redistribution.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "936fcf0cf5b5814cd7efed3661d1fdeb7941c56eea696cac9ea075b850f424d7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_switch_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8aeb7e2114eb059c57265df848fd4d9b5f1a863fcc01abc48998f261b6659f99", + "format": 1 + }, + { + "name": "plugins/modules/fortios_endpoint_control_client.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2349a7e85056efe20d65fcb54dd59e670d6b3706a7808f5ea0ffcc0510368e8a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ddns.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b4ddde767e8520b61ad19c521161ace86b74c3e67d14203886e304ca83088b9f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_ftp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fac6ffbba6605e4345f7e76d4ba10d5be1d62d7650dd6a742f9b0bf5076ff43e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_object_tagging.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "89f936751e6b4f68acad542248fab00c028174e888efcbdd0d655645f06e2d82", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_profile_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "917f873f5f21afa1e627854db782e41b93dfb509c77a7272fede9d50a1482022", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_global.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1eac031b151ade08da77b1865b44b5c5b64ff9d8c48961ab9fd2540efd953dbe", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_address.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cbd5c85c86086e9cbd9b7f63e86a1d613cfda53860c1729bfe24c06d6dfad94a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_alarm.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7de7b279188679f0500fb340dddcc19b3bbea27495e6be38acaec55af6d69b2b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_configuration_fact.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "26f152c5068426a57f59d3a4f54731c21934cdd055750211d8ce4fb0916bf1dd", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_arp_table.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b05f0b82129ea6d8c61b33bf016e0bdf9f2298790f453ab076def98458719060", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ip_translation.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0181e61aa0da83fc1cb2d23a0c5f969c9ad799272c82be27a69aec37c3d0333e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f4333e2b77ab97558d28a6990328446b43402db2092929d2cf28aa175d0f5e13", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_manualkey.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "37b230fc96411c2ad5982777fb7b5485b9c6e8052e8f672a9e3ab6a43cd9abd7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_ec.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5bf2787386436bfd7cddd07788df90a9451989c746ba99356cf7f11f09dbd1b7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_shaper_traffic_shaper.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "611589d6bc2efbdc9b2df383e4e838a91b01c13d4f9cd6c4d86d2b0b1a667b66", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_storm_control.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "afcfa90804739439e2dd2b40484e6772a572077ed8669d976580d72056bcd271", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_phase2.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "404cc6c092fd9ec4fff65da2440c2e8cdb30a3e9e783bb8873e1fb5f23f3cc41", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_ripng.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1b6f73b8e62f6c780a5e5f93396eebef8a88c79dad1e45b4e3ac3be9d9230ee3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ftm_push.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a23fa80624afa2e832aebd47095b75a620854d7f5630062bd86be391ef3a89e9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ssl_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "277eac3ca3f3083e9de44b488036ac5a0790c22bd8b552eaca0d2e95ef421f6c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_dedicated_mgmt.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "86c9ff118643b21ebbb8d576231d446bd98f247cfbe44785bd54873d40b1ef79", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_ap_status.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c50084c68a9ed1ad173565cf46e961f0ac6194b7071e4c54f1177c220ff4b7b2", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vip.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d7e1d0fc75de2fccd35c0b387cdfbc979f305394ccf41eabd37ff1a571d6b02d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b4ca7d446370c49c197f21938f3e16cef0857d85ec5ef9babf238cf7061b4e09", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_affinity_interrupt.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6c3f7a6a2264870678734661e13dbe872a9fb4295598c141d789b6378cc8b8a3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_console.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dcbf89ad846c296de70d2332b6109529b457de3aecddd744d91b88565d3b65bf", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ips_urlfilter_dns6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3f1f03f008587a3fce5fa0992b1f204972469859d1b20e6cd5c4cc5e1b747bfc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_certificate_remote.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ee1c75ff53f2d492be309e8a30b23b0b04a36ee48bc3cbb380353997b1c6bdaf", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_dscp_based_priority.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6e2b7fa46d99947c945aa60902f7e5dcf99e6f5e83005259b61880ab15af08af", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_quarantine.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5aecbdad35729b22c23fca41c5fb171e545831c7c0e83c5dd432a95aa8c3f8e3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_fsso_polling.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "04907ac71bcee903546682e32b2b920b505e556d06100b7cfc34db38948eef2c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_certificate_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eba2ee65ec99de228f50e25277dfe72e7d0e28b44f3c332bafd73b4ed322bcee", + "format": 1 + }, + { + "name": "plugins/modules/fortios_endpoint_control_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cc3db9bd8b6a76c2e0735cf110999d85627a0e195799b74e6720619535961b04", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_ospf6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "19da53bfe1862038c83cdfa3c7b506bdae689ddffe01e86816456b4d4f2b20f6", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_utm_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ba70882b11f29ec283d66ade30598a9f3530d14a7009b871755ec1fcf3f31900", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_rip.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e5448ac879725e44abfb05d7d39fb5e9747f8228ddad05796a6a148492d81cd4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_wtp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e275a099762edee111c01852c58e7e131329ba42eb7de3b6bcee8acababf6835", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_urlfilter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cc52933f92b4a81cbfa7c12972bb9a9c45d167d2c08087a5d636e803df757ca7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ssl_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ba6a6a2a01a7a55ad3cf7cb213045debbd787cb776195ff84df9cf5128ab868d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_dns_database.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c004d45ef89fb6cac39b17428d1667eb5479c96199646992e8cf75583536e7a8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_sniffer.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9f6af072aa9d0848d6e58576565b11442705f0d4eaea14e15258d78d899b46b4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_antivirus_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bf6d33b2bc3d8dc71d5403a0c8e0d61883378a772dd2d319232b9eb3fa0fa414", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_dnsbl.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1f711be972e7f8510f6f1e78d97386fc3e2cf7a6ff600a594a782c62844bfb50", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_session_ttl.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "571c17d42388b9df528403a0bb6b4a5c7edfaffe8e59c2c820c3a85e9af8fa88", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ssl_web_realm.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "961bd280301d10e14e0ec9582801836b22b3ca5b32f73d16d8c58dfcc11f6a6c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_wccp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3ab22a19c290f8a9bca30aa8df2311ff2c2bf08dea5ed70ae01009eb96570248", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortiguard_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1db084961f545f930c5262d19da2d412a19df4e38ef90fea9cb93f1b0692f828", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_anqp_nai_realm.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "499650baf7e9d346c33ec003409823743939aa7728ea5c790258b123a1283d1e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_802_1x_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9245b795def781a97d81248f33da352b35284c3aef9900e71b619ac390bbf4c2", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_disk_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c28ef7e7ce478988b440775cdc0bce276681c4c18c6a3b7de9f80287fbdd1b9c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_application_name.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "494ff92c0038f4eba4267ced75b9481fe48a6ffc8e81e39f2af31dc1b35c6ddf", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_peer.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3fbef09769bf793b0489fbdf2212a84bae7d8fa61430920e1525fa8d36635179", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_aspath_list.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bd5d7756af8bc6b9bab8982b04d718ee813801c2d76bf6fbee910d2f9629f876", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_gre_tunnel.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e2f955ad61cb9c887da77fac85e8ea9208dc492bb2c2ff9b52e703f23af1362b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_voip_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d6e39eb97745bc143f71a0007129ef407c734ffb72088f0005f5c893993f0ea3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_autoupdate_schedule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21321a9c4de8bb0a3d58e7187805bf27fa26860a62f3e839bd6a214f9c1bb836", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_central_snat_map.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "83ecf034775efd227e43efe230a244da28531235eaad6275bb03224cdcf5e3c8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_auth_portal.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "71d98240ce0a7602d6db3bb327214a0e5bfd8373cc5a3c7d74048c0d2b281c4a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_interface.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e8bcd5db9cafd6b9aa1d9964717485f4153a8ebe91d8b313b8e02027a64b83f3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_device.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3cbd1a93f2110eafcb9927e653fe62eedccdb720ec4c90f2d3ec778bf47dd9f6", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_forward_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "92b85760e40d53e543dbdc0e7fd45f773ccfa3d07cb275ad2f2192e10577f625", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ssh_local_key.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ad270d0204ccc45462fc1eb24cf0ea29d51776d2149d416cb020eb64572c3765", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_admin.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d5f4e53d69f58b75c4baf7c41417f2354d2f4b18205f2d6ff77fa836e414526b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "936608ded1bc47b4963a0efdcf78a2d6d45b43f1150028afd875875a0965332e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom_sflow.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3a1a63d7eea736a7e4d62a7340709c7b1aa60673a804d844fc0920ba5c664895", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_timers.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ccdf1e84c37986c334047b26916a8c5366345a1fc9f9c4c979777a1b43aa1e7b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vxlan.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ad559ed7d7bc99e47828d5708ab4bc79298a504c28e1202932733dca4efd9d13", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_geoip_override.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a83e1d301f25e33f7d9be17487c558e47fe5764665ff7d29e5679f820bea170a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_storage.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "db11afc8935188ebe164cbb85443a1faaaa1a048fd4184e98f034b1113b87c13", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_session_helper.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "aba07bfe8ad8fdefdd8780984e29241ed160dcc596fb1c73978be81e311b6514", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_schedule_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "34563e23e44a4a2995226866b5b067748e7ee071d8d2ce8b3b44863b6fbd9e43", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd3_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d1e1a74dff9c5dd552f48daef1e3736bafb50498c5372882ef909225153f574b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_mac_address_table.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "67f9c1cc4a109cddc8cf146bdac77a2b5776ce279dbe54eadcc10b6fc072feee", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ssl_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a9df6abb59fa8de404c0edbcf6a6c08c15a308627901d4cd6024c5868fc23969", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_bwl.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dc5f5c0a1745b61b320288e33e2195863b8cad084069aabda093070236f0637f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_policy6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c066dd112b24e5a00b565df5c3d92d7ca9d1d0829dcbf513e91d559619c3356f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_vap.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "35e667677aa65df1a328ca0a297b64d0c1a9fe02171f00223810c9563c5b23c3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_route_map.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c79875355fdd385e2b79c025ed3c04c0115831436ecad816ce86c02d21384634", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_profile_protocol_options.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d90f884b56690175757a76cfc2d7fd22783b1388bfae1852e1f439852301a97c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_shaping_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7a66b9faefd8113785a5a718af5a6d72fc9f309a99e13d151ee9893067ac05ff", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_fortishield.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1ac67359b9c9ef5a4911c6bc44264fe8a6438a35ccbc6f23373a8fa0ab4fa61a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_inter_controller.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "48696695e1b29034ca65b11af092cd2dceababb255e50f58a75f0e7b0d6fe4a9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_fortiguard.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "24ecc3e9dc2ad0b8db88725aaf91e48f1eb06c64520e502970b88bec897a842d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_snmp_sysinfo.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7734e954560455dd92845dae72b5b613983cc79def4b27a9d8a8a6bbb708c101", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_auth_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "27989eb6767391df088554101e9eddc58ac2b953c932ba456b743bf068080f3f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_iptrust.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5a4e8f174de31f70c10261418ac8c22ce18bbba8f0be505a22d974f61e2abe39", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_multicast_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "39ac6ad3fd92dda864c9d3c91c29d962b20dabe9afed4fd6128b9047126ffd3f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cf00e3a214b83f61138cfe95c696f0aefe473330f1dcdfcd118b76d5368264ce", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vip46.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "79022916c200956e1427bb9358d2300af2f4fe478e6fda02cf226a2a1e09e58a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom_netflow.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5d7ac8785b82ebd43d4728bb773c6ca6a518e761a9948ee584fde2635cd693ac", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_bfd6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f9de52a5d63e75b5887158973e9eb747c1ac4bced942d43b94c7e097b8f0f52b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_netflow.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "337029ed810f0236c7d1f7aea6450733ea7fdb933debd5cd108bdd2d190ef152", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_krb_keytab.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0400bfa8d2173e2dcf8d8da67806fed520d8a3ed2199704b4decdde16b1a6a74", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_l2tp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "463b6f5ed01db8f5cb91fe153d9d76aeaaca6173aff2e0240e51b6441095505b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_policy64.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "494aeccd37915d7d034f665ddefa7109948c4691b5989d81efb118c2f3ff7069", + "format": 1 + }, + { + "name": "plugins/modules/fortios_certificate_local.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9c8636ffd4a8bdd0a9d7461b1ae2e544dd39f257b592af05ae4e4990f894ba55", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_stp_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "877c2596a76a48cf0d56752d8c1cb8ba3a9877303aa5027e83dce6a0fc26e592", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_igmp_snooping.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "38a0e534d9aca21f62f13b77943caaaa0503b6a8abfaf30425c323961e4fb991", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_content_header.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "97c19ecf35b325a497b4eb9945ff8d23867c76dad227ff31766c21769e6fb000", + "format": 1 + }, + { + "name": "plugins/modules/fortios_antivirus_quarantine.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ae89ea1869ee0d21a636065c0e2ebc46c532dd9c4f8705245d0d921c845a0124", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vipgrp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f1941d8641f4650fc5fb531471aa832fbdbe43c16812ab84409f542af77d9af5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_automation_action.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1b2ed9b05996833050ec274692e51a7f26d75053590b38e8ece5854945a6e1c4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_addrgrp6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ce1b1b6836e2b77d0132471d208c393b1968c767cd7d1cf97bff9e5530acb2c5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_phase1.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "33b67fcfec4147ddbb743e848b162b26202c8b392867a5887dbeba7c2df57b37", + "format": 1 + }, + { + "name": "plugins/modules/fortios_waf_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d7b2de1bf9c853f003da64b8ac6b5e04c19f693685de55d7b1d562ce290a2c9f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_qos_qos_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0d3fb7486d742b3d9366e9c021c1d0827b62aacc52dcfc978dc09154a27c9b8f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_schedule_onetime.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7e73721f626b7ab9451fb19dc268f8af6b7f9629d1b43f388b5fa8367e9cfd04", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_h2qp_operator_name.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a1bd1779a18e631dd0c8397c36ad2a2bc1040fa14d420c90b49686b0281b88cd", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_certificate_local.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3694d68ac80d70ff6dd7d1392132e26d4bc9aef8fa270430501f936f3e2d5d7e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ftp_proxy_explicit.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bbc5937bcc41a12e53af5e271d587f0f8a53bfaab3035efba8d2bb9ffd5d9d04", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ipv6_eh_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c6c35a6aa13942aa17da2cb4d2395ff9ca9d2c788781e3c04db4de18ce238539", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_automation_stitch.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9f803c26737d990f89ba49c4d40ab509abbe74ed9942ea5ae85f5c9de48711e9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_dlp_sensor.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "017eed3282df23a963d270a938e1e0b39b3af3b0f90a71811615123167f4d0fa", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_multicast_address.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a002a0017378b25ab34e3fa4c2035c17655bd4fcfb5c97b021129b0114fb76dd", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_spam.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6ac0f705a3f41eefe2e0f4d4ce49d0a4718527bfa5d90a53452bb028f31f1c0b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b33820fb4328fbb5286d8634055a041381f79cfd9b37e59ed1d117a989931bad", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd_override_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8982e8e6aab101b67ccb1fefa3bf4309df3110ce77de78c76181929536c8bacb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_interface_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "faeec2d561eed6e45dc9a47a0c81bd39f40e103797bdc15f26b9b71c07ee4ce9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_nntp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2640ab2dbaa22c0a3fef2603fda72b697622fdb6a949e0fadb1848bd7fddbda8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_network_monitor_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b6a833cf50bfa6639cfdef56742ae5082312a2b966dc7840a11cfe8c0f061920", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3ef2520a9a5259df2eed3a244d7f775fe7d26447da9314f8161b56084fcf5363", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2aae3aea434ed84a88ea2f23b0046f8b79d2367232e5a5ded35e13f2e67ee614", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_auto_install.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7515d3ad4c5428d84be4b2660d86f42901bdc495ddd2577fecb0003cbb11f0a5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_icap.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e93037d792ff706b10fa3bca3a0a0f3352b1713d68ac55da4b0b0e8e7ea1341e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_pop3.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "412ef54982d1950136f348ba707df41219f513f572d0bba1924d5fca6bbaaef0", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_alias.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4b4571b271fb315a88445531252023844366bd0b29c55e2e039ef3dbe28757af", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_isis.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9299b53e38d90b47cac5ccfd38c3891eb8f2220b81bee1c37fd8231a70859891", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_lldp_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d083de043257f1b60e1a3cfcf59a9011bacd7c7d5aec352d928e0fc7cc5a00dc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_multicast_address6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6b174798449f31946bfc731fee3800eddf46ed99d8a08891a1dd2ec91951622a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_authentication_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ce3f58f89ccb4eed7ff99b48abe1a94ad4295deec9fd8f1c3459b260fbe04785", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ips_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2b6beb33f8b02d904d64db939a1d419b1d459767ad721c34e54e8fb8f999ef9d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_prefix_list6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "709599a835adb6e830747105606ace1f9ae4328356e18bc3519ecb9cd202eaf9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ips_decoder.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c00d37da0af62a278f78ff3e86538325074a2576bcf84411319daf15fface822", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ad1c63f13a008da839a823d9e6c3c7a5d5114f317d93f7d10069593f4013da31", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_address6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e0bc1f92a666bed34561a93ae614823d866d6c2958e117dc444ea4ff148e3192", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_alertmail.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "698f15ac4d6463bb6d64da91b30be704663dcd6eb16efe1373c391199b9f773b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_remote_storage.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e0f2fe08749b4957e285ba1c2a104ce2931d538e604af40b848d14b0441458be", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7f165cc551414b00bfad1b37c86326a9a395325b4527fd7385f9272fff3e0fcb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_config_backup_restore.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e81bf977b8ab79e613545f50eaf94d4ed8ae709649271dbc9458d4a0c2f5af12", + "format": 1 + }, + { + "name": "plugins/modules/fortios_endpoint_control_forticlient_ems.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d37c11089115ff80b994644412cc295b9191dc1b18bf6b6993f1e9784f2859cc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_community_list.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6d3c22b34070dff959eae23fc345d67dade9ce99933f331f2acf9fb45eaf1686", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_device_access_list.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f130129fbda2836a52ae8139365aaaeb0a0417aaa22689a5246f690f8e579585", + "format": 1 + }, + { + "name": "plugins/modules/fortios_registration_vdom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5c99e40ff1c9bd0b97ba539149f46834f5d541823538994a487ccaa890e9b569", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_http.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "50f7003394082f0b1dc05c07707f98e6879882203ab9e48bd2bb979a8a58a851", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_sit_tunnel.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "97633da6c761fbee9397dd12ebbcef2f261b1cb890c4737d2e682ce09a926286", + "format": 1 + }, + { + "name": "plugins/modules/fortios_application_list.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a7f1b38cc513d9c1589b02763c856ad49c7d259dbc1cd2af52ef13e00d80cca8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_proxy_arp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c0498d55495e85628d0aa08d89ac3524e946f03d50c367bc3888f162c4516c9c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_fortiguard_wf.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b09a9c719499138d4b0c6d41e7430019bbe143470c483a04e1ef404e1648df7d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_certificate_ca.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f13fa514492d052f5b6963cc409f34546d5563c0edd2cfee95a04c31e2c54767", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vmlicense.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2c00cae82b44ea1c3c7b5e49feb577afd8399cdf1dc8b8c65d16347791c227ab", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_disk_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3d29f640ceae9eff1286021c7f72319a0382a5114f0b15c9ea1c25122b6291df", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_custom_command.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cd36b9fe88be4113e4ee0e24ce850eaad0c30809e245097b0f8f5bd060d6604c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd2_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fcd24b0bdb8d5e02d022fb2d4354293dbba6562850e87a346bcfd51c1e00956d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_snmp_community.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "316756f896baf19b2f6f760e17851fdc9cbd7a6d641ec896b3b983723ba59161", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ips_custom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "10dacc7f19db4fb0f62d3b4d8f1d4d2cef2d533f8dcfc8d91bd0ede7f22a9604", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_interface_policy6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a6186723fba031e4b369caba9edd120cfa78af7cb819025db5856a95b363bb4c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_proxy_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8fa98f425f8d7cbc2dcf353c391036fddde5c662c1cb43e8a6c90974907dbf3e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_waf_main_class.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c97141dbf4d7786b0adba8a7696283c093768744945927bc03331545b5a336f2", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_external_resource.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8d54a64322f85ea7951fe62f93979b738cd87f86cd006ee9729a0f40e12820c8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_memory_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4e7379b83f9857255881008f15651940b96d4e32523182f3658238dd15ceafb6", + "format": 1 + }, + { + "name": "plugins/modules/fortios_dlp_fp_doc_source.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ce4fbac75fd1c312864e968f9aaf844a121138acab046bdb5e6a6468e765021b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_peer.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c3ea9f0857d5ced444600684e5882efb39cf8cfadfd2d00089852f1ab91bc421", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_override.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "89ba545adbf482a6124720880a8d67a737565b3b43489c931f558556a7b51d7a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_switch_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "277239b2136372a096b3a48329bcbab81e1e554917565e840f2357e39c892387", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_autoupdate_tunneling.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d2160a3426c0d76e7a42071b883c78d7cd2621f4c6eb023fa7ee6d66ca0bb1ef", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_dns_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fb33695391d1c65e51c8040a8f88f6348f93255fd73d06f6877023133bff8355", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "abe4600b437d1df1d941fb99b0ec3bb7b25abe8a58fbd7ac7b4136fff68170dd", + "format": 1 + }, + { + "name": "plugins/modules/fortios_extender_controller_extender.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6f35222516c51166f3a6a0aee85adfa9f8355fbd81e62fc26e47132457f3e72d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_wildcard_fqdn_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bfbeea92ecda28e6ced258328ff20b9273c5086453afeaa9f0dd2a56c26cd375", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_proxy_address.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "901e8952cf900ef60e3a2ca96ff60a737de80e9a503854cea3122d9c71e624d3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_autoupdate_push_update.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "04a71a9d41c6b91c23820012d60ef0d2fc107ecfb1770326ce23d1ea5210150c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_wids_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e627d8cf7b0ae5298f27a2b3c1a76a0f94aef3842da1297ae9f6703388e8a6a4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_ospf.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "38d46c5b8781d5ed8b255037a819e050b1c4fd85bacbd6ead53a73d7dbc1dc27", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_fortiguard.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0b4d4d58383576b122cddbfedf20991a3698d5eb925989cf573624ccc7514fdc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0c46f14b8a9481a8d9fd25a1b9dc15fedf50864efd3af0bcc936f01e51ae3768", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ipmacbinding_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f6d1dfd0e5c4b9c49dab77dc9cbef8ff96a8fbc13230219739feb61f13ceba6b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ha_monitor.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "da4ebb57501ad03e2b2c0b32f628274f2fcc114fa5a13064ddf35c2bec2f62ec", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_fm.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b5d28eae32f4bfbfc520596c9a0d103aa30a70fd8074975a35c5ce977cf94a3b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_authentication_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e2338a9d2a51f9e5206574380ac1d287ed20458fbca1684049a5c774890884f7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_waf_signature.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5da72134c06aea064e6335532cc5ec9ba9732e804e51fd0bd49117f5c9c08937", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_qos_dot1p_map.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ba915f0f231d1002b82f1a6bdb60ba8dacb035bb179467616fd2a7b63750d723", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ipip_tunnel.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ec4ce213b4123c0777a34f999f1eb741ccc9c60522e9b56ba952242b9c39dacd", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_tos_based_priority.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5b5ce11a350e384befdfb9f4e5027606f37a1daf29d1e83c51373943543800be", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_sms_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3838d94621af2bd6eca6acc38d6bd2e3dcdce1a323d0543ac0fcb1e5659d0b71", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_dnstranslation.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2cf0737ff3ba59be16d1cb394a868c8aefe34b0a555016aebb03a13729a030e4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_waf_sub_class.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6ab383cf0bc7dc3aab8e92fe095bc0eb719ecc9ca0d4948c9ad990b7118d96eb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_sflow.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3dd6845d80a146b1554577d6bf1e8b57a2be2de3074034d70321e0c5ab2c85b1", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_switch_interface_tag.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "474cdbf688fdf6c45e34a54cc8d7d49f0eba223f3352e543036fd3ca8f804ab9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_fortitoken.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c956b987e38fee31f66e633741bb48dc58c816784dc1833eef0f268ea2c3239d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_content.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "53da00e366a56b369ee8e2ee02d625b6b080cae6ee4e7a64531115a863169106", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_schedule_recurring.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8e7d0f5e98672d68763209e2bd6bccc8c1729834a0474095bc37a94eb56db8d8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_dlp_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b507f3ff9771c5cc03584232bf3430788c74501d6bf32aa5afb103a12a055500", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom_dns.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6397724dcf213c2e85a81cf5840cf131c765d18ccacd7c251b20f95c86cdd222", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_fsso.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "db7c93d5490e6fe6acf8e260fc5b2d584c7a116aad51146d67c8491d20fa6a1e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_dhcp6_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c4c655ba79f9ea95320788a31dc333b35ca1c5cbc7dfad801170101989260403", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer_override_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d8b8cd9de3750a3ab906597fba3e8881bbf063c9b16bd6042ccc9ea521955342", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f5155daf299016b9c25765ae94be46b0b8ee237022293caf0c32d4fa16cc4789", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_password_policy_guest_admin.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3145fbd3b819ed5331fc1416a47c7fb656baa2d9242ffd8f45dd1c9b9bcc3eb0", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_traffic_quota.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3eea3e008fda973e02216344a1e87675307f9e03b323180a9668d7b37a3b4919", + "format": 1 + }, + { + "name": "plugins/modules/fortios_antivirus_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "09d216d1d4013c5da20e34372213b212f347594be106a3e7579e8198f2628934", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_device_category.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "76ebeba9292adb3dce59415e0f7ee6f6bf373a223af73a8d2bb668ed95db3396", + "format": 1 + }, + { + "name": "plugins/modules/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c07a60fad746ca46337331d15e5bdb1203898274088c9b21de2b71ac7a87d69c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd2_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2ce2e17d661b54931a5cdec1699f50cd3ee1bb5709c3beb4016a7e7a932c762c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_report_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dc3381fd2d40051534f8341e3c514aeeef58e774f99c06b9c10182f10b224f6a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer_override_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eee35d4e2bf465302c4938e88fbba09c864e3aa843f3c6f2e31c47752e85f5f0", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_device_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2c2865840fdabfab2a58210db371cfc12ea1378924401156e23297c730e472e5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_lte_modem.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9bc7efebfae691cda1e715b113cc29ab749deabcbefd1e608237bb2f2a048db9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_vlan.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fe5417105c8f73c2b5f1806c46fd13b0de9bb72b2c738ffa9764cf0f7b8cda47", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ssh_filter_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3d981b665bd6edd956a7a49a52a908f3a1b768f8a94bafa2a8a2568ff5785284", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_policy6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5be20f29fe844922acc0f3f6d1f02763bb130493ca5ff50a75dba8f33eb97201", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_pppoe_interface.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "48c5f026305807ce718c5952d5520ea1f180699a2babbfaca33b19c820311e6b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_shaping_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2da4e2e9c5ed74cdffcf1e952971eb265a6dd930cb1422211d435e68f5441c5b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ssl_web_host_check_software.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "32f45006da044edcb5c13cf291bb23549400bcab210cb49f74bacf1809a138cb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2b3297a5273d28c828dbd147c68c64dbd6f890b898b3061c69269c619a7ea4e9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_fortimanager.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0c3b216c419a38b91b240764fb9e81af72c7d87ac6efcd1e6ac4a7b5e934b21d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_report_chart.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "071beb41a83009d8d7516ca524b7e0bba4e3f9e94b0c0d25fa7884f362a2be0c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ips_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ece8601774e87b25efdb679710a04b3db02a738045480caa1748d3bb8a3b1352", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_device_detection_portal.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bd981ee13bffb73ff76d6249252f63da7a56f03bb12baaf65a7b0544211f4e46", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_multicast.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "38c5c5814aaa827398be70c1eb2b5dcab53eaab29346929b72874a8aa19a7580", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_gui_display.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fae3a19cc2e68811d1530ff8059ab262ddbb04a76c6b28592279db553aa7d9c7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "71fdd4412f7ed955082f435d0fcb619a97ccff005751cb6cb71e45b3ab33d60c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ipv6_neighbor_cache.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5a27248f2fbe28261ab7196716cd08f4cd54688a0aea8650f03177a5ac3ab6ec", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_ips_urlfilter_setting6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ea7b0e4550b4a36e0d9f653397d0a5bc2cee9f9b766d69208eeb06c2a1cf3d2d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom_property.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d2bccd4cf2e5bf57b2e22cdaadb8e8b6d66589708996d758e0bfd2f923d90a99", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_mail.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f1f4fb0a17116fde70383d00894cc8a75c4ef5b044b359f6a274a03f6d939284", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_certificate_ca.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9512437b260e7c1cb27af8d381a8ce6448cee6836094e54f8ffc044de039c739", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_qos_map.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d7d42acb01277259ff3c6c784572ea10972a0a7e5a4a805ecb544aa055cf5a1e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd3_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d5d1530e0ff91782ca5205acdb7a15a0cc374f67315802acee5ce4233f874e14", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_debug_url.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dc1a78e10ee1d7913dcf78728bba45d726c010bd07a9b0270b49aca4cd1f992d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_multicast_policy6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "123d2b74e91b6ca0cc70b5aa8aef7adbbfd1470a5658d049457e6cfac74e725a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom_radius_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1e7c8145c06582cf2510586281fc027688add7f6a6f9e2a9a226afe7750cff67", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_peergrp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9fb9de45fdbe43f6ca3ce43df8111d2ee450c9687bc78bad86b87d2840a04848", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_ips_urlfilter_cache_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "20aac80a41e5f4243d3343842dc360d539f0c696f081755b0988274a17068188", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6167df880d8ce25bcb7002ba8a812d22ba54abdf8069b4f4ac812c444d8b9d94", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vipgrp46.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d9f2bbda0913e0d0a0d128d0ced3b4121e883e25ad67d27f9f50e58a4cd6f654", + "format": 1 + }, + { + "name": "plugins/modules/fortios_dlp_fp_sensitivity.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "842539ef99eb3aa1f60c2e66095d2ca630ce09485a0f04db773b3ef87b412f38", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer3_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b355fd492caeed0e86f47fc4c25418a5b6aebc741bc745e07c048c6211114123", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_service_custom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0226880033844cbef1288944f04acb6fc51459a0ede2d8b950b75ad7864d8108", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ips_rule_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b53400cac4111e2f8ea28977f91b3590d303cea3492ee66898b79138eee6b63f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_phase1_interface.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d9b19fef375a9b2d124562b9c829ef3658cbfcf7d6b80b73d2752d6d110a2a58", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ipmacbinding_table.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "13d764dbfe81f92df48c1fee9f3725eba11c6c82ea38a170e45a616af90e024e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_proxy_addrgrp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b977d41231762a18fe806f8d28636b83656dd7e5e5706df6c0412e316280e3b6", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_local.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b9e73bdcaef2e501e468fee5480427923dead2502d809725f1e50742430558ef", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_sflow.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "109610254d7a8868821d80e79def7b59348d780033245d7cf5888361340f61bc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_endpoint_control_registered_forticlient.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "df1bf75416017ae1fbbc3078f7b358d027a7a42436b79341b2a38994ac976b08", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_access_list6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cf0ce3488885e1c23ed9f92925eb49691fb732c0aebba48430f52466a1a20730", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_service_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "34a664463c96921840eaf8694009bedac1384af5c596e85803a8d8bd3ff29c02", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ssl_ssh_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "921618b687c876469577442abe1cc489460526dcae1f309c7c8091324a40baa5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_mac_sync_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e01dbb92782c94183eae0e223bc6c6bd6bb7d621878a58adb30d61f2cf81739a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_static.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e36d2c05d5d54b2a60c810c1b941cfad0e0624e6ec2068fbd9700b3693cc9c50", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd4_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "24cde8800a2097b2fabd5c9104a06f927579663a0f86c930d3b8d6504e778ca6", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ssh_host_key.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3f6c60e686caf2a44ea38943f45fc790fcedb10cc7b6d19761318edbb4b3eee2", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ssh_local_ca.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "515687701c43a629485ab9054c8a26410dee9b7c344b9eac5fae6709aa7b5c9c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ttl_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8ad0e338fc117f7548c4326b70b00bb3b8440059a7cbd6da421595d1f28b2947", + "format": 1 + }, + { + "name": "plugins/modules/fortios_dnsfilter_domain_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cbe1217459f7199fda35ad3506e3de5e2bfc40dee32a838800e391204ffa221a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_eventfilter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "459e15383c0f3fbdb70bd34eb46ed46f91c1dfc2969b31979b3d365446f07a7a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ipv6_tunnel.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8d5fe62faa9aeecc748ba8bfea1053113aa7c4afb77b2b34a220ae5380340213", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_quarantine.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f1fbb01da00d05aa342ac050e0102cd2c8e214c605d142a8b9dd7c520b21121b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_dnsfilter_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3c08dfae3f26af948f0375cc8e23b434e809e7cf987fa121183c7b97964d9057", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_security_policy_802_1x.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1b404eeb23cf1b238728cb35c048c9507fc23db773f0da83fa14dc94bf948157", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_email_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6f3aff1f1c2a0b60ac5722c5f30a7fecfda252c105c3b9fd3aaec61c180a4978", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_fsso_polling.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "98b488524101377fd0f146d687c32a8eee0854952f8cc29574d7e91bdbfff818", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_cache_service.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7f8bd0b63913d24078aa5bea716dc14f4149e86954950f7b205aa72790b2aabc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_management_tunnel.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "77e56be45168f820cf1388eb97dafe329f31241e107eb9e36580ece3f20838ec", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_mheader.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "723a2e007f981ec62121aa7f10adce2e208df54ec23310603b4bbb5cd2f81a95", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_network_visibility.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7789447a0f2941d4d730e39c3c8ff1edfb5f9c28eae747a7f5928404d47c9f1d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_zone.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eace13dc0d35d359adbce846396143cbb2ecb3eed01c50749da952d956c3d671", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_qos_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c8026417993ac4876d02a9c8b2559fe4c228000ac60d15c534a4753250ef4a04", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0d22fe139b4dd87a15c77aed5fe50b35a1e7d773ac750b493a208957fbd407a4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_security_exempt_list.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3a914e8af7ca4611e59b54270182ec80590ac737f6f6955bd2dcab5bea12112a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vip6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ab53a5f853c77ce4ce92c9a11c6defa7e022e742cf32a45e7295519286f7f815", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_fips_cc.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "24f08fbcae7cf13ada14ca9155ff35ce5f25c572077543c1ad3797cb73e9c333", + "format": 1 + }, + { + "name": "plugins/modules/fortios_application_rule_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "76147bcdc79131351fc4cf76a6aede934e1ccbe47e5e964d8848155395785f82", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_ftgd_local_rating.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "367a2938d48e1094751a827cd8d9fc124e3c593c9b51346b0a5ee4a9bb990fbf", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_multicast_flow.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4b2fafee5a72bdce0bf4f971f2153f8c6775e49890169602e14c835ce8754522", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_bgp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "48117301d39f3dbbbc5385b1cba01825e42e50575718c1dcdc4167b2fe64a7a9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_modem.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "29c9b30873e8944d05801a2d5380ba127dcd67b4dcb8feeb307a38bd92d6113a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer3_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "45fe02f68142c7b6f906dd4841867eb13e9fcc0086a4c66993312a844e475f6f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_central_management.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "99d31f74a4846bea2e79b3d6f79d935a2c0de0440233a141026504ee676a622d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_endpoint_control_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0246bffaf4316fdd82daddd3103efe0c6aa963d785c188d99f095ab06dc94b62", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd4_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c5f3549393ed2ef46cfbb057ea32581324877de62c9e7a233b8d6763fbedae54", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_tacacsplus.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "59d4e47806830cd677c5748e0c767684a8f6653e497101f64d06b62d4050ca63", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_auth_path.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0345e039faf2b8c75c4b6257dc4dc41d3d4d8291b3a14bac4f6fe65d1a08e1fe", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_global.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "86fecf763f078d2ba58495a03446351cec14da5a64fd7060273ce09601122322", + "format": 1 + }, + { + "name": "plugins/modules/fortios_registration_forticare.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4c15c26bf64841e7fdb564da1d30ab434718e36535afd5de1cb8445958f0a3cb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_null_device_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d4ea86b4bd9d379656d8712e7f4b443418fbb695caeef86da0678cea2ed29c2a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_phase2_interface.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "960fb20f0cb9b13c7a6bc900fbace0c923227f7f117cbec4395f0dbd162b2451", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_physical_switch.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "481fef172e22fcc3f0f1728b94538669a7b602ce6059361d5ce979ffe696cc3b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_memory_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8b2891713158defc94dcb299f02eaebe58d3fe6ecd9db7ce6e3d1f222ef53bf7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_dos_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6d36e331947da89efc025f61206dbba8455aa71ea46f0a9ced3a0753cbe392bf", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortiguard_override_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9ebf5909da41e77b122fed65b2ea3f13dd3256929965bc8f2b2dd5493ddb6f48", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_automation_destination.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7a2d67ab8423dee30aa6b687ca3b9240f4f82624ca9ba22da66d2751809b4d43", + "format": 1 + }, + { + "name": "plugins/modules/fortios_report_theme.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cac0c10806758b57116ecd79398d6f1bddb14a0f92eef8d345f6ce2b3ef2a1e6", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_switch_interface.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fed7e873d38e218783bd796e1071f0cbabdd6f34a9510e5f73e62a40cb5bc50b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_wtp_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "76770bb1c5adc5ecfbcc33d1de1eaeedc24caccb4506f4fa97ad4b65e04b9527", + "format": 1 + }, + { + "name": "plugins/modules/fortios_alertemail_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dc8dce89f2bdff7c5a7ba47a4e47157dcd24200607827105ffd3128328435242", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ssl_web_user_bookmark.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "190666396395075468d583c512df6ec0621a4980a6383c9f293ff4e662854a43", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_security_policy_captive_portal.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0b24bb7775089c59d51ea743f9aa2749bf5b381256c6e0eca6cd2db780029ea7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_password_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f3ef039061ea2225e93000162cc35d35f0456e6e5d92bb052641e984fc881b45", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortiguard_override_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "07bb06612bc750eb949b0b2a104a0a68f1ef2931b448128916517762e9b986ff", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_system.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "72ad0971bbfb5943dbb443071dbd800f91482b0af1450dc58a949b2960047293", + "format": 1 + }, + { + "name": "plugins/modules/fortios_application_custom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "641400d03f30da88cee7f36fcb668d9433413381f3d59f945ca1fdde1d773db0", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_null_device_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2e435bfc8efd3b46ae36e3e328834ff5df6d32b1317d536b2a49010e6bad0cf7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_multicast6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c8c4d0ded253a8d8988e458b629e04dad405029333e371984a7e43066e3a3344", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_resource_limits.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d01a2f7864146559d6566fa752d7e722fffd8218fe4d668a509a8ed94a57bea5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_3g_modem_custom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f55ecb7e89d67a15495f5a9064fecb6a6793b3f9ef52ce31775ec02e543576b5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_webcache.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1de88fb4b8fd8b86503ac357229b46ed8182f615431747200e7ea792f19eb24a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_memory_global_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3a1036ac3c00abbbdd8718a1d673bd58e9b577f2ca112bd1302514ea633395a3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ippool.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f710e371ecf8c0d3aaf50d443c0f96b4bf8e6097fd15560badaef4ea015e9167", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_snmp_user.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d5e384851418277dfee8ba270f08b2924526111da859657ee0ac4f7b4e2f3325", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_ips_urlfilter_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "777b244952d1b0638401fe0f2b11dd77a011d669c017e8734bd0f0a70891b4a3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_certificate_crl.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "65efca0790bc892659a2d1706b8dde93f1d933ffbe062ddb963a7b606f503b6c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_application_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1bc2ab84389f7d00a186bda4c0b1ea0b70c61a7f55c3e52b4c29b997f6ea1565", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ha.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1c0053b80f610180f958ca6860798b373fc5ed0fa64a79805edc071c7737f22b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ips_sensor.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f1960e8c17cec826e90ca1825ffb6b601c5aa28ed05ef7e3db0291457fa3dc45", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ippool6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dadb40b38155d19e07d604452853651e7133a037f12dfe991957fcb91a00ef0a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_address6_template.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ca358b3858ae73ac80d1432d8217c4d605fed288510ff7979d608113cf6edac8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_virtual_port_pool.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "25a03569c25cfe6cbe68f195f57596e4cbe0a6f203f1e749651cdd08289bf386", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_domain_controller.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "62da711bf48707cbfbecce98c89dffbc61e6ce1c4a9c00ef2af8e40bd457dbf1", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_custom_field.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e9034c7597f936ccb29927d617ef99aa0ef3514efbe01390cfbef898f0154a76", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_webtrends_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e24a45683be6fb52d73ae884be754331aed3b5f866924d30e56af644d5f0450a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_internet_service_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "39668ab07da7400687be2c40e7b1fb9358668b964654c49ad8c2948384d1b641", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_wtp_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "268f56ae016a4a8134df093cc26e544eaccd04c3a88b9040707642acd85f6596", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_options.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8f8a6112a9a902993a4b569ce2984cea9a7903569cd5e424c3ab0612d8d0e7f7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_ldb_monitor.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eb1b0f97e5c2e6d6959ce64c966251db306af5496f4850fe40b930a6f94114fb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_syslogd_override_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ba9a2930d54f898f5774a42ff654f4953eb8a61820b4ed86ee7d08b1d1f49e72", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_stp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "024b956ee762a460fc4192e97af2ea773a680a39f88ced3eb94e26cc8209f55a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_antivirus_heuristic.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e8900f433a82c8fddc597ac71529400e7eb03354242cbe39392c3d780989dc22", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_explicit.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8775a398001809054b4c8c425986c3f0d700e96283464f3e12f82df63d43c3e9", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b9aa6110d260d7080f655557ee9b5aac7d738a253a66c9218d1773544bb527dc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_webproxy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fbd316423a7d77801a113d590b0e9e60e244521f7d07ba7f3ff71919fa547aec", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_webtrends_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3b91ede5155e86544bc89d6c0d1ef234704927cdea80f48b53486ec5cea89897", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vipgrp6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "903e4c43617f76a92dae31aede19051502c3ed377c7935cc88798e377e466b45", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortianalyzer_filter.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b9a788cd52cfd72bfd575cf8092e94b3df514ec20921e9ebec9ffc727c2dc852", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_mobile_tunnel.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eab5932c921205207a69fcd8ed09a871893cbfc6066d1d3e5021976e151207b8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_icap_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ede0e02d3a3195c0a396fd09dc2c0b162a736747ec8f2cffaad2640d49b09516", + "format": 1 + }, + { + "name": "plugins/modules/fortios_endpoint_control_forticlient_registration_sync.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4e018ed42e07c4b616defd4078a0b98a4a3f1724cb1ebe6648f67ca6dd385d4d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_icon.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6c1774483acbc21fa40c26d9456a6cabe3252f3c7ac15b2776f01a81dbfc0985", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_certificate_crl.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "635bfb71edc3dd889ef18ad6b222d44af2de8438ed3c3713320d9bc3102be6d2", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_csf.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "66b95aadb6664ebc6561f93bd0199c54d624c9fba6907f50831fb9192b47e2cc", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_url_match.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "be9b2b0973557062aecd3dc68fa48d46c5130f54e2158a05667d35c153515b5c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_authentication_scheme.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5d1b966352f3109cc6b63defd6a54c87d65dc136e84c4b35c9af34ecebec533f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_ips_global.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "06df507e91dbd71f4991a0075acab333f00ba2e3bd33e55b27788ecc73047cd8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_qos_ip_dscp_map.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8dd0259464ec6ca8607e1a33cc84917054890e70a18cd581823abb3c8133a3c5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_icap_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ed4cbca3046c447d1e3dc227f7ae3b5b11807c6e1c26221c92ebebf7c9562f13", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_key_chain.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b9e5f2cc5213713e5855a899a1badeb05d34751b9db8464b99ab069f15218bed", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_wisp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7d8aad71e9f9612359e09053c6e097121a365ac9b5f72c05ad86e54be9084f5b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ocvpn.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6ea6589add71f1277bcd883056db5a597a454fcbac1a261a3006c198aebb5400", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_global.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c8170285347861bc5fc8ddb1ee593119ac049db80bb6cb8b8ebea7320b8f3c83", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_utm.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0f1a69ab504cb622acb528e5aebea36868c8fff4222f66b0d2e5e6faf5dab202", + "format": 1 + }, + { + "name": "plugins/modules/fortios_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b0abc77d5c74fba3bea8592a4cd624646d952688d94516577017d831f6043d56", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_virtual_wire_pair.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "182f0862736c943fa8f88acdd9521804b487924707ec1b3b56b8abbbcba8d3c6", + "format": 1 + }, + { + "name": "plugins/modules/fortios_spamfilter_bword.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ea4af3224a029e32f5158354e912462a3c406c0ff74d1b6aac3467a427a1cd85", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_concentrator.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "afc824cbeb03e553e8436f5c2de9c46f486fb3360f5be3ac245ff01a5f1e9719", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_probe_response.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6f428261d5418441b48792802946b6355c05d6f1311a39c943b9f11271e85d14", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_lldp_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "57279456b3bc7963a63be16f336c28094c5bd37e5b4a60789026070f44160b93", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_manualkey_interface.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "acbd68223113c588d5f690ef283dd3d4419def606fd1a114945619ff312a28e3", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_fortiguard_setting.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e6a8c0734710d2fd8859960b886d0a9c4b386ecedc11840811bd6f230adead95", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_link_monitor.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8e571810a0a29251950c88ff956439ee482cc27f1289ee50a7b96beebd6a4e7d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_vdom_link.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e13577dbd57a96f44515a0bcce42905326462810bf95bddb5110178833b1680e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_certificate_ocsp_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "45b3cd6e51f33101a98b3c7741f77302c161f7f0783d16d3463da4811795dd68", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b8fade3c6319920875d09f684ca855bef944a4dcb05f0f404b2251e92afc19", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "32599cec5c0fd7a5309c8ac61e894d746e709d0b09aa529b5443541819be6bfb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_radius.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bad58a1c61c189632528689c5ee9165612a52913bedb3398bf6bfef674ce42a7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_hs_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e9513c5507cfeb95cf5f5ea12b23e2d382a7dd83d353cad6da7703b659d8cd20", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_internet_service_custom_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "baa83d79f8968855e800b6845a785c3c5c5873e147da862c8bbcb32ec0542f82", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_bonjour_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f3b8fee21ed59fe4f4f2b98d9ed4885de7c731935098fd4b0f6b9dc27e161e81", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_wildcard_fqdn_custom.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2269f23316e7c8a3898365b9b231d3bfcbada74f8cdd469b937cd51e0f81833f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_qos_queue_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "67145e5960e0a97a49d057467d14f67eab09072f89d52c38a0772919810d317c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_shaper_per_ip_shaper.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "094ca19e43e702c76e91e98daa63a6e89b0fef430d9f974ddd9f98e97a24ec8c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_vap_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8f9f289819229e44633de64b0b33016659e3c937daaaf88d0c983074f7f43b7a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vipgrp64.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3df5f16599f6ece3972037999882fb017f06febb80cebe4c94933e5cfeb36be5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7e7ce1fde184595819af62d7d518e67a32a25c8c0f9676e9588fad471b685c9d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_virtual_switch.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6d9f074e3eaea0929904f7e03f6a0ab032f0ed60aad66acd9df857f3eb46410a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_report_dataset.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3dd9877818237cc6777a815c0c71940ee0a206bb20f568a52d14d31949188818", + "format": 1 + }, + { + "name": "plugins/modules/fortios_vpn_ipsec_forticlient.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c733df942d27635b3c139b2db26a92982bee05a0f028b9281b08549ad0444f2e", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wanopt_content_delivery_network_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5a45aee8c9dbe2a4f74d790e1450af0a0e630e732359d0a71ab0c41dc03e87a8", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_managed_switch.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "783f14cc066ba2274d1e4c3c4333101be0777d6039a5e31fee5d4a5d2b902e12", + "format": 1 + }, + { + "name": "plugins/modules/fortios_user_adgrp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "321d96bcf9bd18fa258e7c1d474e1359fba002f1f850af5eee67f051e2237c71", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_local_in_policy6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5785b888e02268a602bf19dadd6204cb9b10a1a7c1f928277f538698c2220ed4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_global.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d274301ef94928027310d226bca9022f600f9d74e8f7a3c3e95a1b2fd6accd24", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_dns.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4a19c3d883badc1669e2ea75f4243ae0d5de9958a0a928d7495b5f237302a218", + "format": 1 + }, + { + "name": "plugins/modules/fortios_log_threat_weight.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "395f3089896340e4616dda96ed48313d9d7831a91ee79fd4228ffb73e8b83dde", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_fortisandbox.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c008ca03af5aee70f315cc396bcee517cb8a59c77627a2ade9993db57fcc761a", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_cluster_sync.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e9103e433cf3bd424e1cdfe995f27db90611b0580cb8743be1549f7f1ffd8b3c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_report_style.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "abea7debdb4a9924a7dfc28e5c142a9a499b8b2ebdb5f7de65a7ebb77f72a391", + "format": 1 + }, + { + "name": "plugins/modules/fortios_wireless_controller_hotspot20_anqp_venue_name.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2cd1940e1a1652d0d36622b2f6fe19380eb31dafba7e92c01d37b47cdd7d7d56", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_addrgrp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7cbd00e97ec2f4a7f8870dd07b3ba3db7c6a43031cc19697b9a432339340506f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ntp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "11c7159a87f8fc2a6d27d11255d9ffd49e43dddcb768af1f9432fe16abbe7115", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_admin.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3179ea1efe77d710808c1977fd9b7ec34351e2b5ab67049b847b590e008aeb2b", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_local_in_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "544c257f6d97ef752622ad406f037bce4746bed1c230eccd6d4decd1cddb8c0f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_switch_controller_switch_log.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f9c500cf082e6c933070b06f4e28e1e0bf0e0987b59395ca460761d7d1d95c3c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_static6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d675fcd99a5634cfd195349839a14957e3f8ffa4668ec5c42832b0bbccc922a4", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_vip64.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6091326f81f2d2dee4feae9766c636258e6ba9b78a6c6f76584b4a9eda5f385d", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_auth.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "628acaa12f4a03ec88dcdca615cf88f06528c8c3b6864e1614fdff989c90ce8c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_prefix_list.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e840debba9acaebe24cbecbddd2dab739b8a4f99b2bccfd3bae53b4debfe16e5", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_api_user.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "253b8575d08954a5203d6a43c8a09b304a53b9d9dbc6285e3d62acef582d1efd", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_password_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f7a3422499cfe1c2d1ad5ef4100f0922088b59736a083a906075f769b49385eb", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_dhcp_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "233591efb62d33fc7533a4137da5d90b5f164a37d887f54703e064b0fa51ddd7", + "format": 1 + }, + { + "name": "plugins/modules/fortios_web_proxy_forward_server_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6a409f11f50a8ba3b8a05942c45a2df4039503ffcbcfa1807a0a4c45943691b2", + "format": 1 + }, + { + "name": "plugins/modules/fortios_router_bfd.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dc5a2166dada20dc65fbbae5fde889ee2d919b95973d30c913974f72d7398bdd", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_search_engine.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "15190813c8596ec3ca9d3585600f83c726c6a2e836665d9edeca8a08fceb9218", + "format": 1 + }, + { + "name": "plugins/modules/fortios_dlp_filepattern.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ea925332416e47357734f34f8b6fc98b98beed1e61cd5fd64da76c5a2909cf7f", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7e759ceb420e4374c399f900d369b788cbae99ce5d091804751368d9f0ac2715", + "format": 1 + }, + { + "name": "plugins/modules/fortios_firewall_service_category.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "714c622f0383e9477b2f0a9c23d72f1067f72f329f8c73c7c7ded8390fe29a3c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_custom_language.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0e270259e2f64406b08ca6d084c4226e2f51ff100ebde892515069609d2e7c0c", + "format": 1 + }, + { + "name": "plugins/modules/fortios_webfilter_ftgd_local_cat.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cb68629725f49c2f48fd92d6e18d9f5159cb26d0f60334b4b6b2f5a576d37829", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_ips_urlfilter_dns.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1b4861a1bcb8598be9b80e3134b24910252049425ee705b59eee0bda6df25f83", + "format": 1 + }, + { + "name": "plugins/modules/fortios_system_replacemsg_sslvpn.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b8301d740157b07311bed0bec6409826b19ab0e1532e22b4d276169980e070b7", + "format": 1 + }, + { + "name": "plugins/doc_fragments", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/doc_fragments/fortios.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8fba77d426b98ec604f7780406aad955de37714418d0db9fde33ad6beebea6ef", + "format": 1 + }, + { + "name": "plugins/httpapi", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/httpapi/fortios.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d39c96f7d1d50d5399055007ced69150d962af13f96a6879652835d4b3776e64", + "format": 1 + } + ], + "format": 1 +} \ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/MANIFEST.json b/collections-debian-merged/ansible_collections/fortinet/fortios/MANIFEST.json new file mode 100644 index 00000000..4018ae7f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/MANIFEST.json @@ -0,0 +1,43 @@ +{ + "collection_info": { + "namespace": "fortinet", + "name": "fortios", + "version": "1.1.8", + "authors": [ + "Frank Shen (@frankshen01)", + "Hongbin Lu (@fgtdev-hblu)", + "Link Zheng (@chillancezen)", + "Jie Xue (@JieX19)", + "Miguel Angel Munoz (@mamunozgonzalez)", + "Nicolas Thomas (@thomnico)" + ], + "readme": "README.md", + "tags": [ + "fortios", + "networking", + "firewall", + "security", + "fortinet" + ], + "description": "A collection of Ansible Modules for FortiOS v6.0.0", + "license": [ + "MIT" + ], + "license_file": null, + "dependencies": { + "ansible.netcommon": "*" + }, + "repository": "https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/tree/fos_v6.0.0/galaxy_1.1.8", + "documentation": "https://ansible-galaxy-fortios-docs.readthedocs.io/en/galaxy-1.1.8", + "homepage": "https://www.fortinet.com", + "issues": "https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues" + }, + "file_manifest_file": { + "name": "FILES.json", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0428da85e9ad687dfb606457d2ca45e24506db8ac6fea6370a4222c7e19e59d5", + "format": 1 + }, + "format": 1 +} \ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/README.md b/collections-debian-merged/ansible_collections/fortinet/fortios/README.md new file mode 100644 index 00000000..8b2ddc95 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/README.md @@ -0,0 +1,518 @@ +![Fortinet logo|](https://upload.wikimedia.org/wikipedia/commons/thumb/6/62/Fortinet_logo.svg/320px-Fortinet_logo.svg.png) + +## FortiOS Ansible Collection +*** + +The collection is the FortiOS Ansible Automation project. It includes the modules that are able to configure FortiOS and FortiGate by allowing the user to configure firewall features. + +## Installation +This collection is distributed via [ansible-galaxy](https://galaxy.ansible.com/), the installation steps are as follows: + +1. Install or upgrade to Ansible 2.9+ +2. Download this collection from galaxy: `ansible-galaxy collection install fortinet.fortios:1.1.8` + +## Requirements +* Ansible 2.9+ is required to support the newer Ansible Collections format + +## Supported FortiOS Versions +| FOS version|Galaxy Version| Release date|Path to Install | +|----------|:-------------:|:-------------:|:------:| +|6.0.0|1.0.13 |2020/5/26|`ansible-galaxy collection install fortinet.fortios:1.0.13`| +|6.0.0|1.1.2 |2020/12/4|`ansible-galaxy collection install fortinet.fortios:1.1.2`| +|6.0.0|1.1.5 |2020/12/7|`ansible-galaxy collection install fortinet.fortios:1.1.5`| +|6.0.0|1.1.8 `latest`|2020/12/21|`ansible-galaxy collection install fortinet.fortios:1.1.8`| +|6.2.0|1.0.10 |2020/5/6|`ansible-galaxy collection install fortinet.fortios:1.0.10`| +|6.2.0|1.1.0 |2020/12/4|`ansible-galaxy collection install fortinet.fortios:1.1.0`| +|6.2.0|1.1.3 |2020/12/7|`ansible-galaxy collection install fortinet.fortios:1.1.3`| +|6.2.0|1.1.6 `latest`|2020/12/21|`ansible-galaxy collection install fortinet.fortios:1.1.6`| +|6.4.0|1.0.11 |2020/5/11|`ansible-galaxy collection install fortinet.fortios:1.0.11`| +|6.4.0|1.1.1 |2020/12/4|`ansible-galaxy collection install fortinet.fortios:1.1.1`| +|6.4.0|1.1.4 |2020/12/7|`ansible-galaxy collection install fortinet.fortios:1.1.4`| +|6.4.0|1.1.7 `latest`|2020/12/21|`ansible-galaxy collection install fortinet.fortios:1.1.7`| + +__Note__: Use `-f` option (i.e. `ansible-galaxy collection install -f fortinet.fortios:x.x.x`) to renew your existing local installation. + + +## Modules +The collection provides the following modules: + + +* `fortios_alertemail_setting` Configure alert email settings in Fortinet's FortiOS and FortiGate. +* `fortios_antivirus_heuristic` Configure global heuristic options in Fortinet's FortiOS and FortiGate. +* `fortios_antivirus_profile` Configure AntiVirus profiles in Fortinet's FortiOS and FortiGate. +* `fortios_antivirus_quarantine` Configure quarantine options in Fortinet's FortiOS and FortiGate. +* `fortios_antivirus_settings` Configure AntiVirus settings in Fortinet's FortiOS and FortiGate. +* `fortios_application_custom` Configure custom application signatures in Fortinet's FortiOS and FortiGate. +* `fortios_application_group` Configure firewall application groups in Fortinet's FortiOS and FortiGate. +* `fortios_application_list` Configure application control lists in Fortinet's FortiOS and FortiGate. +* `fortios_application_name` Configure application signatures in Fortinet's FortiOS and FortiGate. +* `fortios_application_rule_settings` Configure application rule settings in Fortinet's FortiOS and FortiGate. +* `fortios_authentication_rule` Configure Authentication Rules in Fortinet's FortiOS and FortiGate. +* `fortios_authentication_scheme` Configure Authentication Schemes in Fortinet's FortiOS and FortiGate. +* `fortios_authentication_setting` Configure authentication setting in Fortinet's FortiOS and FortiGate. +* `fortios_certificate_ca` CA certificate in Fortinet's FortiOS and FortiGate. +* `fortios_certificate_crl` Certificate Revocation List as a PEM file in Fortinet's FortiOS and FortiGate. +* `fortios_certificate_local` Local keys and certificates in Fortinet's FortiOS and FortiGate. +* `fortios_configuration_fact` Retrieve Facts of FortiOS Configurable Objects. +* `fortios_dlp_filepattern` Configure file patterns used by DLP blocking in Fortinet's FortiOS and FortiGate. +* `fortios_dlp_fp_doc_source` Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints in Fortinet's FortiOS and FortiGate. +* `fortios_dlp_fp_sensitivity` Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet's FortiOS and FortiGate. +* `fortios_dlp_sensor` Configure DLP sensors in Fortinet's FortiOS and FortiGate. +* `fortios_dlp_settings` Designate logical storage for DLP fingerprint database in Fortinet's FortiOS and FortiGate. +* `fortios_dnsfilter_domain_filter` Configure DNS domain filters in Fortinet's FortiOS and FortiGate. +* `fortios_dnsfilter_profile` Configure DNS domain filter profiles in Fortinet's FortiOS and FortiGate. +* `fortios_endpoint_control_client` Configure endpoint control client lists in Fortinet's FortiOS and FortiGate. +* `fortios_endpoint_control_forticlient_ems` Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate. +* `fortios_endpoint_control_forticlient_registration_sync` Configure FortiClient registration synchronization settings in Fortinet's FortiOS and FortiGate. +* `fortios_endpoint_control_profile` Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate. +* `fortios_endpoint_control_registered_forticlient` Registered FortiClient list in Fortinet's FortiOS and FortiGate. +* `fortios_endpoint_control_settings` Configure endpoint control settings in Fortinet's FortiOS and FortiGate. +* `fortios_extender_controller_extender` Extender controller configuration in Fortinet's FortiOS and FortiGate. +* `fortios_facts` Get facts about fortios devices (about to be deprecated). +* `fortios_firewall_address6_template` Configure IPv6 address templates in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_address6` Configure IPv6 firewall addresses in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_address` Configure IPv4 addresses in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_addrgrp6` Configure IPv6 address groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_addrgrp` Configure IPv4 address groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_auth_portal` Configure firewall authentication portals in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_central_snat_map` Configure central SNAT policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_dnstranslation` Configure DNS translation in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_dos_policy6` Configure IPv6 DoS policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_dos_policy` Configure IPv4 DoS policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_identity_based_route` Configure identity based routing in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_interface_policy6` Configure IPv6 interface policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_interface_policy` Configure IPv4 interface policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_internet_service_custom_group` Configure custom Internet Service group in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_internet_service_custom` Configure custom Internet Services in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_internet_service_group` Configure group of Internet Service in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_internet_service` Show Internet Service application in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ip_translation` Configure firewall IP-translation in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ipmacbinding_setting` Configure IP to MAC binding settings in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ipmacbinding_table` Configure IP to MAC address pairs in the IP/MAC binding table in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ippool6` Configure IPv6 IP pools in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ippool` Configure IPv4 IP pools in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ipv6_eh_filter` Configure IPv6 extension header filter in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ldb_monitor` Configure server load balancing health monitors in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_local_in_policy6` Configure user defined IPv6 local-in policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_local_in_policy` Configure user defined IPv4 local-in policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_multicast_address6` Configure IPv6 multicast address in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_multicast_address` Configure multicast addresses in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_multicast_policy6` Configure IPv6 multicast NAT policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_multicast_policy` Configure multicast NAT policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_policy46` Configure IPv4 to IPv6 policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_policy64` Configure IPv6 to IPv4 policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_policy6` Configure IPv6 policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_policy` Configure IPv4 policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_profile_group` Configure profile groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_profile_protocol_options` Configure protocol options in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_proxy_address` Web proxy address configuration in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_proxy_addrgrp` Web proxy address group configuration in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_proxy_policy` Configure proxy policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_schedule_group` Schedule group configuration in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_schedule_onetime` Onetime schedule configuration in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_schedule_recurring` Recurring schedule configuration in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_service_category` Configure service categories in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_service_custom` Configure custom services in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_service_group` Configure service groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_shaper_per_ip_shaper` Configure per-IP traffic shaper in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_shaper_traffic_shaper` Configure shared traffic shaper in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_shaping_policy` Configure shaping policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_shaping_profile` Configure shaping profiles in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_sniffer` Configure sniffer in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ssh_host_key` SSH proxy host public keys in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ssh_local_ca` SSH proxy local CA in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ssh_local_key` SSH proxy local keys in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ssh_setting` SSH proxy settings in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ssl_server` Configure SSL servers in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ssl_setting` SSL proxy settings in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ssl_ssh_profile` Configure SSL/SSH protocol options in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_ttl_policy` Configure TTL policies in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vip46` Configure IPv4 to IPv6 virtual IPs in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vip64` Configure IPv6 to IPv4 virtual IPs in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vip6` Configure virtual IP for IPv6 in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vip` Configure virtual IP for IPv4 in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vipgrp46` Configure IPv4 to IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vipgrp64` Configure IPv6 to IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vipgrp6` Configure IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_vipgrp` Configure IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_wildcard_fqdn_custom` Config global/VDOM Wildcard FQDN address in Fortinet's FortiOS and FortiGate. +* `fortios_firewall_wildcard_fqdn_group` Config global Wildcard FQDN address groups in Fortinet's FortiOS and FortiGate. +* `fortios_ftp_proxy_explicit` Configure explicit FTP proxy settings in Fortinet's FortiOS and FortiGate. +* `fortios_icap_profile` Configure ICAP profiles in Fortinet's FortiOS and FortiGate. +* `fortios_icap_server` Configure ICAP servers in Fortinet's FortiOS and FortiGate. +* `fortios_ips_custom` Configure IPS custom signature in Fortinet's FortiOS and FortiGate. +* `fortios_ips_decoder` Configure IPS decoder in Fortinet's FortiOS and FortiGate. +* `fortios_ips_global` Configure IPS global parameter in Fortinet's FortiOS and FortiGate. +* `fortios_ips_rule_settings` Configure IPS rule setting in Fortinet's FortiOS and FortiGate. +* `fortios_ips_rule` Configure IPS rules in Fortinet's FortiOS and FortiGate. +* `fortios_ips_sensor` Configure IPS sensor in Fortinet's FortiOS and FortiGate. +* `fortios_ips_settings` Configure IPS VDOM parameter in Fortinet's FortiOS and FortiGate. +* `fortios_log_custom_field` Configure custom log fields in Fortinet's FortiOS and FortiGate. +* `fortios_log_disk_filter` Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in Fortinet's FortiOS and FortiGate. +* `fortios_log_disk_setting` Settings for local disk logging in Fortinet's FortiOS and FortiGate. +* `fortios_log_eventfilter` Configure log event filters in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer2_filter` Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer2_setting` Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer3_filter` Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer3_setting` Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer_filter` Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer_override_filter` Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer_override_setting` Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortianalyzer_setting` Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortiguard_filter` Filters for FortiCloud in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortiguard_override_filter` Override filters for FortiCloud in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortiguard_override_setting` Override global FortiCloud logging settings for this VDOM in Fortinet's FortiOS and FortiGate. +* `fortios_log_fortiguard_setting` Configure logging to FortiCloud in Fortinet's FortiOS and FortiGate. +* `fortios_log_gui_display` Configure how log messages are displayed on the GUI in Fortinet's FortiOS and FortiGate. +* `fortios_log_memory_filter` Filters for memory buffer in Fortinet's FortiOS and FortiGate. +* `fortios_log_memory_global_setting` Global settings for memory logging in Fortinet's FortiOS and FortiGate. +* `fortios_log_memory_setting` Settings for memory buffer in Fortinet's FortiOS and FortiGate. +* `fortios_log_null_device_filter` Filters for null device logging in Fortinet's FortiOS and FortiGate. +* `fortios_log_null_device_setting` Settings for null device logging in Fortinet's FortiOS and FortiGate. +* `fortios_log_setting` Configure general log settings in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd2_filter` Filters for remote system server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd2_setting` Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd3_filter` Filters for remote system server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd3_setting` Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd4_filter` Filters for remote system server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd4_setting` Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd_filter` Filters for remote system server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd_override_filter` Override filters for remote system server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd_override_setting` Override settings for remote syslog server in Fortinet's FortiOS and FortiGate. +* `fortios_log_syslogd_setting` Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +* `fortios_log_threat_weight` Configure threat weight settings in Fortinet's FortiOS and FortiGate. +* `fortios_log_webtrends_filter` Filters for WebTrends in Fortinet's FortiOS and FortiGate. +* `fortios_log_webtrends_setting` Settings for WebTrends in Fortinet's FortiOS and FortiGate. +* `fortios_registration_forticare` Add a FortiCare license in Fortinet's FortiOS and FortiGate. +* `fortios_registration_vdom` Add a VDOM license in Fortinet's FortiOS and FortiGate. +* `fortios_report_chart` Report chart widget configuration in Fortinet's FortiOS and FortiGate. +* `fortios_report_dataset` Report dataset configuration in Fortinet's FortiOS and FortiGate. +* `fortios_report_layout` Report layout configuration in Fortinet's FortiOS and FortiGate. +* `fortios_report_setting` Report setting configuration in Fortinet's FortiOS and FortiGate. +* `fortios_report_style` Report style configuration in Fortinet's FortiOS and FortiGate. +* `fortios_report_theme` Report themes configuratio in Fortinet's FortiOS and FortiGate. +* `fortios_router_access_list6` Configure IPv6 access lists in Fortinet's FortiOS and FortiGate. +* `fortios_router_access_list` Configure access lists in Fortinet's FortiOS and FortiGate. +* `fortios_router_aspath_list` Configure Autonomous System (AS) path lists in Fortinet's FortiOS and FortiGate. +* `fortios_router_auth_path` Configure authentication based routing in Fortinet's FortiOS and FortiGate. +* `fortios_router_bfd6` Configure IPv6 BFD in Fortinet's FortiOS and FortiGate. +* `fortios_router_bfd` Configure BFD in Fortinet's FortiOS and FortiGate. +* `fortios_router_bgp` Configure BGP in Fortinet's FortiOS and FortiGate. +* `fortios_router_community_list` Configure community lists in Fortinet's FortiOS and FortiGate. +* `fortios_router_isis` Configure IS-IS in Fortinet's FortiOS and FortiGate. +* `fortios_router_key_chain` Configure key-chain in Fortinet's FortiOS and FortiGate. +* `fortios_router_multicast6` Configure IPv6 multicast in Fortinet's FortiOS and FortiGate. +* `fortios_router_multicast_flow` Configure multicast-flow in Fortinet's FortiOS and FortiGate. +* `fortios_router_multicast` Configure router multicast in Fortinet's FortiOS and FortiGate. +* `fortios_router_ospf6` Configure IPv6 OSPF in Fortinet's FortiOS and FortiGate. +* `fortios_router_ospf` Configure OSPF in Fortinet's FortiOS and FortiGate. +* `fortios_router_policy6` Configure IPv6 routing policies in Fortinet's FortiOS and FortiGate. +* `fortios_router_policy` Configure IPv4 routing policies in Fortinet's FortiOS and FortiGate. +* `fortios_router_prefix_list6` Configure IPv6 prefix lists in Fortinet's FortiOS and FortiGate. +* `fortios_router_prefix_list` Configure IPv4 prefix lists in Fortinet's FortiOS and FortiGate. +* `fortios_router_rip` Configure RIP in Fortinet's FortiOS and FortiGate. +* `fortios_router_ripng` Configure RIPng in Fortinet's FortiOS and FortiGate. +* `fortios_router_route_map` Configure route maps in Fortinet's FortiOS and FortiGate. +* `fortios_router_setting` Configure router settings in Fortinet's FortiOS and FortiGate. +* `fortios_router_static6` Configure IPv6 static routing tables in Fortinet's FortiOS and FortiGate. +* `fortios_router_static` Configure IPv4 static routing tables in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_bwl` Configure anti-spam black/white list in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_bword` Configure AntiSpam banned word list in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_dnsbl` Configure AntiSpam DNSBL/ORBL in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_fortishield` Configure FortiGuard - AntiSpam in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_iptrust` Configure AntiSpam IP trust in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_mheader` Configure AntiSpam MIME header in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_options` Configure AntiSpam options in Fortinet's FortiOS and FortiGate. +* `fortios_spamfilter_profile` Configure AntiSpam profiles in Fortinet's FortiOS and FortiGate. +* `fortios_ssh_filter_profile` SSH filter profile in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_802_1x_settings` Configure global 802.1X settings in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_custom_command` Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_global` Configure FortiSwitch global settings in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_igmp_snooping` Configure FortiSwitch IGMP snooping global settings in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_lldp_profile` Configure FortiSwitch LLDP profiles in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_lldp_settings` Configure FortiSwitch LLDP settings in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_mac_sync_settings` Configure global MAC synchronization settings in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_managed_switch` Configure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_network_monitor_settings` Configure network monitor settings in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_qos_dot1p_map` Configure FortiSwitch QoS 802.1p in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_qos_ip_dscp_map` Configure FortiSwitch QoS IP precedence/DSCP in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_qos_qos_policy` Configure FortiSwitch QoS policy in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_qos_queue_policy` Configure FortiSwitch QoS egress queue policy in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_quarantine` Configure FortiSwitch quarantine support in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_security_policy_802_1x` Configure 802.1x MAC Authentication Bypass (MAB) policies in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_security_policy_captive_portal` Names of VLANs that use captive portal authentication in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_sflow` Configure FortiSwitch sFlow in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_storm_control` Configure FortiSwitch storm control in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_stp_settings` Configure FortiSwitch spanning tree protocol (STP) in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_switch_group` Configure FortiSwitch switch groups in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_switch_interface_tag` Configure switch object tags in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_switch_log` Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log) in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_switch_profile` Configure FortiSwitch switch profile in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_system` Configure system-wide switch controller settings in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_virtual_port_pool` Configure virtual pool in Fortinet's FortiOS and FortiGate. +* `fortios_switch_controller_vlan` Configure VLANs for switch controller in Fortinet's FortiOS and FortiGate. +* `fortios_system_3g_modem_custom` 3G MODEM custom in Fortinet's FortiOS and FortiGate. +* `fortios_system_accprofile` Configure access profiles for system administrators in Fortinet's FortiOS and FortiGate. +* `fortios_system_admin` Configure admin users in Fortinet's FortiOS and FortiGate. +* `fortios_system_affinity_interrupt` Configure interrupt affinity in Fortinet's FortiOS and FortiGate. +* `fortios_system_affinity_packet_redistribution` Configure packet redistribution in Fortinet's FortiOS and FortiGate. +* `fortios_system_alarm` Configure alarm in Fortinet's FortiOS and FortiGate. +* `fortios_system_alias` Configure alias command in Fortinet's FortiOS and FortiGate. +* `fortios_system_api_user` Configure API users in Fortinet's FortiOS and FortiGate. +* `fortios_system_arp_table` Configure ARP table in Fortinet's FortiOS and FortiGate. +* `fortios_system_auto_install` Configure USB auto installation in Fortinet's FortiOS and FortiGate. +* `fortios_system_auto_script` Configure auto script in Fortinet's FortiOS and FortiGate. +* `fortios_system_automation_action` Action for automation stitches in Fortinet's FortiOS and FortiGate. +* `fortios_system_automation_destination` Automation destinations in Fortinet's FortiOS and FortiGate. +* `fortios_system_automation_stitch` Automation stitches in Fortinet's FortiOS and FortiGate. +* `fortios_system_automation_trigger` Trigger for automation stitches in Fortinet's FortiOS and FortiGate. +* `fortios_system_autoupdate_push_update` Configure push updates in Fortinet's FortiOS and FortiGate. +* `fortios_system_autoupdate_schedule` Configure update schedule in Fortinet's FortiOS and FortiGate. +* `fortios_system_autoupdate_tunneling` Configure web proxy tunnelling for the FDN in Fortinet's FortiOS and FortiGate. +* `fortios_system_central_management` Configure central management in Fortinet's FortiOS and FortiGate. +* `fortios_system_cluster_sync` Configure FortiGate Session Life Support Protocol (FGSP) session synchronization in Fortinet's FortiOS and FortiGate. +* `fortios_system_config_backup_restore` Backup/restore fortigate configuration +* `fortios_system_console` Configure console in Fortinet's FortiOS and FortiGate. +* `fortios_system_csf` Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet's FortiOS and FortiGate. +* `fortios_system_custom_language` Configure custom languages in Fortinet's FortiOS and FortiGate. +* `fortios_system_ddns` Configure DDNS in Fortinet's FortiOS and FortiGate. +* `fortios_system_dedicated_mgmt` Configure dedicated management in Fortinet's FortiOS and FortiGate. +* `fortios_system_dhcp6_server` Configure DHCPv6 servers in Fortinet's FortiOS and FortiGate. +* `fortios_system_dhcp_server` Configure DHCP servers in Fortinet's FortiOS and FortiGate. +* `fortios_system_dns_database` Configure DNS databases in Fortinet's FortiOS and FortiGate. +* `fortios_system_dns_server` Configure DNS servers in Fortinet's FortiOS and FortiGate. +* `fortios_system_dns` Configure DNS in Fortinet's FortiOS and FortiGate. +* `fortios_system_dscp_based_priority` Configure DSCP based priority table in Fortinet's FortiOS and FortiGate. +* `fortios_system_email_server` Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication features in Fortinet's FortiOS and FortiGate. +* `fortios_system_external_resource` Configure external resource in Fortinet's FortiOS and FortiGate. +* `fortios_system_fips_cc` Configure FIPS-CC mode in Fortinet's FortiOS and FortiGate. +* `fortios_system_fm` Configure FM in Fortinet's FortiOS and FortiGate. +* `fortios_system_fortiguard` Configure FortiGuard services in Fortinet's FortiOS and FortiGate. +* `fortios_system_fortimanager` Configure FortiManager in Fortinet's FortiOS and FortiGate. +* `fortios_system_fortisandbox` Configure FortiSandbox in Fortinet's FortiOS and FortiGate. +* `fortios_system_fsso_polling` Configure Fortinet Single Sign On (FSSO) server in Fortinet's FortiOS and FortiGate. +* `fortios_system_ftm_push` Configure FortiToken Mobile push services in Fortinet's FortiOS and FortiGate. +* `fortios_system_geoip_override` Configure geographical location mapping for IP address(es) to override mappings from FortiGuard in Fortinet's FortiOS and FortiGate. +* `fortios_system_global` Configure global attributes in Fortinet's FortiOS and FortiGate. +* `fortios_system_gre_tunnel` Configure GRE tunnel in Fortinet's FortiOS and FortiGate. +* `fortios_system_ha_monitor` Configure HA monitor in Fortinet's FortiOS and FortiGate. +* `fortios_system_ha` Configure HA in Fortinet's FortiOS and FortiGate. +* `fortios_system_interface` Configure interfaces in Fortinet's FortiOS and FortiGate. +* `fortios_system_ipip_tunnel` Configure IP in IP Tunneling in Fortinet's FortiOS and FortiGate. +* `fortios_system_ips_urlfilter_dns6` Configure IPS URL filter IPv6 DNS servers in Fortinet's FortiOS and FortiGate. +* `fortios_system_ips_urlfilter_dns` Configure IPS URL filter DNS servers in Fortinet's FortiOS and FortiGate. +* `fortios_system_ipv6_neighbor_cache` Configure IPv6 neighbor cache table in Fortinet's FortiOS and FortiGate. +* `fortios_system_ipv6_tunnel` Configure IPv6/IPv4 in IPv6 tunnel in Fortinet's FortiOS and FortiGate. +* `fortios_system_link_monitor` Configure Link Health Monitor in Fortinet's FortiOS and FortiGate. +* `fortios_system_lte_modem` Configure USB LTE/WIMAX devices in Fortinet's FortiOS and FortiGate. +* `fortios_system_mac_address_table` Configure MAC address tables in Fortinet's FortiOS and FortiGate. +* `fortios_system_management_tunnel` Management tunnel configuration in Fortinet's FortiOS and FortiGate. +* `fortios_system_mobile_tunnel` Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177 in Fortinet's FortiOS and FortiGate. +* `fortios_system_modem` Configure MODEM in Fortinet's FortiOS and FortiGate. +* `fortios_system_nat64` Configure NAT64 in Fortinet's FortiOS and FortiGate. +* `fortios_system_netflow` Configure NetFlow in Fortinet's FortiOS and FortiGate. +* `fortios_system_network_visibility` Configure network visibility settings in Fortinet's FortiOS and FortiGate. +* `fortios_system_ntp` Configure system NTP information in Fortinet's FortiOS and FortiGate. +* `fortios_system_object_tagging` Configure object tagging in Fortinet's FortiOS and FortiGate. +* `fortios_system_password_policy_guest_admin` Configure the password policy for guest administrators in Fortinet's FortiOS and FortiGate. +* `fortios_system_password_policy` Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys in Fortinet's FortiOS and FortiGate. +* `fortios_system_physical_switch` Configure physical switches in Fortinet's FortiOS and FortiGate. +* `fortios_system_pppoe_interface` Configure the PPPoE interfaces in Fortinet's FortiOS and FortiGate. +* `fortios_system_probe_response` Configure system probe response in Fortinet's FortiOS and FortiGate. +* `fortios_system_proxy_arp` Configure proxy-ARP in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_admin` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_alertmail` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_auth` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_device_detection_portal` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_ec` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_fortiguard_wf` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_ftp` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_group` Configure replacement message groups in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_http` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_icap` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_image` Configure replacement message images in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_mail` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_nac_quar` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_nntp` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_spam` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_sslvpn` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_traffic_quota` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_utm` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_replacemsg_webproxy` Replacement messages in Fortinet's FortiOS and FortiGate. +* `fortios_system_resource_limits` Configure resource limits in Fortinet's FortiOS and FortiGate. +* `fortios_system_sdn_connector` Configure connection to SDN Connector in Fortinet's FortiOS and FortiGate. +* `fortios_system_session_helper` Configure session helper in Fortinet's FortiOS and FortiGate. +* `fortios_system_session_ttl` Configure global session TTL timers for this FortiGate in Fortinet's FortiOS and FortiGate. +* `fortios_system_settings` Configure VDOM settings in Fortinet's FortiOS and FortiGate. +* `fortios_system_sflow` Configure sFlow in Fortinet's FortiOS and FortiGate. +* `fortios_system_sit_tunnel` Configure IPv6 tunnel over IPv4 in Fortinet's FortiOS and FortiGate. +* `fortios_system_sms_server` Configure SMS server for sending SMS messages to support user authentication in Fortinet's FortiOS and FortiGate. +* `fortios_system_snmp_community` SNMP community configuration in Fortinet's FortiOS and FortiGate. +* `fortios_system_snmp_sysinfo` SNMP system info configuration in Fortinet's FortiOS and FortiGate. +* `fortios_system_snmp_user` SNMP user configuration in Fortinet's FortiOS and FortiGate. +* `fortios_system_storage` Configure logical storage in Fortinet's FortiOS and FortiGate. +* `fortios_system_stp` Configure Spanning Tree Protocol (STP) in Fortinet's FortiOS and FortiGate. +* `fortios_system_switch_interface` Configure software switch interfaces by grouping physical and WiFi interfaces in Fortinet's FortiOS and FortiGate. +* `fortios_system_tos_based_priority` Configure Type of Service (ToS) based priority table to set network traffic priorities in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom_dns` Configure DNS servers for a non-management VDOM in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom_exception` Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom_link` Configure VDOM links in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom_netflow` Configure NetFlow per VDOM in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom_property` Configure VDOM property in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom_radius_server` Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom_sflow` Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an sFlow collector in Fortinet's FortiOS and FortiGate. +* `fortios_system_vdom` Configure virtual domain in Fortinet's FortiOS and FortiGate. +* `fortios_system_virtual_switch` Configure virtual hardware switch interfaces in Fortinet's FortiOS and FortiGate. +* `fortios_system_virtual_wan_link` Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet's FortiOS and FortiGate. +* `fortios_system_virtual_wire_pair` Configure virtual wire pairs in Fortinet's FortiOS and FortiGate. +* `fortios_system_vmlicense` Update VM license using uploaded file. Reboots immediately if successful in Fortinet's FortiOS and FortiGate. +* `fortios_system_vxlan` Configure VXLAN devices in Fortinet's FortiOS and FortiGate. +* `fortios_system_wccp` Configure WCCP in Fortinet's FortiOS and FortiGate. +* `fortios_system_zone` Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in the zone in Fortinet's FortiOS and FortiGate. +* `fortios_user_adgrp` Configure FSSO groups in Fortinet's FortiOS and FortiGate. +* `fortios_user_device_access_list` Configure device access control lists in Fortinet's FortiOS and FortiGate. +* `fortios_user_device_category` Configure device categories in Fortinet's FortiOS and FortiGate. +* `fortios_user_device_group` Configure device groups in Fortinet's FortiOS and FortiGate. +* `fortios_user_device` Configure devices in Fortinet's FortiOS and FortiGate. +* `fortios_user_domain_controller` Configure domain controller entries in Fortinet's FortiOS and FortiGate. +* `fortios_user_fortitoken` Configure FortiToken in Fortinet's FortiOS and FortiGate. +* `fortios_user_fsso_polling` Configure FSSO active directory servers for polling mode in Fortinet's FortiOS and FortiGate. +* `fortios_user_fsso` Configure Fortinet Single Sign On (FSSO) agents in Fortinet's FortiOS and FortiGate. +* `fortios_user_group` Configure user groups in Fortinet's FortiOS and FortiGate. +* `fortios_user_krb_keytab` Configure Kerberos keytab entries in Fortinet's FortiOS and FortiGate. +* `fortios_user_ldap` Configure LDAP server entries in Fortinet's FortiOS and FortiGate. +* `fortios_user_local` Configure local users in Fortinet's FortiOS and FortiGate. +* `fortios_user_password_policy` Configure user password policy in Fortinet's FortiOS and FortiGate. +* `fortios_user_peer` Configure peer users in Fortinet's FortiOS and FortiGate. +* `fortios_user_peergrp` Configure peer groups in Fortinet's FortiOS and FortiGate. +* `fortios_user_pop3` POP3 server entry configuration in Fortinet's FortiOS and FortiGate. +* `fortios_user_quarantine` Configure quarantine support in Fortinet's FortiOS and FortiGate. +* `fortios_user_radius` Configure RADIUS server entries in Fortinet's FortiOS and FortiGate. +* `fortios_user_security_exempt_list` Configure security exemption list in Fortinet's FortiOS and FortiGate. +* `fortios_user_setting` Configure user authentication setting in Fortinet's FortiOS and FortiGate. +* `fortios_user_tacacsplus` Configure TACACS+ server entries in Fortinet's FortiOS and FortiGate. +* `fortios_voip_profile` Configure VoIP profiles in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_certificate_ca` CA certificate in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_certificate_crl` Certificate Revocation List as a PEM file in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_certificate_local` Local keys and certificates in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_certificate_ocsp_server` OCSP server configuration in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_certificate_remote` Remote certificate as a PEM file in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_certificate_setting` VPN certificate setting in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_concentrator` Concentrator configuration in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_forticlient` Configure FortiClient policy realm in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_manualkey_interface` Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_manualkey` Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_phase1_interface` Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_phase1` Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_phase2_interface` Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ipsec_phase2` Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_l2tp` Configure L2TP in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ocvpn` Configure One-Click VPN settings in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_pptp` Configure PPTP in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ssl_settings` Configure SSL VPN in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ssl_web_host_check_software` SSL-VPN host check software in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ssl_web_portal` Portal in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ssl_web_realm` Realm in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ssl_web_user_bookmark` Configure SSL VPN user bookmark in Fortinet's FortiOS and FortiGate. +* `fortios_vpn_ssl_web_user_group_bookmark` Configure SSL VPN user group bookmark in Fortinet's FortiOS and FortiGate. +* `fortios_waf_main_class` Hidden table for datasource in Fortinet's FortiOS and FortiGate. +* `fortios_waf_profile` Web application firewall configuration in Fortinet's FortiOS and FortiGate. +* `fortios_waf_signature` Hidden table for datasource in Fortinet's FortiOS and FortiGate. +* `fortios_waf_sub_class` Hidden table for datasource in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_auth_group` Configure WAN optimization authentication groups in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_cache_service` Designate cache-service for wan-optimization and webcache in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_content_delivery_network_rule` Configure WAN optimization content delivery network rules in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_peer` Configure WAN optimization peers in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_profile` Configure WAN optimization profiles in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_remote_storage` Configure a remote cache device as Web cache storage in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_settings` Configure WAN optimization settings in Fortinet's FortiOS and FortiGate. +* `fortios_wanopt_webcache` Configure global Web cache settings in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_debug_url` Configure debug URL addresses in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_explicit` Configure explicit Web proxy settings in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_forward_server_group` Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_forward_server` Configure forward-server addresses in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_global` Configure Web proxy global settings in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_profile` Configure web proxy profiles in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_url_match` Exempt URLs from web proxy forwarding and caching in Fortinet's FortiOS and FortiGate. +* `fortios_web_proxy_wisp` Configure Wireless Internet service provider (WISP) servers in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_content_header` Configure content types used by Web filter in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_content` Configure Web filter banned word table in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_fortiguard` Configure FortiGuard Web Filter service in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_ftgd_local_cat` Configure FortiGuard Web Filter local categories in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_ftgd_local_rating` Configure local FortiGuard Web Filter local ratings in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_ips_urlfilter_cache_setting` Configure IPS URL filter cache settings in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_ips_urlfilter_setting6` Configure IPS URL filter settings for IPv6 in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_ips_urlfilter_setting` Configure IPS URL filter settings in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_override` Configure FortiGuard Web Filter administrative overrides in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_profile` Configure Web filter profiles in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_search_engine` Configure web filter search engines in Fortinet's FortiOS and FortiGate. +* `fortios_webfilter_urlfilter` Configure URL filter lists in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_ap_status` Configure access point status (rogue | accepted | suppressed) in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_ble_profile` Configure Bluetooth Low Energy profile in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_bonjour_profile` Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to networks using Bonjour in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_global` Configure wireless controller global settings in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_anqp_3gpp_cellular` Configure 3GPP public land mobile network (PLMN) in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_anqp_ip_address_type` Configure IP address type availability in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_anqp_nai_realm` Configure network access identifier (NAI) realm in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_anqp_network_auth_type` Configure network authentication type in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_anqp_roaming_consortium` Configure roaming consortium in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_anqp_venue_name` Configure venue name duple in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_h2qp_conn_capability` Configure connection capability in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_h2qp_operator_name` Configure operator friendly name in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_h2qp_osu_provider` Configure online sign up (OSU) provider list in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_h2qp_wan_metric` Configure WAN metrics in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_hs_profile` Configure hotspot profile in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_icon` Configure OSU provider icon in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_hotspot20_qos_map` Configure QoS map set in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_inter_controller` Configure inter wireless controller operation in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_qos_profile` Configure WiFi quality of service (QoS) profiles in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_setting` VDOM wireless controller configuration in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_timers` Configure CAPWAP timers in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_utm_profile` Configure UTM (Unified Threat Management) profile in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_vap_group` Configure virtual Access Point (VAP) groups in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_vap` Configure Virtual Access Points (VAPs) in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_wids_profile` Configure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_wtp_group` Configure WTP groups in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_wtp_profile` Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet's FortiOS and FortiGate. +* `fortios_wireless_controller_wtp` Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate in Fortinet's FortiOS and FortiGate. + +## Roles + +## Usage +The following example is used to configure global attributes in Fortinet's FortiOS and FortiGate. + +Create `fw_global_set.yml` with the following template: +```yaml +--- +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global attributes. + fortios_system_global: + vdom: "{{ vdom }}" + system_global: + admintimeout: "23" + hostname: "FortiGate02" +``` +Create the `hosts` inventory file +``` +[fortigates] +fortigate01 ansible_host=192.168.190.100 ansible_user="admin" ansible_password="password" + +[fortigates:vars] +ansible_network_os=fortinet.fortios.fortios +``` + +Run the test: +```bash +ansible-playbook -i hosts fw_global_set.yml +``` + +This will configure the firewall's hostname and admin timeout. diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/inventory/hosts b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/inventory/hosts new file mode 100644 index 00000000..b09d12e9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/inventory/hosts @@ -0,0 +1,5 @@ +[fortigates] +fortigate01 ansible_host=192.168.52.177 ansible_user="admin" ansible_password="admin" + +[fortigates:vars] +ansible_network_os=fortinet.fortios.fortios diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/readme b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/readme new file mode 100644 index 00000000..071e08ce --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/readme @@ -0,0 +1,2 @@ +Usage: +# ansible-playbook set_system_global.yml -i inventory/hosts diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/set_system_global.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/set_system_global.yml new file mode 100644 index 00000000..4b4b3d09 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/httpapi/set_system_global.yml @@ -0,0 +1,19 @@ +--- +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global attributes. + fortios_system_global: + vdom: "{{ vdom }}" + system_global: + admintimeout: "23" + hostname: "FortiGate11" + admin_lockout_threshold: "8" + admin_login_max: "9" diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address.yml new file mode 100644 index 00000000..b2eb5b86 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address.yml @@ -0,0 +1,27 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure IPv4 addresses. + fortios_firewall_address: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + state: "present" + firewall_address: + allow_routing: "enable" + comment: "Comment." + name: "testfwaddr" + start_ip: "1.1.1.1" + end_ip: "1.1.1.2" + type: "iprange" \ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address_group.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address_group.yml new file mode 100644 index 00000000..1c9c2b82 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_address_group.yml @@ -0,0 +1,25 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure IPv4 address groups. + fortios_firewall_addrgrp: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + state: "present" + firewall_addrgrp: + name: "testfwgrp" + member: + - + name: "SSLVPN_TUNNEL_ADDR1" diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_vip.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_vip.yml new file mode 100644 index 00000000..3637d39c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_firewall_vip.yml @@ -0,0 +1,27 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure virtual IP for IPv4. + fortios_firewall_vip: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + state: "present" + firewall_vip: + name: "testfwvip" + extip: "1.1.1.1-1.1.1.4" + extintf: "any" + mappedip: + - + range: "1.1.2.1-1.1.2.4" \ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_alias.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_alias.yml new file mode 100644 index 00000000..542b0ec4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_alias.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure alias command. + fortios_system_alias: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + state: "present" + system_alias: + name: "mytest" + command: "get system status" diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_dns.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_dns.yml new file mode 100644 index 00000000..1a3d4eec --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_dns.yml @@ -0,0 +1,21 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure admin users. + fortios_system_dns: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + system_dns: + primary: "2.32.2.2" \ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_global.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_global.yml new file mode 100644 index 00000000..04869105 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_global.yml @@ -0,0 +1,24 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure global attributes. + fortios_system_global: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + system_global: + admintimeout: "23" + hostname: "FortiGate11" + admin_lockout_threshold: "8" + admin_login_max: "9" diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha.yml new file mode 100644 index 00000000..cdfa9639 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha.yml @@ -0,0 +1,24 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure HA. + fortios_system_ha: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + system_ha: + group_name: "testgroup" + mode: "standalone" + multicast_ttl: "38" + override: "enable" \ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha_monitor.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha_monitor.yml new file mode 100644 index 00000000..634d5598 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ha_monitor.yml @@ -0,0 +1,21 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure HA monitor. + fortios_system_ha_monitor: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + system_ha_monitor: + monitor_vlan: "disable" diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ntp.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ntp.yml new file mode 100644 index 00000000..009c5627 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_ntp.yml @@ -0,0 +1,22 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure system NTP information. + fortios_system_ntp: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + system_ntp: + ntpsync: "disable" + server_mode: "disable" \ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_zone.yml b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_zone.yml new file mode 100644 index 00000000..1ac8a7c6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/examples/set_system_zone.yml @@ -0,0 +1,27 @@ +--- +- hosts: localhost + collections: + - fortinet.fortios + vars: + host: "192.168.52.177" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + tasks: + - name: Configure zones to group two or more interfaces. + fortios_system_zone: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: "True" + ssl_verify: "{{ ssl_verify }}" + state: "present" + system_zone: + intrazone: "allow" + name: "default_name_6" + tagging: + - + category: "default" + name: "default_name_9" diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/doc_fragments/fortios.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/doc_fragments/fortios.py new file mode 100644 index 00000000..dee76d51 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/doc_fragments/fortios.py @@ -0,0 +1,63 @@ +# -*- coding: utf-8 -*- + +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + file_mode: + description: + - Don't connect to any device, only use I(config_file) as input and Output. + type: bool + default: no + version_added: "2.4" + config_file: + description: + - Path to configuration file. Required when I(file_mode) is True. + type: path + version_added: "2.4" + host: + description: + - Specifies the DNS hostname or IP address for connecting to the remote fortios device. Required when I(file_mode) is False. + type: str + username: + description: + - Configures the username used to authenticate to the remote device. Required when I(file_mode) is True. + type: str + password: + description: + - Specifies the password used to authenticate to the remote device. Required when I(file_mode) is True. + type: str + timeout: + description: + - Timeout in seconds for connecting to the remote device. + type: int + default: 60 + vdom: + description: + - Specifies on which vdom to apply configuration + type: str + backup: + description: + - This argument will cause the module to create a backup of + the current C(running-config) from the remote device before any + changes are made. The backup file is written to the i(backup) + folder. + type: bool + default: no + backup_path: + description: + - Specifies where to store backup files. Required if I(backup=yes). + type: path + backup_filename: + description: + - Specifies the backup filename. If omitted filename will be + formatted like HOST_config.YYYY-MM-DD@HH:MM:SS + type: str +''' diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/httpapi/fortios.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/httpapi/fortios.py new file mode 100644 index 00000000..3deb805b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/httpapi/fortios.py @@ -0,0 +1,219 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2019 Fortinet, Inc +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = """ +--- +author: + - Miguel Angel Munoz (@magonzalez) +httpapi : fortios +short_description: HttpApi Plugin for Fortinet FortiOS Appliance or VM +description: + - This HttpApi plugin provides methods to connect to Fortinet FortiOS Appliance or VM via REST API +version_added: "2.9" +""" + +import json +from ansible.plugins.httpapi import HttpApiBase +from ansible.module_utils.basic import to_text +from ansible.module_utils.six.moves import urllib +import re +from datetime import datetime + + +class HttpApi(HttpApiBase): + def __init__(self, connection): + super(HttpApi, self).__init__(connection) + + self._conn = connection + self._ccsrftoken = '' + self._system_version = None + self._ansible_fos_version = 'v6.0.0' + self._ansible_galaxy_version = '1.1.8' + self._log = open("/tmp/fortios.ansible.log", "a") + + def log(self, msg): + log_message = str(datetime.now()) + log_message += ": " + str(msg) + '\n' + self._log.write(log_message) + self._log.flush() + + def get_access_token(self): + '''this is only available after a module is initialized''' + token = self._conn.get_option('access_token') if 'access_token' in self._conn._options else None + + return token + + def set_become(self, become_context): + """ + Elevation is not required on Fortinet devices - Skipped + :param become_context: Unused input. + :return: None + """ + return None + + def login(self, username, password): + """Call a defined login endpoint to receive an authentication token.""" + if (username is None or password is None) and self.get_access_token() is None: + raise Exception('Please provide access token or username/password to login') + + if self.get_access_token() is None: + self.log('login with username and password') + data = "username=" + urllib.parse.quote(username) + "&secretkey=" + urllib.parse.quote(password) + "&ajax=1" + dummy, result_data = self.send_request(url='/logincheck', data=data, method='POST') + self.log('login with user: %s %s' % (username, 'succeeds' if result_data[0] == '1' else 'fails')) + if result_data[0] != '1': + raise Exception('Wrong credentials. Please check') + # If we succeed to login, we retrieve the system status first + else: + self.log('login with access token') + self.send_request(url='/logincheck') + status, _ = self.send_request(url='/api/v2/cmdb/system/interface?vdom=root&action=schema') + + if status == 401: + raise Exception('Invalid access token. Please check') + + self.update_system_version() + + def logout(self): + """ Call to implement session logout.""" + self.log('logout') + self.send_request(url='/logout', method="POST") + + def update_auth(self, response, response_text): + """ + Get cookies and obtain value for csrftoken that will be used on next requests + :param response: Response given by the server. + :param response_text Unused_input. + :return: Dictionary containing headers + """ + + if self.get_access_token() is None: + headers = {} + + for attr, val in response.getheaders(): + if attr == 'Set-Cookie' and 'APSCOOKIE_' in val: + headers['Cookie'] = val + + elif attr == 'Set-Cookie' and 'ccsrftoken=' in val: + csrftoken_search = re.search('\"(.*)\"', val) + if csrftoken_search: + self._ccsrftoken = csrftoken_search.group(1) + + headers['x-csrftoken'] = self._ccsrftoken + self.log('update x-csrftoken: %s' % (self._ccsrftoken)) + return headers + else: + self.log('using access token - setting header') + + return { + "Accept": "application/json" + } + + def handle_httperror(self, exc): + """ + propogate exceptions to users + :param exc: Exception + """ + self.log('Exception thrown from handling http: ' + to_text(exc)) + + return exc + + def _concat_token(self, url): + if self.get_access_token(): + token_pair = 'access_token=' + self.get_access_token() + return url + '&' + token_pair if '?' in url else url + '?' + token_pair + return url + + def _concat_params(self, url, params): + if not params or not len(params): + return url + url = url + '?' if '?' not in url else url + for param_key in params: + param_value = params[param_key] + if url[-1] == '?': + url += '%s=%s' % (param_key, param_value) + else: + url += '&%s=%s' % (param_key, param_value) + return url + + def send_request(self, **message_kwargs): + """ + Responsible for actual sending of data to the connection httpapi base plugin. + :param message_kwargs: A formatted dictionary containing request info: url, data, method + + :return: Status code and response data. + """ + + url = message_kwargs.get('url', '/') + if self.get_access_token() is not None: + url = self._concat_token(message_kwargs.get('url', '/')) + data = message_kwargs.get('data', '') + method = message_kwargs.get('method', 'GET') + params = message_kwargs.get('params', {}) + + url = self._concat_params(url, params) + self.log('send request: METHOD:%s URL:%s DATA:%s' % (method, url, data)) + try: + response, response_data = self.connection.send(url, data, method=method) + + json_formatted = to_text(response_data.getvalue()) + + return response.status, json_formatted + except Exception as err: + raise Exception(err) + + def update_system_version(self): + """ + retrieve the system status of fortigate device + """ + url = '/api/v2/cmdb/system/interface?vdom=root&action=schema' + status, result = self.send_request(url=url) + self.log('update sys ver: ' + str(status) + ' len=' + str(len(to_text(result)))) + result_json = json.loads(result) + self._system_version = result_json.get('version', 'undefined') + self.log('system version: %s' % (self._system_version)) + self.log('ansible version: %s' % (self._ansible_fos_version)) + + def get_system_version(self): + if not self._system_version: + raise Exception('Wrong calling stack, httpapi must login!') + system_version_words = self._system_version.split('.') + ansible_version_words = self._ansible_fos_version.split('.') + result = dict() + result['system_version'] = self._system_version + result['ansible_collection_version'] = self._ansible_fos_version + ' (galaxy: %s)' % (self._ansible_galaxy_version) + result['matched'] = system_version_words[0] == ansible_version_words[0] and system_version_words[1] == ansible_version_words[1] + if not result['matched']: + result['message'] = 'Please follow steps in FortiOS versioning notes: https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/version.html' + else: + result['message'] = 'versions match' + return result diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/common.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/common.py new file mode 100644 index 00000000..0b85cc1c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/common.py @@ -0,0 +1,291 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2017 Fortinet, Inc +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +# BEGIN STATIC DATA / MESSAGES +class FMGRMethods: + GET = "get" + SET = "set" + EXEC = "exec" + EXECUTE = "exec" + UPDATE = "update" + ADD = "add" + DELETE = "delete" + REPLACE = "replace" + CLONE = "clone" + MOVE = "move" + + +BASE_HEADERS = { + 'Content-Type': 'application/json', + 'Accept': 'application/json' +} + + +# FMGR RETURN CODES +FMGR_RC = { + "fmgr_return_codes": { + 0: { + "msg": "OK", + "changed": True, + "stop_on_success": True + }, + -100000: { + "msg": "Module returned without actually running anything. " + "Check parameters, and please contact the authors if needed.", + "failed": True + }, + -2: { + "msg": "Object already exists.", + "skipped": True, + "changed": False, + "good_codes": [0, -2] + }, + -6: { + "msg": "Invalid Url. Sometimes this can happen because the path is mapped to a hostname or object that" + " doesn't exist. Double check your input object parameters." + }, + -3: { + "msg": "Object doesn't exist.", + "skipped": True, + "changed": False, + "good_codes": [0, -3] + }, + -10131: { + "msg": "Object dependency failed. Do all named objects in parameters exist?", + "changed": False, + "skipped": True + }, + -9998: { + "msg": "Duplicate object. Try using mode='set', if using add. STOPPING. Use 'ignore_errors=yes' in playbook" + "to override and mark successful.", + }, + -20042: { + "msg": "Device Unreachable.", + "skipped": True + }, + -10033: { + "msg": "Duplicate object. Try using mode='set', if using add.", + "changed": False, + "skipped": True + }, + -10000: { + "msg": "Duplicate object. Try using mode='set', if using add.", + "changed": False, + "skipped": True + }, + -20010: { + "msg": "Device already added to FortiManager. Serial number already in use.", + "good_codes": [0, -20010], + "changed": False, + "stop_on_success": True + }, + -20002: { + "msg": "Invalid Argument -- Does this Device exist on FortiManager?", + "changed": False, + "skipped": True, + } + } +} + +DEFAULT_RESULT_OBJ = (-100000, {"msg": "Nothing Happened. Check that handle_response is being called!"}) +FAIL_SOCKET_MSG = {"msg": "Socket Path Empty! The persistent connection manager is messed up. " + "Try again in a few moments."} + + +# BEGIN ERROR EXCEPTIONS +class FMGBaseException(Exception): + """Wrapper to catch the unexpected""" + + def __init__(self, msg=None, *args, **kwargs): + if msg is None: + msg = "An exception occurred within the fortimanager.py httpapi connection plugin." + super(FMGBaseException, self).__init__(msg, *args) + +# END ERROR CLASSES + + +# BEGIN CLASSES +class FMGRCommon(object): + + @staticmethod + def format_request(method, url, *args, **kwargs): + """ + Formats the payload from the module, into a payload the API handler can use. + + :param url: Connection URL to access + :type url: string + :param method: The preferred API Request method (GET, ADD, POST, etc....) + :type method: basestring + :param kwargs: The payload dictionary from the module to be converted. + + :return: Properly formatted dictionary payload for API Request via Connection Plugin. + :rtype: dict + """ + + params = [{"url": url}] + if args: + for arg in args: + params[0].update(arg) + if kwargs: + keylist = list(kwargs) + for k in keylist: + kwargs[k.replace("__", "-")] = kwargs.pop(k) + if method == "get" or method == "clone": + params[0].update(kwargs) + else: + if kwargs.get("data", False): + params[0]["data"] = kwargs["data"] + else: + params[0]["data"] = kwargs + return params + + @staticmethod + def split_comma_strings_into_lists(obj): + """ + Splits a CSV String into a list. Also takes a dictionary, and converts any CSV strings in any key, to a list. + + :param obj: object in CSV format to be parsed. + :type obj: str or dict + + :return: A list containing the CSV items. + :rtype: list + """ + return_obj = () + if isinstance(obj, dict): + if len(obj) > 0: + for k, v in obj.items(): + if isinstance(v, str): + new_list = list() + if "," in v: + new_items = v.split(",") + for item in new_items: + new_list.append(item.strip()) + obj[k] = new_list + return_obj = obj + elif isinstance(obj, str): + return_obj = obj.replace(" ", "").split(",") + + return return_obj + + @staticmethod + def cidr_to_netmask(cidr): + """ + Converts a CIDR Network string to full blown IP/Subnet format in decimal format. + Decided not use IP Address module to keep includes to a minimum. + + :param cidr: String object in CIDR format to be processed + :type cidr: str + + :return: A string object that looks like this "x.x.x.x/y.y.y.y" + :rtype: str + """ + if isinstance(cidr, str): + cidr = int(cidr) + mask = (0xffffffff >> (32 - cidr)) << (32 - cidr) + return (str((0xff000000 & mask) >> 24) + '.' + + str((0x00ff0000 & mask) >> 16) + '.' + + str((0x0000ff00 & mask) >> 8) + '.' + + str((0x000000ff & mask))) + + @staticmethod + def paramgram_child_list_override(list_overrides, paramgram, module): + """ + If a list of items was provided to a "parent" paramgram attribute, the paramgram needs to be rewritten. + The child keys of the desired attribute need to be deleted, and then that "parent" keys' contents is replaced + With the list of items that was provided. + + :param list_overrides: Contains the response from the FortiManager. + :type list_overrides: list + :param paramgram: Contains the paramgram passed to the modules' local modify function. + :type paramgram: dict + :param module: Contains the Ansible Module Object being used by the module. + :type module: classObject + + :return: A new "paramgram" refactored to allow for multiple entries being added. + :rtype: dict + """ + if len(list_overrides) > 0: + for list_variable in list_overrides: + try: + list_variable = list_variable.replace("-", "_") + override_data = module.params[list_variable] + if override_data: + del paramgram[list_variable] + paramgram[list_variable] = override_data + except BaseException as e: + raise FMGBaseException("Error occurred merging custom lists for the paramgram parent: " + str(e)) + return paramgram + + @staticmethod + def syslog(module, msg): + try: + module.log(msg=msg) + except BaseException: + pass + + +# RECURSIVE FUNCTIONS START +def prepare_dict(obj): + """ + Removes any keys from a dictionary that are only specific to our use in the module. FortiManager will reject + requests with these empty/None keys in it. + + :param obj: Dictionary object to be processed. + :type obj: dict + + :return: Processed dictionary. + :rtype: dict + """ + + list_of_elems = ["mode", "adom", "host", "username", "password"] + + if isinstance(obj, dict): + obj = dict((key, prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems) + return obj + + +def scrub_dict(obj): + """ + Removes any keys from a dictionary that are EMPTY -- this includes parent keys. FortiManager doesn't + like empty keys in dictionaries + + :param obj: Dictionary object to be processed. + :type obj: dict + + :return: Processed dictionary. + :rtype: dict + """ + + if isinstance(obj, dict): + return dict((k, scrub_dict(v)) for k, v in obj.items() if v and scrub_dict(v)) + else: + return obj diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/fortimanager.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/fortimanager.py new file mode 100644 index 00000000..84d73276 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/fortimanager.py @@ -0,0 +1,470 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2017 Fortinet, Inc +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FMGR_RC +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FMGBaseException +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FMGRCommon +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import scrub_dict + +# check for pyFMG lib - DEPRECATING +try: + from pyFMG.fortimgr import FortiManager + HAS_PYFMGR = True +except ImportError: + HAS_PYFMGR = False + +# ACTIVE BUG WITH OUR DEBUG IMPORT CALL -- BECAUSE IT'S UNDER MODULE_UTILITIES +# WHEN module_common.recursive_finder() runs under the module loader, it looks for this namespace debug import +# and because it's not there, it always fails, regardless of it being under a try/catch here. +# we're going to move it to a different namespace. +# # check for debug lib +# try: +# from ansible.module_utils.network.fortimanager.fortimanager_debug import debug_dump +# HAS_FMGR_DEBUG = True +# except: +# HAS_FMGR_DEBUG = False + + +# BEGIN HANDLER CLASSES +class FortiManagerHandler(object): + def __init__(self, conn, module): + self._conn = conn + self._module = module + self._tools = FMGRCommon + + def process_request(self, url, datagram, method): + """ + Formats and Runs the API Request via Connection Plugin. Streamlined for use FROM Modules. + + :param url: Connection URL to access + :type url: string + :param datagram: The prepared payload for the API Request in dictionary format + :type datagram: dict + :param method: The preferred API Request method (GET, ADD, POST, etc....) + :type method: basestring + + :return: Dictionary containing results of the API Request via Connection Plugin + :rtype: dict + """ + data = self._tools.format_request(method, url, **datagram) + response = self._conn.send_request(method, data) + + # if HAS_FMGR_DEBUG: + # try: + # debug_dump(response, datagram, self._module.paramgram, url, method) + # except BaseException: + # pass + + return response + + def govern_response(self, module, results, msg=None, good_codes=None, + stop_on_fail=None, stop_on_success=None, skipped=None, + changed=None, unreachable=None, failed=None, success=None, changed_if_success=None, + ansible_facts=None): + """ + This function will attempt to apply default values to canned responses from FortiManager we know of. + This saves time, and turns the response in the module into a "one-liner", while still giving us... + the flexibility to directly use return_response in modules if we have too. This function saves repeated code. + + :param module: The Ansible Module CLASS object, used to run fail/exit json + :type module: object + :param msg: An overridable custom message from the module that called this. + :type msg: string + :param results: A dictionary object containing an API call results + :type results: dict + :param good_codes: A list of exit codes considered successful from FortiManager + :type good_codes: list + :param stop_on_fail: If true, stops playbook run when return code is NOT IN good codes (default: true) + :type stop_on_fail: boolean + :param stop_on_success: If true, stops playbook run when return code is IN good codes (default: false) + :type stop_on_success: boolean + :param changed: If True, tells Ansible that object was changed (default: false) + :type skipped: boolean + :param skipped: If True, tells Ansible that object was skipped (default: false) + :type skipped: boolean + :param unreachable: If True, tells Ansible that object was unreachable (default: false) + :type unreachable: boolean + :param failed: If True, tells Ansible that execution was a failure. Overrides good_codes. (default: false) + :type unreachable: boolean + :param success: If True, tells Ansible that execution was a success. Overrides good_codes. (default: false) + :type unreachable: boolean + :param changed_if_success: If True, defaults to changed if successful if you specify or not" + :type changed_if_success: boolean + :param ansible_facts: A prepared dictionary of ansible facts from the execution. + :type ansible_facts: dict + """ + if module is None and results is None: + raise FMGBaseException("govern_response() was called without a module and/or results tuple! Fix!") + # Get the Return code from results + try: + rc = results[0] + except BaseException: + raise FMGBaseException("govern_response() was called without the return code at results[0]") + + # init a few items + rc_data = None + + # Get the default values for the said return code. + try: + rc_codes = FMGR_RC.get('fmgr_return_codes') + rc_data = rc_codes.get(rc) + except BaseException: + pass + + if not rc_data: + rc_data = {} + # ONLY add to overrides if not none -- This is very important that the keys aren't added at this stage + # if they are empty. And there aren't that many, so let's just do a few if then statements. + if good_codes is not None: + rc_data["good_codes"] = good_codes + if stop_on_fail is not None: + rc_data["stop_on_fail"] = stop_on_fail + if stop_on_success is not None: + rc_data["stop_on_success"] = stop_on_success + if skipped is not None: + rc_data["skipped"] = skipped + if changed is not None: + rc_data["changed"] = changed + if unreachable is not None: + rc_data["unreachable"] = unreachable + if failed is not None: + rc_data["failed"] = failed + if success is not None: + rc_data["success"] = success + if changed_if_success is not None: + rc_data["changed_if_success"] = changed_if_success + if results is not None: + rc_data["results"] = results + if msg is not None: + rc_data["msg"] = msg + if ansible_facts is None: + rc_data["ansible_facts"] = {} + else: + rc_data["ansible_facts"] = ansible_facts + + return self.return_response(module=module, + results=results, + msg=rc_data.get("msg", "NULL"), + good_codes=rc_data.get("good_codes", (0,)), + stop_on_fail=rc_data.get("stop_on_fail", True), + stop_on_success=rc_data.get("stop_on_success", False), + skipped=rc_data.get("skipped", False), + changed=rc_data.get("changed", False), + changed_if_success=rc_data.get("changed_if_success", False), + unreachable=rc_data.get("unreachable", False), + failed=rc_data.get("failed", False), + success=rc_data.get("success", False), + ansible_facts=rc_data.get("ansible_facts", dict())) + + @staticmethod + def return_response(module, results, msg="NULL", good_codes=(0,), + stop_on_fail=True, stop_on_success=False, skipped=False, + changed=False, unreachable=False, failed=False, success=False, changed_if_success=True, + ansible_facts=()): + """ + This function controls the logout and error reporting after an method or function runs. The exit_json for + ansible comes from logic within this function. If this function returns just the msg, it means to continue + execution on the playbook. It is called from the ansible module, or from the self.govern_response function. + + :param module: The Ansible Module CLASS object, used to run fail/exit json + :type module: object + :param msg: An overridable custom message from the module that called this. + :type msg: string + :param results: A dictionary object containing an API call results + :type results: dict + :param good_codes: A list of exit codes considered successful from FortiManager + :type good_codes: list + :param stop_on_fail: If true, stops playbook run when return code is NOT IN good codes (default: true) + :type stop_on_fail: boolean + :param stop_on_success: If true, stops playbook run when return code is IN good codes (default: false) + :type stop_on_success: boolean + :param changed: If True, tells Ansible that object was changed (default: false) + :type skipped: boolean + :param skipped: If True, tells Ansible that object was skipped (default: false) + :type skipped: boolean + :param unreachable: If True, tells Ansible that object was unreachable (default: false) + :type unreachable: boolean + :param failed: If True, tells Ansible that execution was a failure. Overrides good_codes. (default: false) + :type unreachable: boolean + :param success: If True, tells Ansible that execution was a success. Overrides good_codes. (default: false) + :type unreachable: boolean + :param changed_if_success: If True, defaults to changed if successful if you specify or not" + :type changed_if_success: boolean + :param ansible_facts: A prepared dictionary of ansible facts from the execution. + :type ansible_facts: dict + + :return: A string object that contains an error message + :rtype: str + """ + + # VALIDATION ERROR + if (len(results) == 0) or (failed and success) or (changed and unreachable): + module.exit_json(msg="Handle_response was called with no results, or conflicting failed/success or " + "changed/unreachable parameters. Fix the exit code on module. " + "Generic Failure", failed=True) + + # IDENTIFY SUCCESS/FAIL IF NOT DEFINED + if not failed and not success: + if len(results) > 0: + if results[0] not in good_codes: + failed = True + elif results[0] in good_codes: + success = True + + if len(results) > 0: + # IF NO MESSAGE WAS SUPPLIED, GET IT FROM THE RESULTS, IF THAT DOESN'T WORK, THEN WRITE AN ERROR MESSAGE + if msg == "NULL": + try: + msg = results[1]['status']['message'] + except BaseException: + msg = "No status message returned at results[1][status][message], " \ + "and none supplied to msg parameter for handle_response." + + if failed: + # BECAUSE SKIPPED/FAILED WILL OFTEN OCCUR ON CODES THAT DON'T GET INCLUDED, THEY ARE CONSIDERED FAILURES + # HOWEVER, THEY ARE MUTUALLY EXCLUSIVE, SO IF IT IS MARKED SKIPPED OR UNREACHABLE BY THE MODULE LOGIC + # THEN REMOVE THE FAILED FLAG SO IT DOESN'T OVERRIDE THE DESIRED STATUS OF SKIPPED OR UNREACHABLE. + if failed and skipped: + failed = False + if failed and unreachable: + failed = False + if stop_on_fail: + module.exit_json(msg=msg, failed=failed, changed=changed, unreachable=unreachable, skipped=skipped, + results=results[1], ansible_facts=ansible_facts, rc=results[0], + invocation={"module_args": ansible_facts["ansible_params"]}) + elif success: + if changed_if_success: + changed = True + success = False + if stop_on_success: + module.exit_json(msg=msg, success=success, changed=changed, unreachable=unreachable, + skipped=skipped, results=results[1], ansible_facts=ansible_facts, rc=results[0], + invocation={"module_args": ansible_facts["ansible_params"]}) + return msg + + def construct_ansible_facts(self, response, ansible_params, paramgram, *args, **kwargs): + """ + Constructs a dictionary to return to ansible facts, containing various information about the execution. + + :param response: Contains the response from the FortiManager. + :type response: dict + :param ansible_params: Contains the parameters Ansible was called with. + :type ansible_params: dict + :param paramgram: Contains the paramgram passed to the modules' local modify function. + :type paramgram: dict + :param args: Free-form arguments that could be added. + :param kwargs: Free-form keyword arguments that could be added. + + :return: A dictionary containing lots of information to append to Ansible Facts. + :rtype: dict + """ + + facts = { + "response": response, + "ansible_params": scrub_dict(ansible_params), + "paramgram": scrub_dict(paramgram), + "connected_fmgr": self._conn.return_connected_fmgr() + } + + if args: + facts["custom_args"] = args + if kwargs: + facts.update(kwargs) + + return facts + + +########################## +# BEGIN DEPRECATED METHODS +########################## + +# SOME OF THIS CODE IS DUPLICATED IN THE PLUGIN, BUT THOSE ARE PLUGIN SPECIFIC. THIS VERSION STILL ALLOWS FOR +# THE USAGE OF PYFMG FOR CUSTOMERS WHO HAVE NOT YET UPGRADED TO ANSIBLE 2.7 + +# LEGACY PYFMG METHODS START +# USED TO DETERMINE LOCK CONTEXT ON A FORTIMANAGER. A DATABASE LOCKING CONCEPT THAT NEEDS TO BE ACCOUNTED FOR. + +class FMGLockContext(object): + """ + - DEPRECATING: USING CONNECTION MANAGER NOW INSTEAD. EVENTUALLY THIS CLASS WILL DISAPPEAR. PLEASE + - CONVERT ALL MODULES TO CONNECTION MANAGER METHOD. + - LEGACY pyFMG HANDLER OBJECT: REQUIRES A CHECK FOR PY FMG AT TOP OF PAGE + """ + def __init__(self, fmg): + self._fmg = fmg + self._locked_adom_list = list() + self._uses_workspace = False + self._uses_adoms = False + + @property + def uses_workspace(self): + return self._uses_workspace + + @uses_workspace.setter + def uses_workspace(self, val): + self._uses_workspace = val + + @property + def uses_adoms(self): + return self._uses_adoms + + @uses_adoms.setter + def uses_adoms(self, val): + self._uses_adoms = val + + def add_adom_to_lock_list(self, adom): + if adom not in self._locked_adom_list: + self._locked_adom_list.append(adom) + + def remove_adom_from_lock_list(self, adom): + if adom in self._locked_adom_list: + self._locked_adom_list.remove(adom) + + def check_mode(self): + url = "/cli/global/system/global" + code, resp_obj = self._fmg.get(url, fields=["workspace-mode", "adom-status"]) + try: + if resp_obj["workspace-mode"] != 0: + self.uses_workspace = True + except KeyError: + self.uses_workspace = False + try: + if resp_obj["adom-status"] == 1: + self.uses_adoms = True + except KeyError: + self.uses_adoms = False + + def run_unlock(self): + for adom_locked in self._locked_adom_list: + self.unlock_adom(adom_locked) + + def lock_adom(self, adom=None, *args, **kwargs): + if adom: + if adom.lower() == "global": + url = "/dvmdb/global/workspace/lock/" + else: + url = "/dvmdb/adom/{adom}/workspace/lock/".format(adom=adom) + else: + url = "/dvmdb/adom/root/workspace/lock" + code, respobj = self._fmg.execute(url, {}, *args, **kwargs) + if code == 0 and respobj["status"]["message"].lower() == "ok": + self.add_adom_to_lock_list(adom) + return code, respobj + + def unlock_adom(self, adom=None, *args, **kwargs): + if adom: + if adom.lower() == "global": + url = "/dvmdb/global/workspace/unlock/" + else: + url = "/dvmdb/adom/{adom}/workspace/unlock/".format(adom=adom) + else: + url = "/dvmdb/adom/root/workspace/unlock" + code, respobj = self._fmg.execute(url, {}, *args, **kwargs) + if code == 0 and respobj["status"]["message"].lower() == "ok": + self.remove_adom_from_lock_list(adom) + return code, respobj + + def commit_changes(self, adom=None, aux=False, *args, **kwargs): + if adom: + if aux: + url = "/pm/config/adom/{adom}/workspace/commit".format(adom=adom) + else: + if adom.lower() == "global": + url = "/dvmdb/global/workspace/commit/" + else: + url = "/dvmdb/adom/{adom}/workspace/commit".format(adom=adom) + else: + url = "/dvmdb/adom/root/workspace/commit" + return self._fmg.execute(url, {}, *args, **kwargs) + + +# DEPRECATED -- USE PLUGIN INSTEAD +class AnsibleFortiManager(object): + """ + - DEPRECATING: USING CONNECTION MANAGER NOW INSTEAD. EVENTUALLY THIS CLASS WILL DISAPPEAR. PLEASE + - CONVERT ALL MODULES TO CONNECTION MANAGER METHOD. + - LEGACY pyFMG HANDLER OBJECT: REQUIRES A CHECK FOR PY FMG AT TOP OF PAGE + """ + + def __init__(self, module, ip=None, username=None, passwd=None, use_ssl=True, verify_ssl=False, timeout=300): + self.ip = ip + self.username = username + self.passwd = passwd + self.use_ssl = use_ssl + self.verify_ssl = verify_ssl + self.timeout = timeout + self.fmgr_instance = None + + if not HAS_PYFMGR: + module.fail_json(msg='Could not import the python library pyFMG required by this module') + + self.module = module + + def login(self): + if self.ip is not None: + self.fmgr_instance = FortiManager(self.ip, self.username, self.passwd, use_ssl=self.use_ssl, + verify_ssl=self.verify_ssl, timeout=self.timeout, debug=False, + disable_request_warnings=True) + return self.fmgr_instance.login() + + def logout(self): + if self.fmgr_instance.sid is not None: + self.fmgr_instance.logout() + + def get(self, url, data): + return self.fmgr_instance.get(url, **data) + + def set(self, url, data): + return self.fmgr_instance.set(url, **data) + + def update(self, url, data): + return self.fmgr_instance.update(url, **data) + + def delete(self, url, data): + return self.fmgr_instance.delete(url, **data) + + def add(self, url, data): + return self.fmgr_instance.add(url, **data) + + def execute(self, url, data): + return self.fmgr_instance.execute(url, **data) + + def move(self, url, data): + return self.fmgr_instance.move(url, **data) + + def clone(self, url, data): + return self.fmgr_instance.clone(url, **data) + +########################## +# END DEPRECATED METHODS +########################## diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/facts/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/facts/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/facts/facts.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/facts/facts.py new file mode 100644 index 00000000..2f3e3418 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/facts/facts.py @@ -0,0 +1,45 @@ +from __future__ import (absolute_import, division, print_function) +# Copyright 2019 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +""" +The arg spec for the fortios monitor module. +""" + + +class FactsArgs(object): + """ The arg spec for the fortios monitor module + """ + + def __init__(self, **kwargs): + pass + + argument_spec = { + "host": {"required": False, "type": "str"}, + "username": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "https": {"required": False, "type": "bool", "default": True}, + "ssl_verify": {"required": False, "type": "bool", "default": False}, + "gather_subset": { + "required": True, "type": "list", "elements": "dict", + "options": { + "fact": {"required": True, "type": "str"}, + "filters": {"required": False, "type": "list", "elements": "dict"} + } + } + } diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/system/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/system/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/system/system.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/system/system.py new file mode 100644 index 00000000..76454f9d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/argspec/system/system.py @@ -0,0 +1,28 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2019 Fortinet, Inc. +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The arg spec for the fortios_facts module +""" +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +class SystemArgs(object): + """The arg spec for the fortios_facts module + """ + + FACT_SYSTEM_SUBSETS = frozenset([ + 'system_current-admins_select', + 'system_firmware_select', + 'system_fortimanager_status', + 'system_ha-checksums_select', + 'system_interface_select', + 'system_status_select', + 'system_time_select', + ]) + + def __init__(self, **kwargs): + pass diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/facts.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/facts.py new file mode 100644 index 00000000..6e3006d2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/facts.py @@ -0,0 +1,92 @@ +from __future__ import (absolute_import, division, print_function) +# Copyright 2019 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +""" +The facts class for fortios +this file validates each subset of monitor and selectively +calls the appropriate facts gathering and monitoring function +""" + +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.argspec.facts.facts import FactsArgs +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.argspec.system.system import SystemArgs +from ansible.module_utils.network.common.facts.facts import FactsBase +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.facts.system.system import SystemFacts + + +class Facts(FactsBase): + """ The facts class for fortios + """ + + FACT_SUBSETS = { + "system": SystemFacts + } + + def __init__(self, module, fos=None, subset=None): + super(Facts, self).__init__(module) + self._fos = fos + self._subset = subset + + def gen_runable(self, subsets, valid_subsets): + """ Generate the runable subset + + :param module: The module instance + :param subsets: The provided subsets + :param valid_subsets: The valid subsets + :rtype: list + :returns: The runable subsets + """ + runable_subsets = [] + FACT_DETAIL_SUBSETS = [] + FACT_DETAIL_SUBSETS.extend(SystemArgs.FACT_SYSTEM_SUBSETS) + + for subset in subsets: + if subset['fact'] not in FACT_DETAIL_SUBSETS: + self._module.fail_json(msg='Subset must be one of [%s], got %s' % + (', '.join(sorted([item for item in FACT_DETAIL_SUBSETS])), subset['fact'])) + + for valid_subset in frozenset(self.FACT_SUBSETS.keys()): + if subset['fact'].startswith(valid_subset): + runable_subsets.append((subset, valid_subset)) + + return runable_subsets + + def get_network_legacy_facts(self, fact_legacy_obj_map, legacy_facts_type=None): + if not legacy_facts_type: + legacy_facts_type = self._gather_subset + + runable_subsets = self.gen_runable(legacy_facts_type, frozenset(fact_legacy_obj_map.keys())) + if runable_subsets: + self.ansible_facts['ansible_net_gather_subset'] = [] + + instances = list() + for (subset, valid_subset) in runable_subsets: + instances.append(fact_legacy_obj_map[valid_subset](self._module, self._fos, subset)) + + for inst in instances: + inst.populate_facts(self._connection, self.ansible_facts) + + def get_facts(self, facts_type=None, data=None): + """ Collect the facts for fortios + :param facts_type: List of facts types + :param data: previously collected conf + :rtype: dict + :return: the facts gathered + """ + self.get_network_legacy_facts(self.FACT_SUBSETS, facts_type) + + return self.ansible_facts, self._warnings diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/system/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/system/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/system/system.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/system/system.py new file mode 100644 index 00000000..172d6b04 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/facts/system/system.py @@ -0,0 +1,63 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2019 Fortinet, Inc. +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The fortios system facts class +It is in this file the runtime information is collected from the device +for a given resource, parsed, and the facts tree is populated +based on the configuration. +""" +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import re +from ansible.module_utils.network.common import utils +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.argspec.system.system import SystemArgs + + +class SystemFacts(object): + """ The fortios system facts class + """ + + def __init__(self, module, fos=None, subset=None, subspec='config', options='options'): + self._module = module + self._fos = fos + self._subset = subset + + def populate_facts(self, connection, ansible_facts, data=None): + """ Populate the facts for system + :param connection: the device connection + :param ansible_facts: Facts dictionary + :rtype: dictionary + :returns: facts + """ + ansible_facts['ansible_network_resources'].pop('system', None) + facts = {} + if self._subset['fact'].startswith(tuple(SystemArgs.FACT_SYSTEM_SUBSETS)): + gather_method = getattr(self, self._subset['fact'].replace('-', '_'), self.system_fact) + resp = gather_method() + facts.update({self._subset['fact']: resp}) + + ansible_facts['ansible_network_resources'].update(facts) + return ansible_facts + + def system_fact(self): + fos = self._fos + vdom = self._module.params['vdom'] + return fos.monitor('system', self._subset['fact'][len('system_'):].replace('_', '/'), vdom=vdom) + + def system_interface_select(self): + fos = self._fos + vdom = self._module.params['vdom'] + + query_string = '?vdom=' + vdom + system_interface_select_param = self._subset['filters'] + if system_interface_select_param: + for filter in system_interface_select_param: + for key, val in filter.items(): + if val: + query_string += '&' + str(key) + '=' + str(val) + + return fos.monitor('system', self._subset['fact'][len('system_'):].replace('_', '/') + query_string, vdom=None) diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py new file mode 100644 index 00000000..cdcda13c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py @@ -0,0 +1,367 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# Miguel Angel Munoz , 2019 +# fortinet-ansible-dev , 2020 +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os +import time +import traceback + +from ansible.module_utils._text import to_text +from ansible.module_utils.basic import env_fallback +from ansible.module_utils.basic import _load_params +import sys +import json + +try: + import urllib.parse as urlencoding +except ImportError: + import urllib as urlencoding + +# BEGIN DEPRECATED + +# check for pyFG lib +try: + from pyFG import FortiOS, FortiConfig + from pyFG.exceptions import FailedCommit + HAS_PYFG = True +except ImportError: + HAS_PYFG = False + +fortios_required_if = [ + ['file_mode', False, ['host', 'username', 'password']], + ['file_mode', True, ['config_file']], + ['backup', True, ['backup_path']], +] + +fortios_mutually_exclusive = [ + ['config_file', 'host'], + ['config_file', 'username'], + ['config_file', 'password'] +] + +fortios_error_codes = { + '-3': "Object not found", + '-61': "Command error" +} + + +def check_legacy_fortiosapi(): + params = _load_params() + legacy_schemas = ['host', 'username', 'password', 'ssl_verify', 'https'] + legacy_params = [] + for param in legacy_schemas: + if param in params: + legacy_params.append(param) + if len(legacy_params): + error_message = 'Legacy fortiosapi parameters %s detected, please use HTTPAPI instead!' % (str(legacy_params)) + sys.stderr.write(error_message) + sys.exit(1) +# END DEPRECATED + + +class FortiOSHandler(object): + + def __init__(self, conn, mod, module_mkeyname=None): + self._conn = conn + self._module = mod + self._mkeyname = module_mkeyname + + def cmdb_url(self, path, name, vdom=None, mkey=None): + + url = '/api/v2/cmdb/' + path + '/' + name + if mkey: + url = url + '/' + urlencoding.quote(str(mkey), safe='') + if vdom: + if vdom == "global": + url += '?global=1' + else: + url += '?vdom=' + vdom + return url + + def mon_url(self, path, name, vdom=None, mkey=None): + url = '/api/v2/monitor/' + path + '/' + name + if mkey: + url = url + '/' + urlencoding.quote(str(mkey), safe='') + if vdom: + if vdom == "global": + url += '?global=1' + else: + url += '?vdom=' + vdom + return url + + def schema(self, path, name, vdom=None): + if vdom is None: + url = self.cmdb_url(path, name) + "?action=schema" + else: + url = self.cmdb_url(path, name, vdom=vdom) + "&action=schema" + + status, result_data = self._conn.send_request(url=url) + + if status == 200: + if vdom == "global": + return json.loads(to_text(result_data))[0]['results'] + else: + return json.loads(to_text(result_data))['results'] + else: + return json.loads(to_text(result_data)) + + def get_mkeyname(self, path, name, vdom=None): + return self._mkeyname + + def get_mkey(self, path, name, data, vdom=None): + + keyname = self.get_mkeyname(path, name, vdom) + if not keyname: + return None + else: + try: + mkey = data[keyname] + except KeyError: + return None + return mkey + + def get(self, path, name, vdom=None, mkey=None, parameters=None): + url = self.cmdb_url(path, name, vdom, mkey=mkey) + + status, result_data = self._conn.send_request(url=url, params=parameters, method='GET') + + return self.formatresponse(result_data, vdom=vdom) + + def monitor(self, path, name, vdom=None, mkey=None, parameters=None): + url = self.mon_url(path, name, vdom, mkey) + + status, result_data = self._conn.send_request(url=url, params=parameters, method='GET') + + return self.formatresponse(result_data, vdom=vdom) + + def set(self, path, name, data, mkey=None, vdom=None, parameters=None): + + if not mkey: + mkey = self.get_mkey(path, name, data, vdom=vdom) + url = self.cmdb_url(path, name, vdom, mkey) + + status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='PUT') + + if parameters and 'action' in parameters and parameters['action'] == 'move': + return self.formatresponse(result_data, vdom=vdom) + + if status == 404 or status == 405 or status == 500: + return self.post(path, name, data, vdom, mkey) + else: + return self.formatresponse(result_data, vdom=vdom) + + def post(self, path, name, data, vdom=None, + mkey=None, parameters=None): + + if mkey: + mkeyname = self.get_mkeyname(path, name, vdom) + data[mkeyname] = mkey + + url = self.cmdb_url(path, name, vdom, mkey=None) + + status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST') + + return self.formatresponse(result_data, vdom=vdom) + + def execute(self, path, name, data, vdom=None, + mkey=None, parameters=None, timeout=300): + url = self.mon_url(path, name, vdom, mkey=mkey) + + status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST', timeout=timeout) + + return self.formatresponse(result_data, vdom=vdom) + + def delete(self, path, name, vdom=None, mkey=None, parameters=None, data=None): + if not mkey: + mkey = self.get_mkey(path, name, data, vdom=vdom) + url = self.cmdb_url(path, name, vdom, mkey) + status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='DELETE') + return self.formatresponse(result_data, vdom=vdom) + + def formatresponse(self, res, vdom=None): + if vdom == "global": + resp = json.loads(to_text(res))[0] + resp['vdom'] = "global" + else: + resp = json.loads(to_text(res)) + return resp + + def jsonraw(self, method, path, data, specific_params, vdom=None, parameters=None): + url = path + bvdom = False + if vdom: + if vdom == "global": + url += '?global=1' + else: + url += '?vdom=' + vdom + bvdom = True + if specific_params: + if bvdom: + url += '&' + else: + url += "?" + url += specific_params + status, result_data = self._conn.send_request(url=url, method=method, data=json.dumps(data), params=parameters) + return self.formatresponse(result_data, vdom=vdom) + +# BEGIN DEPRECATED + + +def backup(module, running_config): + backup_path = module.params['backup_path'] + backup_filename = module.params['backup_filename'] + if not os.path.exists(backup_path): + try: + os.mkdir(backup_path) + except Exception: + module.fail_json(msg="Can't create directory {0} Permission denied ?".format(backup_path)) + tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time())) + if 0 < len(backup_filename): + filename = '%s/%s' % (backup_path, backup_filename) + else: + filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp) + try: + open(filename, 'w').write(running_config) + except Exception: + module.fail_json(msg="Can't create backup file {0} Permission denied ?".format(filename)) + + +class AnsibleFortios(object): + def __init__(self, module): + if not HAS_PYFG: + module.fail_json(msg='Could not import the python library pyFG required by this module') + + self.result = { + 'changed': False, + } + self.module = module + + def _connect(self): + if self.module.params['file_mode']: + self.forti_device = FortiOS('') + else: + host = self.module.params['host'] + username = self.module.params['username'] + password = self.module.params['password'] + timeout = self.module.params['timeout'] + vdom = self.module.params['vdom'] + + self.forti_device = FortiOS(host, username=username, password=password, timeout=timeout, vdom=vdom) + + try: + self.forti_device.open() + except Exception as e: + self.module.fail_json(msg='Error connecting device. %s' % to_text(e), + exception=traceback.format_exc()) + + def load_config(self, path): + self.path = path + self._connect() + # load in file_mode + if self.module.params['file_mode']: + try: + f = open(self.module.params['config_file'], 'r') + running = f.read() + f.close() + except IOError as e: + self.module.fail_json(msg='Error reading configuration file. %s' % to_text(e), + exception=traceback.format_exc()) + self.forti_device.load_config(config_text=running, path=path) + + else: + # get config + try: + self.forti_device.load_config(path=path) + except Exception as e: + self.forti_device.close() + self.module.fail_json(msg='Error reading running config. %s' % to_text(e), + exception=traceback.format_exc()) + + # set configs in object + self.result['running_config'] = self.forti_device.running_config.to_text() + self.candidate_config = self.forti_device.candidate_config + + # backup if needed + if self.module.params['backup']: + backup(self.module, self.forti_device.running_config.to_text()) + + def apply_changes(self): + change_string = self.forti_device.compare_config() + if change_string: + self.result['change_string'] = change_string + self.result['changed'] = True + + # Commit if not check mode + if change_string and not self.module.check_mode: + if self.module.params['file_mode']: + try: + f = open(self.module.params['config_file'], 'w') + f.write(self.candidate_config.to_text()) + f.close() + except IOError as e: + self.module.fail_json(msg='Error writing configuration file. %s' % + to_text(e), exception=traceback.format_exc()) + else: + try: + self.forti_device.commit() + except FailedCommit as e: + # Something's wrong (rollback is automatic) + self.forti_device.close() + error_list = self.get_error_infos(e) + self.module.fail_json(msg_error_list=error_list, msg="Unable to commit change, check your args, the error was %s" % e.message) + + self.forti_device.close() + self.module.exit_json(**self.result) + + def del_block(self, block_id): + self.forti_device.candidate_config[self.path].del_block(block_id) + + def add_block(self, block_id, block): + self.forti_device.candidate_config[self.path][block_id] = block + + def get_error_infos(self, cli_errors): + error_list = [] + for errors in cli_errors.args: + for error in errors: + error_code = error[0] + error_string = error[1] + error_type = fortios_error_codes.get(error_code, "unknown") + error_list.append(dict(error_code=error_code, error_type=error_type, error_string=error_string)) + + return error_list + + def get_empty_configuration_block(self, block_name, block_type): + return FortiConfig(block_name, block_type) + +# END DEPRECATED + diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/__init__.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_alertemail_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_alertemail_setting.py new file mode 100644 index 00000000..ece98543 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_alertemail_setting.py @@ -0,0 +1,596 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_alertemail_setting +short_description: Configure alert email settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify alertemail feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + alertemail_setting: + description: + - Configure alert email settings. + default: null + type: dict + suboptions: + admin_login_logs: + description: + - Enable/disable administrator login/logout logs in alert email. + type: str + choices: + - enable + - disable + alert_interval: + description: + - Alert alert interval in minutes. + type: int + amc_interface_bypass_mode: + description: + - Enable/disable Fortinet Advanced Mezzanine Card (AMC) interface bypass mode logs in alert email. + type: str + choices: + - enable + - disable + antivirus_logs: + description: + - Enable/disable antivirus logs in alert email. + type: str + choices: + - enable + - disable + configuration_changes_logs: + description: + - Enable/disable configuration change logs in alert email. + type: str + choices: + - enable + - disable + critical_interval: + description: + - Critical alert interval in minutes. + type: int + debug_interval: + description: + - Debug alert interval in minutes. + type: int + email_interval: + description: + - Interval between sending alert emails (1 - 99999 min). + type: int + emergency_interval: + description: + - Emergency alert interval in minutes. + type: int + error_interval: + description: + - Error alert interval in minutes. + type: int + FDS_license_expiring_days: + description: + - Number of days to send alert email prior to FortiGuard license expiration (1 - 100 days). + type: int + FDS_license_expiring_warning: + description: + - Enable/disable FortiGuard license expiration warnings in alert email. + type: str + choices: + - enable + - disable + FDS_update_logs: + description: + - Enable/disable FortiGuard update logs in alert email. + type: str + choices: + - enable + - disable + filter_mode: + description: + - How to filter log messages that are sent to alert emails. + type: str + choices: + - category + - threshold + FIPS_CC_errors: + description: + - Enable/disable FIPS and Common Criteria error logs in alert email. + type: str + choices: + - enable + - disable + firewall_authentication_failure_logs: + description: + - Enable/disable firewall authentication failure logs in alert email. + type: str + choices: + - enable + - disable + fortiguard_log_quota_warning: + description: + - Enable/disable FortiCloud log quota warnings in alert email. + type: str + choices: + - enable + - disable + FSSO_disconnect_logs: + description: + - Enable/disable logging of FSSO collector agent disconnect. + type: str + choices: + - enable + - disable + HA_logs: + description: + - Enable/disable HA logs in alert email. + type: str + choices: + - enable + - disable + information_interval: + description: + - Information alert interval in minutes. + type: int + IPS_logs: + description: + - Enable/disable IPS logs in alert email. + type: str + choices: + - enable + - disable + IPsec_errors_logs: + description: + - Enable/disable IPsec error logs in alert email. + type: str + choices: + - enable + - disable + local_disk_usage: + description: + - Disk usage percentage at which to send alert email (1 - 99 percent). + type: int + log_disk_usage_warning: + description: + - Enable/disable disk usage warnings in alert email. + type: str + choices: + - enable + - disable + mailto1: + description: + - Email address to send alert email to (usually a system administrator) (max. 64 characters). + type: str + mailto2: + description: + - Optional second email address to send alert email to (max. 64 characters). + type: str + mailto3: + description: + - Optional third email address to send alert email to (max. 64 characters). + type: str + notification_interval: + description: + - Notification alert interval in minutes. + type: int + PPP_errors_logs: + description: + - Enable/disable PPP error logs in alert email. + type: str + choices: + - enable + - disable + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + ssh_logs: + description: + - Enable/disable SSH logs in alert email. + type: str + choices: + - enable + - disable + sslvpn_authentication_errors_logs: + description: + - Enable/disable SSL-VPN authentication error logs in alert email. + type: str + choices: + - enable + - disable + username: + description: + - 'Name that appears in the From: field of alert emails (max. 36 characters).' + type: str + violation_traffic_logs: + description: + - Enable/disable violation traffic logs in alert email. + type: str + choices: + - enable + - disable + warning_interval: + description: + - Warning alert interval in minutes. + type: int + webfilter_logs: + description: + - Enable/disable web filter logs in alert email. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure alert email settings. + fortios_alertemail_setting: + vdom: "{{ vdom }}" + alertemail_setting: + admin_login_logs: "enable" + alert_interval: "4" + amc_interface_bypass_mode: "enable" + antivirus_logs: "enable" + configuration_changes_logs: "enable" + critical_interval: "8" + debug_interval: "9" + email_interval: "10" + emergency_interval: "11" + error_interval: "12" + FDS_license_expiring_days: "13" + FDS_license_expiring_warning: "enable" + FDS_update_logs: "enable" + filter_mode: "category" + FIPS_CC_errors: "enable" + firewall_authentication_failure_logs: "enable" + fortiguard_log_quota_warning: "enable" + FSSO_disconnect_logs: "enable" + HA_logs: "enable" + information_interval: "22" + IPS_logs: "enable" + IPsec_errors_logs: "enable" + local_disk_usage: "25" + log_disk_usage_warning: "enable" + mailto1: "" + mailto2: "" + mailto3: "" + notification_interval: "30" + PPP_errors_logs: "enable" + severity: "emergency" + ssh_logs: "enable" + sslvpn_authentication_errors_logs: "enable" + username: "" + violation_traffic_logs: "enable" + warning_interval: "37" + webfilter_logs: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_alertemail_setting_data(json): + option_list = ['admin_login_logs', 'alert_interval', 'amc_interface_bypass_mode', + 'antivirus_logs', 'configuration_changes_logs', 'critical_interval', + 'debug_interval', 'email_interval', 'emergency_interval', + 'error_interval', 'FDS_license_expiring_days', 'FDS_license_expiring_warning', + 'FDS_update_logs', 'filter_mode', 'FIPS_CC_errors', + 'firewall_authentication_failure_logs', 'fortiguard_log_quota_warning', 'FSSO_disconnect_logs', + 'HA_logs', 'information_interval', 'IPS_logs', + 'IPsec_errors_logs', 'local_disk_usage', 'log_disk_usage_warning', + 'mailto1', 'mailto2', 'mailto3', + 'notification_interval', 'PPP_errors_logs', 'severity', + 'ssh_logs', 'sslvpn_authentication_errors_logs', 'username', + 'violation_traffic_logs', 'warning_interval', 'webfilter_logs'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def alertemail_setting(data, fos): + vdom = data['vdom'] + alertemail_setting_data = data['alertemail_setting'] + filtered_data = underscore_to_hyphen(filter_alertemail_setting_data(alertemail_setting_data)) + + return fos.set('alertemail', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_alertemail(data, fos): + + if data['alertemail_setting']: + resp = alertemail_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('alertemail_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "alertemail_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "admin_login_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "alert_interval": {"required": False, "type": "int"}, + "amc_interface_bypass_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "antivirus_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "configuration_changes_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "critical_interval": {"required": False, "type": "int"}, + "debug_interval": {"required": False, "type": "int"}, + "email_interval": {"required": False, "type": "int"}, + "emergency_interval": {"required": False, "type": "int"}, + "error_interval": {"required": False, "type": "int"}, + "FDS_license_expiring_days": {"required": False, "type": "int"}, + "FDS_license_expiring_warning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "FDS_update_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter_mode": {"required": False, "type": "str", + "choices": ["category", + "threshold"]}, + "FIPS_CC_errors": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "firewall_authentication_failure_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortiguard_log_quota_warning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "FSSO_disconnect_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "HA_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "information_interval": {"required": False, "type": "int"}, + "IPS_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "IPsec_errors_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_disk_usage": {"required": False, "type": "int"}, + "log_disk_usage_warning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mailto1": {"required": False, "type": "str"}, + "mailto2": {"required": False, "type": "str"}, + "mailto3": {"required": False, "type": "str"}, + "notification_interval": {"required": False, "type": "int"}, + "PPP_errors_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "ssh_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_authentication_errors_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "username": {"required": False, "type": "str"}, + "violation_traffic_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "warning_interval": {"required": False, "type": "int"}, + "webfilter_logs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_alertemail(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_heuristic.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_heuristic.py new file mode 100644 index 00000000..704b9c81 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_heuristic.py @@ -0,0 +1,265 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_antivirus_heuristic +short_description: Configure global heuristic options in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify antivirus feature and heuristic category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + antivirus_heuristic: + description: + - Configure global heuristic options. + default: null + type: dict + suboptions: + mode: + description: + - Enable/disable heuristics and determine how the system behaves if heuristics detects a problem. + type: str + choices: + - pass + - block + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global heuristic options. + fortios_antivirus_heuristic: + vdom: "{{ vdom }}" + antivirus_heuristic: + mode: "pass" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_antivirus_heuristic_data(json): + option_list = ['mode'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def antivirus_heuristic(data, fos): + vdom = data['vdom'] + antivirus_heuristic_data = data['antivirus_heuristic'] + filtered_data = underscore_to_hyphen(filter_antivirus_heuristic_data(antivirus_heuristic_data)) + + return fos.set('antivirus', + 'heuristic', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_antivirus(data, fos): + + if data['antivirus_heuristic']: + resp = antivirus_heuristic(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('antivirus_heuristic')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "antivirus_heuristic": { + "required": False, "type": "dict", "default": None, + "options": { + "mode": {"required": False, "type": "str", + "choices": ["pass", + "block", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_antivirus(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_profile.py new file mode 100644 index 00000000..e807377c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_profile.py @@ -0,0 +1,1509 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_antivirus_profile +short_description: Configure AntiVirus profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify antivirus feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + antivirus_profile: + description: + - Configure AntiVirus profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + analytics_bl_filetype: + description: + - Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. + type: int + analytics_db: + description: + - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. + type: str + choices: + - disable + - enable + analytics_max_upload: + description: + - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes). + type: int + analytics_wl_filetype: + description: + - Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. + type: int + av_block_log: + description: + - Enable/disable logging for AntiVirus file blocking. + type: str + choices: + - enable + - disable + av_virus_log: + description: + - Enable/disable AntiVirus logging. + type: str + choices: + - enable + - disable + comment: + description: + - Comment. + type: str + content_disarm: + description: + - AV Content Disarm and Reconstruction settings. + type: dict + suboptions: + cover_page: + description: + - Enable/disable inserting a cover page into the disarmed document. + type: str + choices: + - disable + - enable + detect_only: + description: + - Enable/disable only detect disarmable files, do not alter content. + type: str + choices: + - disable + - enable + office_embed: + description: + - Enable/disable stripping of embedded objects in Microsoft Office documents. + type: str + choices: + - disable + - enable + office_hylink: + description: + - Enable/disable stripping of hyperlinks in Microsoft Office documents. + type: str + choices: + - disable + - enable + office_linked: + description: + - Enable/disable stripping of linked objects in Microsoft Office documents. + type: str + choices: + - disable + - enable + office_macro: + description: + - Enable/disable stripping of macros in Microsoft Office documents. + type: str + choices: + - disable + - enable + original_file_destination: + description: + - Destination to send original file if active content is removed. + type: str + choices: + - fortisandbox + - quarantine + - discard + pdf_act_form: + description: + - Enable/disable stripping of actions that submit data to other targets in PDF documents. + type: str + choices: + - disable + - enable + pdf_act_gotor: + description: + - Enable/disable stripping of links to other PDFs in PDF documents. + type: str + choices: + - disable + - enable + pdf_act_java: + description: + - Enable/disable stripping of actions that execute JavaScript code in PDF documents. + type: str + choices: + - disable + - enable + pdf_act_launch: + description: + - Enable/disable stripping of links to external applications in PDF documents. + type: str + choices: + - disable + - enable + pdf_act_movie: + description: + - Enable/disable stripping of embedded movies in PDF documents. + type: str + choices: + - disable + - enable + pdf_act_sound: + description: + - Enable/disable stripping of embedded sound files in PDF documents. + type: str + choices: + - disable + - enable + pdf_embedfile: + description: + - Enable/disable stripping of embedded files in PDF documents. + type: str + choices: + - disable + - enable + pdf_hyperlink: + description: + - Enable/disable stripping of hyperlinks from PDF documents. + type: str + choices: + - disable + - enable + pdf_javacode: + description: + - Enable/disable stripping of JavaScript code in PDF documents. + type: str + choices: + - disable + - enable + extended_log: + description: + - Enable/disable extended logging for antivirus. + type: str + choices: + - enable + - disable + ftgd_analytics: + description: + - Settings to control which files are uploaded to FortiSandbox. + type: str + choices: + - disable + - suspicious + - everything + ftp: + description: + - Configure FTP AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + options: + description: + - Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive + http: + description: + - Configure HTTP AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + content_disarm: + description: + - Enable Content Disarm and Reconstruction for this protocol. + type: str + choices: + - disable + - enable + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + options: + description: + - Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive + imap: + description: + - Configure IMAP AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + content_disarm: + description: + - Enable Content Disarm and Reconstruction for this protocol. + type: str + choices: + - disable + - enable + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + executables: + description: + - Treat Windows executable files as viruses for the purpose of blocking or monitoring. + type: str + choices: + - default + - virus + options: + description: + - Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive + inspection_mode: + description: + - Inspection mode. + type: str + choices: + - proxy + - flow-based + mapi: + description: + - Configure MAPI AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + executables: + description: + - Treat Windows executable files as viruses for the purpose of blocking or monitoring. + type: str + choices: + - default + - virus + options: + description: + - Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive + mobile_malware_db: + description: + - Enable/disable using the mobile malware signature database. + type: str + choices: + - disable + - enable + nac_quar: + description: + - Configure AntiVirus quarantine settings. + type: dict + suboptions: + expiry: + description: + - Duration of quarantine. + type: str + infected: + description: + - Enable/Disable quarantining infected hosts to the banned user list. + type: str + choices: + - none + - quar-src-ip + log: + description: + - Enable/disable AntiVirus quarantine logging. + type: str + choices: + - enable + - disable + name: + description: + - Profile name. + required: true + type: str + nntp: + description: + - Configure NNTP AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + options: + description: + - Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive + pop3: + description: + - Configure POP3 AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + content_disarm: + description: + - Enable Content Disarm and Reconstruction for this protocol. + type: str + choices: + - disable + - enable + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + executables: + description: + - Treat Windows executable files as viruses for the purpose of blocking or monitoring. + type: str + choices: + - default + - virus + options: + description: + - Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive + replacemsg_group: + description: + - Replacement message group customized for this profile. Source system.replacemsg-group.name. + type: str + scan_mode: + description: + - Choose between full scan mode and quick scan mode. + type: str + choices: + - quick + - full + smb: + description: + - Configure SMB AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + options: + description: + - Enable/disable SMB AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive + smtp: + description: + - Configure SMTP AntiVirus options. + type: dict + suboptions: + archive_block: + description: + - Select the archive types to block. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + archive_log: + description: + - Select the archive types to log. + type: str + choices: + - encrypted + - corrupted + - partiallycorrupted + - multipart + - nested + - mailbomb + - fileslimit + - timeout + - unhandled + content_disarm: + description: + - Enable Content Disarm and Reconstruction for this protocol. + type: str + choices: + - disable + - enable + emulator: + description: + - Enable/disable the virus emulator. + type: str + choices: + - enable + - disable + executables: + description: + - Treat Windows executable files as viruses for the purpose of blocking or monitoring. + type: str + choices: + - default + - virus + options: + description: + - Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. + type: str + choices: + - scan + - avmonitor + - quarantine + outbreak_prevention: + description: + - Enable FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - disabled + - files + - full-archive +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiVirus profiles. + fortios_antivirus_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + antivirus_profile: + analytics_bl_filetype: "3 (source dlp.filepattern.id)" + analytics_db: "disable" + analytics_max_upload: "5" + analytics_wl_filetype: "6 (source dlp.filepattern.id)" + av_block_log: "enable" + av_virus_log: "enable" + comment: "Comment." + content_disarm: + cover_page: "disable" + detect_only: "disable" + office_embed: "disable" + office_hylink: "disable" + office_linked: "disable" + office_macro: "disable" + original_file_destination: "fortisandbox" + pdf_act_form: "disable" + pdf_act_gotor: "disable" + pdf_act_java: "disable" + pdf_act_launch: "disable" + pdf_act_movie: "disable" + pdf_act_sound: "disable" + pdf_embedfile: "disable" + pdf_hyperlink: "disable" + pdf_javacode: "disable" + extended_log: "enable" + ftgd_analytics: "disable" + ftp: + archive_block: "encrypted" + archive_log: "encrypted" + emulator: "enable" + options: "scan" + outbreak_prevention: "disabled" + http: + archive_block: "encrypted" + archive_log: "encrypted" + content_disarm: "disable" + emulator: "enable" + options: "scan" + outbreak_prevention: "disabled" + imap: + archive_block: "encrypted" + archive_log: "encrypted" + content_disarm: "disable" + emulator: "enable" + executables: "default" + options: "scan" + outbreak_prevention: "disabled" + inspection_mode: "proxy" + mapi: + archive_block: "encrypted" + archive_log: "encrypted" + emulator: "enable" + executables: "default" + options: "scan" + outbreak_prevention: "disabled" + mobile_malware_db: "disable" + nac_quar: + expiry: "" + infected: "none" + log: "enable" + name: "default_name_63" + nntp: + archive_block: "encrypted" + archive_log: "encrypted" + emulator: "enable" + options: "scan" + outbreak_prevention: "disabled" + pop3: + archive_block: "encrypted" + archive_log: "encrypted" + content_disarm: "disable" + emulator: "enable" + executables: "default" + options: "scan" + outbreak_prevention: "disabled" + replacemsg_group: " (source system.replacemsg-group.name)" + scan_mode: "quick" + smb: + archive_block: "encrypted" + archive_log: "encrypted" + emulator: "enable" + options: "scan" + outbreak_prevention: "disabled" + smtp: + archive_block: "encrypted" + archive_log: "encrypted" + content_disarm: "disable" + emulator: "enable" + executables: "default" + options: "scan" + outbreak_prevention: "disabled" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_antivirus_profile_data(json): + option_list = ['analytics_bl_filetype', 'analytics_db', 'analytics_max_upload', + 'analytics_wl_filetype', 'av_block_log', 'av_virus_log', + 'comment', 'content_disarm', 'extended_log', + 'ftgd_analytics', 'ftp', 'http', + 'imap', 'inspection_mode', 'mapi', + 'mobile_malware_db', 'nac_quar', 'name', + 'nntp', 'pop3', 'replacemsg_group', + 'scan_mode', 'smb', 'smtp'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def antivirus_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['antivirus_profile'] and data['antivirus_profile']['state']: + state = data['antivirus_profile']['state'] + else: + state = True + antivirus_profile_data = data['antivirus_profile'] + filtered_data = underscore_to_hyphen(filter_antivirus_profile_data(antivirus_profile_data)) + + if state == "present": + return fos.set('antivirus', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('antivirus', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_antivirus(data, fos): + + if data['antivirus_profile']: + resp = antivirus_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('antivirus_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "antivirus_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "analytics_bl_filetype": {"required": False, "type": "int"}, + "analytics_db": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "analytics_max_upload": {"required": False, "type": "int"}, + "analytics_wl_filetype": {"required": False, "type": "int"}, + "av_block_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "av_virus_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comment": {"required": False, "type": "str"}, + "content_disarm": {"required": False, "type": "dict", + "options": { + "cover_page": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "detect_only": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "office_embed": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "office_hylink": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "office_linked": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "office_macro": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "original_file_destination": {"required": False, "type": "str", + "choices": ["fortisandbox", + "quarantine", + "discard"]}, + "pdf_act_form": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_act_gotor": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_act_java": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_act_launch": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_act_movie": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_act_sound": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_embedfile": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_hyperlink": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pdf_javacode": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + }}, + "extended_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ftgd_analytics": {"required": False, "type": "str", + "choices": ["disable", + "suspicious", + "everything"]}, + "ftp": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }}, + "http": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "content_disarm": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }}, + "imap": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "content_disarm": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "executables": {"required": False, "type": "str", + "choices": ["default", + "virus"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }}, + "inspection_mode": {"required": False, "type": "str", + "choices": ["proxy", + "flow-based"]}, + "mapi": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "executables": {"required": False, "type": "str", + "choices": ["default", + "virus"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }}, + "mobile_malware_db": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "nac_quar": {"required": False, "type": "dict", + "options": { + "expiry": {"required": False, "type": "str"}, + "infected": {"required": False, "type": "str", + "choices": ["none", + "quar-src-ip"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "name": {"required": True, "type": "str"}, + "nntp": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }}, + "pop3": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "content_disarm": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "executables": {"required": False, "type": "str", + "choices": ["default", + "virus"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }}, + "replacemsg_group": {"required": False, "type": "str"}, + "scan_mode": {"required": False, "type": "str", + "choices": ["quick", + "full"]}, + "smb": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }}, + "smtp": {"required": False, "type": "dict", + "options": { + "archive_block": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "archive_log": {"required": False, "type": "str", + "choices": ["encrypted", + "corrupted", + "partiallycorrupted", + "multipart", + "nested", + "mailbomb", + "fileslimit", + "timeout", + "unhandled"]}, + "content_disarm": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "emulator": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "executables": {"required": False, "type": "str", + "choices": ["default", + "virus"]}, + "options": {"required": False, "type": "str", + "choices": ["scan", + "avmonitor", + "quarantine"]}, + "outbreak_prevention": {"required": False, "type": "str", + "choices": ["disabled", + "files", + "full-archive"]} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_antivirus(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_quarantine.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_quarantine.py new file mode 100644 index 00000000..84cd9d5b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_quarantine.py @@ -0,0 +1,540 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_antivirus_quarantine +short_description: Configure quarantine options in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify antivirus feature and quarantine category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + antivirus_quarantine: + description: + - Configure quarantine options. + default: null + type: dict + suboptions: + agelimit: + description: + - Age limit for quarantined files (0 - 479 hours, 0 means forever). + type: int + destination: + description: + - Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them. + type: str + choices: + - NULL + - disk + - FortiAnalyzer + drop_blocked: + description: + - Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. + type: str + choices: + - imap + - smtp + - pop3 + - http + - ftp + - nntp + - imaps + - smtps + - pop3s + - ftps + - mapi + - cifs + - mm1 + - mm3 + - mm4 + - mm7 + drop_heuristic: + description: + - Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of + being quarantined. + type: str + choices: + - imap + - smtp + - pop3 + - http + - ftp + - nntp + - imaps + - smtps + - pop3s + - https + - ftps + - mapi + - cifs + - mm1 + - mm3 + - mm4 + - mm7 + drop_infected: + description: + - Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. + type: str + choices: + - imap + - smtp + - pop3 + - http + - ftp + - nntp + - imaps + - smtps + - pop3s + - https + - ftps + - mapi + - cifs + - mm1 + - mm3 + - mm4 + - mm7 + lowspace: + description: + - Select the method for handling additional files when running low on disk space. + type: str + choices: + - drop-new + - ovrw-old + maxfilesize: + description: + - Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited). + type: int + quarantine_quota: + description: + - The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space). + type: int + store_blocked: + description: + - Quarantine blocked files found in sessions using the selected protocols. + type: str + choices: + - imap + - smtp + - pop3 + - http + - ftp + - nntp + - imaps + - smtps + - pop3s + - ftps + - mapi + - cifs + - mm1 + - mm3 + - mm4 + - mm7 + store_heuristic: + description: + - Quarantine files detected by heuristics found in sessions using the selected protocols. + type: str + choices: + - imap + - smtp + - pop3 + - http + - ftp + - nntp + - imaps + - smtps + - pop3s + - https + - ftps + - mapi + - cifs + - mm1 + - mm3 + - mm4 + - mm7 + store_infected: + description: + - Quarantine infected files found in sessions using the selected protocols. + type: str + choices: + - imap + - smtp + - pop3 + - http + - ftp + - nntp + - imaps + - smtps + - pop3s + - https + - ftps + - mapi + - cifs + - mm1 + - mm3 + - mm4 + - mm7 +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure quarantine options. + fortios_antivirus_quarantine: + vdom: "{{ vdom }}" + antivirus_quarantine: + agelimit: "3" + destination: "NULL" + drop_blocked: "imap" + drop_heuristic: "imap" + drop_infected: "imap" + lowspace: "drop-new" + maxfilesize: "9" + quarantine_quota: "10" + store_blocked: "imap" + store_heuristic: "imap" + store_infected: "imap" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_antivirus_quarantine_data(json): + option_list = ['agelimit', 'destination', 'drop_blocked', + 'drop_heuristic', 'drop_infected', 'lowspace', + 'maxfilesize', 'quarantine_quota', 'store_blocked', + 'store_heuristic', 'store_infected'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def antivirus_quarantine(data, fos): + vdom = data['vdom'] + antivirus_quarantine_data = data['antivirus_quarantine'] + filtered_data = underscore_to_hyphen(filter_antivirus_quarantine_data(antivirus_quarantine_data)) + + return fos.set('antivirus', + 'quarantine', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_antivirus(data, fos): + + if data['antivirus_quarantine']: + resp = antivirus_quarantine(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('antivirus_quarantine')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "antivirus_quarantine": { + "required": False, "type": "dict", "default": None, + "options": { + "agelimit": {"required": False, "type": "int"}, + "destination": {"required": False, "type": "str", + "choices": ["NULL", + "disk", + "FortiAnalyzer"]}, + "drop_blocked": {"required": False, "type": "str", + "choices": ["imap", + "smtp", + "pop3", + "http", + "ftp", + "nntp", + "imaps", + "smtps", + "pop3s", + "ftps", + "mapi", + "cifs", + "mm1", + "mm3", + "mm4", + "mm7"]}, + "drop_heuristic": {"required": False, "type": "str", + "choices": ["imap", + "smtp", + "pop3", + "http", + "ftp", + "nntp", + "imaps", + "smtps", + "pop3s", + "https", + "ftps", + "mapi", + "cifs", + "mm1", + "mm3", + "mm4", + "mm7"]}, + "drop_infected": {"required": False, "type": "str", + "choices": ["imap", + "smtp", + "pop3", + "http", + "ftp", + "nntp", + "imaps", + "smtps", + "pop3s", + "https", + "ftps", + "mapi", + "cifs", + "mm1", + "mm3", + "mm4", + "mm7"]}, + "lowspace": {"required": False, "type": "str", + "choices": ["drop-new", + "ovrw-old"]}, + "maxfilesize": {"required": False, "type": "int"}, + "quarantine_quota": {"required": False, "type": "int"}, + "store_blocked": {"required": False, "type": "str", + "choices": ["imap", + "smtp", + "pop3", + "http", + "ftp", + "nntp", + "imaps", + "smtps", + "pop3s", + "ftps", + "mapi", + "cifs", + "mm1", + "mm3", + "mm4", + "mm7"]}, + "store_heuristic": {"required": False, "type": "str", + "choices": ["imap", + "smtp", + "pop3", + "http", + "ftp", + "nntp", + "imaps", + "smtps", + "pop3s", + "https", + "ftps", + "mapi", + "cifs", + "mm1", + "mm3", + "mm4", + "mm7"]}, + "store_infected": {"required": False, "type": "str", + "choices": ["imap", + "smtp", + "pop3", + "http", + "ftp", + "nntp", + "imaps", + "smtps", + "pop3s", + "https", + "ftps", + "mapi", + "cifs", + "mm1", + "mm3", + "mm4", + "mm7"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_antivirus(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_settings.py new file mode 100644 index 00000000..9a0ac43f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_antivirus_settings.py @@ -0,0 +1,283 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_antivirus_settings +short_description: Configure AntiVirus settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify antivirus feature and settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + antivirus_settings: + description: + - Configure AntiVirus settings. + default: null + type: dict + suboptions: + default_db: + description: + - Select the AV database to be used for AV scanning. + type: str + choices: + - normal + - extended + - extreme + grayware: + description: + - Enable/disable grayware detection when an AntiVirus profile is applied to traffic. + type: str + choices: + - enable + - disable + override_timeout: + description: + - Override the large file scan timeout value in seconds (30 - 3600). Zero is the default value and is used to disable this command. When + disabled, the daemon adjusts the large file scan timeout based on the file size. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiVirus settings. + fortios_antivirus_settings: + vdom: "{{ vdom }}" + antivirus_settings: + default_db: "normal" + grayware: "enable" + override_timeout: "5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_antivirus_settings_data(json): + option_list = ['default_db', 'grayware', 'override_timeout'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def antivirus_settings(data, fos): + vdom = data['vdom'] + antivirus_settings_data = data['antivirus_settings'] + filtered_data = underscore_to_hyphen(filter_antivirus_settings_data(antivirus_settings_data)) + + return fos.set('antivirus', + 'settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_antivirus(data, fos): + + if data['antivirus_settings']: + resp = antivirus_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('antivirus_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "antivirus_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "default_db": {"required": False, "type": "str", + "choices": ["normal", + "extended", + "extreme"]}, + "grayware": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_timeout": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_antivirus(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_custom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_custom.py new file mode 100644 index 00000000..19cb06dd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_custom.py @@ -0,0 +1,359 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_application_custom +short_description: Configure custom application signatures in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify application feature and custom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + application_custom: + description: + - Configure custom application signatures. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + behavior: + description: + - Custom application signature behavior. + type: str + category: + description: + - Custom application category ID (use ? to view available options). + type: int + comment: + description: + - Comment. + type: str + id: + description: + - Custom application category ID (use ? to view available options). + type: int + name: + description: + - Name of this custom application signature. + type: str + protocol: + description: + - Custom application signature protocol. + type: str + signature: + description: + - The text that makes up the actual custom application signature. + type: str + tag: + description: + - Signature tag. + required: true + type: str + technology: + description: + - Custom application signature technology. + type: str + vendor: + description: + - Custom application signature vendor. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom application signatures. + fortios_application_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_custom: + behavior: "" + category: "4" + comment: "Comment." + id: "6" + name: "default_name_7" + protocol: "" + signature: "" + tag: "" + technology: "" + vendor: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_application_custom_data(json): + option_list = ['behavior', 'category', 'comment', + 'id', 'name', 'protocol', + 'signature', 'tag', 'technology', + 'vendor'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def application_custom(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['application_custom'] and data['application_custom']['state']: + state = data['application_custom']['state'] + else: + state = True + application_custom_data = data['application_custom'] + filtered_data = underscore_to_hyphen(filter_application_custom_data(application_custom_data)) + + if state == "present": + return fos.set('application', + 'custom', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('application', + 'custom', + mkey=filtered_data['tag'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_application(data, fos): + + if data['application_custom']: + resp = application_custom(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('application_custom')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'tag' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "application_custom": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "behavior": {"required": False, "type": "str"}, + "category": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "id": {"required": False, "type": "int"}, + "name": {"required": False, "type": "str"}, + "protocol": {"required": False, "type": "str"}, + "signature": {"required": False, "type": "str"}, + "tag": {"required": True, "type": "str"}, + "technology": {"required": False, "type": "str"}, + "vendor": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_application(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_group.py new file mode 100644 index 00000000..d022a938 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_group.py @@ -0,0 +1,354 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_application_group +short_description: Configure firewall application groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify application feature and group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + application_group: + description: + - Configure firewall application groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + application: + description: + - Application ID list. + type: list + suboptions: + id: + description: + - Application IDs. + required: true + type: int + category: + description: + - Application category ID list. + type: list + suboptions: + id: + description: + - Category IDs. + required: true + type: int + comment: + description: + - Comment + type: str + name: + description: + - Application group name. + required: true + type: str + type: + description: + - Application group type. + type: str + choices: + - application + - category +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure firewall application groups. + fortios_application_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_group: + application: + - + id: "4" + category: + - + id: "6" + comment: "Comment" + name: "default_name_8" + type: "application" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_application_group_data(json): + option_list = ['application', 'category', 'comment', + 'name', 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def application_group(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['application_group'] and data['application_group']['state']: + state = data['application_group']['state'] + else: + state = True + application_group_data = data['application_group'] + filtered_data = underscore_to_hyphen(filter_application_group_data(application_group_data)) + + if state == "present": + return fos.set('application', + 'group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('application', + 'group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_application(data, fos): + + if data['application_group']: + resp = application_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('application_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "application_group": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "application": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "comment": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["application", + "category"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_application(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_list.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_list.py new file mode 100644 index 00000000..153a9003 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_list.py @@ -0,0 +1,701 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_application_list +short_description: Configure application control lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify application feature and list category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + application_list: + description: + - Configure application control lists. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + app_replacemsg: + description: + - Enable/disable replacement messages for blocked applications. + type: str + choices: + - disable + - enable + comment: + description: + - comments + type: str + deep_app_inspection: + description: + - Enable/disable deep application inspection. + type: str + choices: + - disable + - enable + entries: + description: + - Application list entries. + type: list + suboptions: + action: + description: + - Pass or block traffic, or reset connection for traffic from this application. + type: str + choices: + - pass + - block + - reset + application: + description: + - ID of allowed applications. + type: list + suboptions: + id: + description: + - Application IDs. + required: true + type: int + behavior: + description: + - Application behavior filter. + type: str + category: + description: + - Category ID list. + type: list + suboptions: + id: + description: + - Application category ID. + required: true + type: int + id: + description: + - Entry ID. + required: true + type: int + log: + description: + - Enable/disable logging for this application list. + type: str + choices: + - disable + - enable + log_packet: + description: + - Enable/disable packet logging. + type: str + choices: + - disable + - enable + parameters: + description: + - Application parameters. + type: list + suboptions: + id: + description: + - Parameter ID. + required: true + type: int + value: + description: + - Parameter value. + type: str + per_ip_shaper: + description: + - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. + type: str + popularity: + description: + - Application popularity filter (1 - 5, from least to most popular). + type: str + choices: + - 1 + - 2 + - 3 + - 4 + - 5 + protocols: + description: + - Application protocol filter. + type: str + quarantine: + description: + - Quarantine method. + type: str + choices: + - none + - attacker + quarantine_expiry: + description: + - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. + type: str + quarantine_log: + description: + - Enable/disable quarantine logging. + type: str + choices: + - disable + - enable + rate_count: + description: + - Count of the rate. + type: int + rate_duration: + description: + - Duration (sec) of the rate. + type: int + rate_mode: + description: + - Rate limit mode. + type: str + choices: + - periodical + - continuous + rate_track: + description: + - Track the packet protocol field. + type: str + choices: + - none + - src-ip + - dest-ip + - dhcp-client-mac + - dns-domain + risk: + description: + - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). + type: list + suboptions: + level: + description: + - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). + required: true + type: int + session_ttl: + description: + - Session TTL (0 = default). + type: int + shaper: + description: + - Traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + shaper_reverse: + description: + - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + sub_category: + description: + - Application Sub-category ID list. + type: list + suboptions: + id: + description: + - Application sub-category ID. + required: true + type: int + technology: + description: + - Application technology filter. + type: str + vendor: + description: + - Application vendor filter. + type: str + extended_log: + description: + - Enable/disable extended logging. + type: str + choices: + - enable + - disable + name: + description: + - List name. + required: true + type: str + options: + description: + - Basic application protocol signatures allowed by default. + type: str + choices: + - allow-dns + - allow-icmp + - allow-http + - allow-ssl + - allow-quic + other_application_action: + description: + - Action for other applications. + type: str + choices: + - pass + - block + other_application_log: + description: + - Enable/disable logging for other applications. + type: str + choices: + - disable + - enable + p2p_black_list: + description: + - P2P applications to be black listed. + type: str + choices: + - skype + - edonkey + - bittorrent + replacemsg_group: + description: + - Replacement message group. Source system.replacemsg-group.name. + type: str + unknown_application_action: + description: + - Pass or block traffic from unknown applications. + type: str + choices: + - pass + - block + unknown_application_log: + description: + - Enable/disable logging for unknown applications. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure application control lists. + fortios_application_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_list: + app_replacemsg: "disable" + comment: "comments" + deep_app_inspection: "disable" + entries: + - + action: "pass" + application: + - + id: "9" + behavior: "" + category: + - + id: "12" + id: "13" + log: "disable" + log_packet: "disable" + parameters: + - + id: "17" + value: "" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + popularity: "1" + protocols: "" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + rate_count: "25" + rate_duration: "26" + rate_mode: "periodical" + rate_track: "none" + risk: + - + level: "30" + session_ttl: "31" + shaper: " (source firewall.shaper.traffic-shaper.name)" + shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + sub_category: + - + id: "35" + technology: "" + vendor: "" + extended_log: "enable" + name: "default_name_39" + options: "allow-dns" + other_application_action: "pass" + other_application_log: "disable" + p2p_black_list: "skype" + replacemsg_group: " (source system.replacemsg-group.name)" + unknown_application_action: "pass" + unknown_application_log: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_application_list_data(json): + option_list = ['app_replacemsg', 'comment', 'deep_app_inspection', + 'entries', 'extended_log', 'name', + 'options', 'other_application_action', 'other_application_log', + 'p2p_black_list', 'replacemsg_group', 'unknown_application_action', + 'unknown_application_log'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def application_list(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['application_list'] and data['application_list']['state']: + state = data['application_list']['state'] + else: + state = True + application_list_data = data['application_list'] + filtered_data = underscore_to_hyphen(filter_application_list_data(application_list_data)) + + if state == "present": + return fos.set('application', + 'list', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('application', + 'list', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_application(data, fos): + + if data['application_list']: + resp = application_list(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('application_list')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "application_list": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "app_replacemsg": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "comment": {"required": False, "type": "str"}, + "deep_app_inspection": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "block", + "reset"]}, + "application": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "behavior": {"required": False, "type": "str"}, + "category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "id": {"required": True, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_packet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "parameters": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "value": {"required": False, "type": "str"} + }}, + "per_ip_shaper": {"required": False, "type": "str"}, + "popularity": {"required": False, "type": "str", + "choices": ["1", + "2", + "3", + "4", + "5"]}, + "protocols": {"required": False, "type": "str"}, + "quarantine": {"required": False, "type": "str", + "choices": ["none", + "attacker"]}, + "quarantine_expiry": {"required": False, "type": "str"}, + "quarantine_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rate_count": {"required": False, "type": "int"}, + "rate_duration": {"required": False, "type": "int"}, + "rate_mode": {"required": False, "type": "str", + "choices": ["periodical", + "continuous"]}, + "rate_track": {"required": False, "type": "str", + "choices": ["none", + "src-ip", + "dest-ip", + "dhcp-client-mac", + "dns-domain"]}, + "risk": {"required": False, "type": "list", + "options": { + "level": {"required": True, "type": "int"} + }}, + "session_ttl": {"required": False, "type": "int"}, + "shaper": {"required": False, "type": "str"}, + "shaper_reverse": {"required": False, "type": "str"}, + "sub_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "technology": {"required": False, "type": "str"}, + "vendor": {"required": False, "type": "str"} + }}, + "extended_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "options": {"required": False, "type": "str", + "choices": ["allow-dns", + "allow-icmp", + "allow-http", + "allow-ssl", + "allow-quic"]}, + "other_application_action": {"required": False, "type": "str", + "choices": ["pass", + "block"]}, + "other_application_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "p2p_black_list": {"required": False, "type": "str", + "choices": ["skype", + "edonkey", + "bittorrent"]}, + "replacemsg_group": {"required": False, "type": "str"}, + "unknown_application_action": {"required": False, "type": "str", + "choices": ["pass", + "block"]}, + "unknown_application_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_application(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_name.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_name.py new file mode 100644 index 00000000..a3f759ba --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_name.py @@ -0,0 +1,401 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_application_name +short_description: Configure application signatures in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify application feature and name category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + application_name: + description: + - Configure application signatures. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + behavior: + description: + - Application behavior. + type: str + category: + description: + - Application category ID. + type: int + id: + description: + - Application ID. + type: int + metadata: + description: + - Meta data. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + metaid: + description: + - Meta ID. + type: int + valueid: + description: + - Value ID. + type: int + name: + description: + - Application name. + required: true + type: str + parameter: + description: + - Application parameter name. + type: str + popularity: + description: + - Application popularity. + type: int + protocol: + description: + - Application protocol. + type: str + risk: + description: + - Application risk. + type: int + sub_category: + description: + - Application sub-category ID. + type: int + technology: + description: + - Application technology. + type: str + vendor: + description: + - Application vendor. + type: str + weight: + description: + - Application weight. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure application signatures. + fortios_application_name: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_name: + behavior: "" + category: "4" + id: "5" + metadata: + - + id: "7" + metaid: "8" + valueid: "9" + name: "default_name_10" + parameter: "" + popularity: "12" + protocol: "" + risk: "14" + sub_category: "15" + technology: "" + vendor: "" + weight: "18" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_application_name_data(json): + option_list = ['behavior', 'category', 'id', + 'metadata', 'name', 'parameter', + 'popularity', 'protocol', 'risk', + 'sub_category', 'technology', 'vendor', + 'weight'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def application_name(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['application_name'] and data['application_name']['state']: + state = data['application_name']['state'] + else: + state = True + application_name_data = data['application_name'] + filtered_data = underscore_to_hyphen(filter_application_name_data(application_name_data)) + + if state == "present": + return fos.set('application', + 'name', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('application', + 'name', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_application(data, fos): + + if data['application_name']: + resp = application_name(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('application_name')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "application_name": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "behavior": {"required": False, "type": "str"}, + "category": {"required": False, "type": "int"}, + "id": {"required": False, "type": "int"}, + "metadata": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "metaid": {"required": False, "type": "int"}, + "valueid": {"required": False, "type": "int"} + }}, + "name": {"required": True, "type": "str"}, + "parameter": {"required": False, "type": "str"}, + "popularity": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "str"}, + "risk": {"required": False, "type": "int"}, + "sub_category": {"required": False, "type": "int"}, + "technology": {"required": False, "type": "str"}, + "vendor": {"required": False, "type": "str"}, + "weight": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_application(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_rule_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_rule_settings.py new file mode 100644 index 00000000..3da2e5fd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_application_rule_settings.py @@ -0,0 +1,302 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_application_rule_settings +short_description: Configure application rule settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify application feature and rule_settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + application_rule_settings: + description: + - Configure application rule settings. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + id: + description: + - Rule ID. + required: true + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure application rule settings. + fortios_application_rule_settings: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + application_rule_settings: + id: "3" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_application_rule_settings_data(json): + option_list = ['id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def application_rule_settings(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['application_rule_settings'] and data['application_rule_settings']['state']: + state = data['application_rule_settings']['state'] + else: + state = True + application_rule_settings_data = data['application_rule_settings'] + filtered_data = underscore_to_hyphen(filter_application_rule_settings_data(application_rule_settings_data)) + + if state == "present": + return fos.set('application', + 'rule-settings', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('application', + 'rule-settings', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_application(data, fos): + + if data['application_rule_settings']: + resp = application_rule_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('application_rule_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "application_rule_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "id": {"required": True, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_application(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_rule.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_rule.py new file mode 100644 index 00000000..37881e0f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_rule.py @@ -0,0 +1,416 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_authentication_rule +short_description: Configure Authentication Rules in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify authentication feature and rule category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + authentication_rule: + description: + - Configure Authentication Rules. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + active_auth_method: + description: + - Select an active authentication method. Source authentication.scheme.name. + type: str + comments: + description: + - Comment. + type: str + ip_based: + description: + - Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed. + type: str + choices: + - enable + - disable + name: + description: + - Authentication rule name. + required: true + type: str + protocol: + description: + - Select the protocol to use for authentication . Users connect to the FortiGate using this protocol and are asked to authenticate. + type: str + choices: + - http + - ftp + - socks + - ssh + srcaddr: + description: + - Select an IPv4 source address from available options. Required for web proxy authentication. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. + required: true + type: str + srcaddr6: + description: + - Select an IPv6 source address. Required for web proxy authentication. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + sso_auth_method: + description: + - Select a single-sign on (SSO) authentication method. Source authentication.scheme.name. + type: str + status: + description: + - Enable/disable this authentication rule. + type: str + choices: + - enable + - disable + transaction_based: + description: + - Enable/disable transaction based authentication . + type: str + choices: + - enable + - disable + web_auth_cookie: + description: + - Enable/disable Web authentication cookies . + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Authentication Rules. + fortios_authentication_rule: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + authentication_rule: + active_auth_method: " (source authentication.scheme.name)" + comments: "" + ip_based: "enable" + name: "default_name_6" + protocol: "http" + srcaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)" + srcaddr6: + - + name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)" + sso_auth_method: " (source authentication.scheme.name)" + status: "enable" + transaction_based: "enable" + web_auth_cookie: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_authentication_rule_data(json): + option_list = ['active_auth_method', 'comments', 'ip_based', + 'name', 'protocol', 'srcaddr', + 'srcaddr6', 'sso_auth_method', 'status', + 'transaction_based', 'web_auth_cookie'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def authentication_rule(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['authentication_rule'] and data['authentication_rule']['state']: + state = data['authentication_rule']['state'] + else: + state = True + authentication_rule_data = data['authentication_rule'] + filtered_data = underscore_to_hyphen(filter_authentication_rule_data(authentication_rule_data)) + + if state == "present": + return fos.set('authentication', + 'rule', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('authentication', + 'rule', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_authentication(data, fos): + + if data['authentication_rule']: + resp = authentication_rule(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('authentication_rule')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "authentication_rule": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "active_auth_method": {"required": False, "type": "str"}, + "comments": {"required": False, "type": "str"}, + "ip_based": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "protocol": {"required": False, "type": "str", + "choices": ["http", + "ftp", + "socks", + "ssh"]}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "sso_auth_method": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "transaction_based": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_auth_cookie": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_authentication(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_scheme.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_scheme.py new file mode 100644 index 00000000..9b9833c5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_scheme.py @@ -0,0 +1,395 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_authentication_scheme +short_description: Configure Authentication Schemes in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify authentication feature and scheme category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + authentication_scheme: + description: + - Configure Authentication Schemes. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + domain_controller: + description: + - Domain controller setting. Source user.domain-controller.name. + type: str + fsso_agent_for_ntlm: + description: + - FSSO agent to use for NTLM authentication. Source user.fsso.name. + type: str + fsso_guest: + description: + - Enable/disable user fsso-guest authentication . + type: str + choices: + - enable + - disable + method: + description: + - Authentication methods . + type: str + choices: + - ntlm + - basic + - digest + - form + - negotiate + - fsso + - rsso + - ssh-publickey + name: + description: + - Authentication scheme name. + required: true + type: str + negotiate_ntlm: + description: + - Enable/disable negotiate authentication for NTLM . + type: str + choices: + - enable + - disable + require_tfa: + description: + - Enable/disable two-factor authentication . + type: str + choices: + - enable + - disable + ssh_ca: + description: + - SSH CA name. Source firewall.ssh.local-ca.name. + type: str + user_database: + description: + - Authentication server to contain user information; "local" (default) or "123" (for LDAP). + type: list + suboptions: + name: + description: + - Authentication server name. Source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Authentication Schemes. + fortios_authentication_scheme: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + authentication_scheme: + domain_controller: " (source user.domain-controller.name)" + fsso_agent_for_ntlm: " (source user.fsso.name)" + fsso_guest: "enable" + method: "ntlm" + name: "default_name_7" + negotiate_ntlm: "enable" + require_tfa: "enable" + ssh_ca: " (source firewall.ssh.local-ca.name)" + user_database: + - + name: "default_name_12 (source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_authentication_scheme_data(json): + option_list = ['domain_controller', 'fsso_agent_for_ntlm', 'fsso_guest', + 'method', 'name', 'negotiate_ntlm', + 'require_tfa', 'ssh_ca', 'user_database'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def authentication_scheme(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['authentication_scheme'] and data['authentication_scheme']['state']: + state = data['authentication_scheme']['state'] + else: + state = True + authentication_scheme_data = data['authentication_scheme'] + filtered_data = underscore_to_hyphen(filter_authentication_scheme_data(authentication_scheme_data)) + + if state == "present": + return fos.set('authentication', + 'scheme', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('authentication', + 'scheme', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_authentication(data, fos): + + if data['authentication_scheme']: + resp = authentication_scheme(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('authentication_scheme')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "authentication_scheme": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "domain_controller": {"required": False, "type": "str"}, + "fsso_agent_for_ntlm": {"required": False, "type": "str"}, + "fsso_guest": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "method": {"required": False, "type": "str", + "choices": ["ntlm", + "basic", + "digest", + "form", + "negotiate", + "fsso", + "rsso", + "ssh-publickey"]}, + "name": {"required": True, "type": "str"}, + "negotiate_ntlm": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "require_tfa": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh_ca": {"required": False, "type": "str"}, + "user_database": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_authentication(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_setting.py new file mode 100644 index 00000000..6f40ca08 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_authentication_setting.py @@ -0,0 +1,307 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_authentication_setting +short_description: Configure authentication setting in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify authentication feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + authentication_setting: + description: + - Configure authentication setting. + default: null + type: dict + suboptions: + active_auth_scheme: + description: + - Active authentication method (scheme name). Source authentication.scheme.name. + type: str + captive_portal: + description: + - Captive portal host name. Source firewall.address.name. + type: str + captive_portal_ip: + description: + - Captive portal IP address. + type: str + captive_portal_ip6: + description: + - Captive portal IPv6 address. + type: str + captive_portal_port: + description: + - Captive portal port number (1 - 65535). + type: int + captive_portal_type: + description: + - Captive portal type. + type: str + choices: + - fqdn + - ip + captive_portal6: + description: + - IPv6 captive portal host name. Source firewall.address6.name. + type: str + sso_auth_scheme: + description: + - Single-Sign-On authentication method (scheme name). Source authentication.scheme.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure authentication setting. + fortios_authentication_setting: + vdom: "{{ vdom }}" + authentication_setting: + active_auth_scheme: " (source authentication.scheme.name)" + captive_portal: " (source firewall.address.name)" + captive_portal_ip: "" + captive_portal_ip6: "" + captive_portal_port: "7" + captive_portal_type: "fqdn" + captive_portal6: " (source firewall.address6.name)" + sso_auth_scheme: " (source authentication.scheme.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_authentication_setting_data(json): + option_list = ['active_auth_scheme', 'captive_portal', 'captive_portal_ip', + 'captive_portal_ip6', 'captive_portal_port', 'captive_portal_type', + 'captive_portal6', 'sso_auth_scheme'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def authentication_setting(data, fos): + vdom = data['vdom'] + authentication_setting_data = data['authentication_setting'] + filtered_data = underscore_to_hyphen(filter_authentication_setting_data(authentication_setting_data)) + + return fos.set('authentication', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_authentication(data, fos): + + if data['authentication_setting']: + resp = authentication_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('authentication_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "authentication_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "active_auth_scheme": {"required": False, "type": "str"}, + "captive_portal": {"required": False, "type": "str"}, + "captive_portal_ip": {"required": False, "type": "str"}, + "captive_portal_ip6": {"required": False, "type": "str"}, + "captive_portal_port": {"required": False, "type": "int"}, + "captive_portal_type": {"required": False, "type": "str", + "choices": ["fqdn", + "ip"]}, + "captive_portal6": {"required": False, "type": "str"}, + "sso_auth_scheme": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_authentication(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_ca.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_ca.py new file mode 100644 index 00000000..d05d341b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_ca.py @@ -0,0 +1,357 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_certificate_ca +short_description: CA certificate in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify certificate feature and ca category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + certificate_ca: + description: + - CA certificate. + default: null + type: dict + suboptions: + auto_update_days: + description: + - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). + type: int + auto_update_days_warning: + description: + - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). + type: int + ca: + description: + - CA certificate as a PEM file. + type: str + last_updated: + description: + - Time at which CA was last updated. + type: int + name: + description: + - Name. + required: true + type: str + range: + description: + - Either global or VDOM IP address range for the CA certificate. + type: str + choices: + - global + - vdom + scep_url: + description: + - URL of the SCEP server. + type: str + source: + description: + - CA certificate source type. + type: str + choices: + - factory + - user + - bundle + - fortiguard + source_ip: + description: + - Source IP address for communications to the SCEP server. + type: str + trusted: + description: + - Enable/disable as a trusted CA. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: CA certificate. + fortios_certificate_ca: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + certificate_ca: + auto_update_days: "3" + auto_update_days_warning: "4" + ca: "" + last_updated: "6" + name: "default_name_7" + range: "global" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + trusted: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_certificate_ca_data(json): + option_list = ['auto_update_days', 'auto_update_days_warning', 'ca', + 'last_updated', 'name', 'range', + 'scep_url', 'source', 'source_ip', + 'trusted'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def certificate_ca(data, fos): + vdom = data['vdom'] + state = data['state'] + certificate_ca_data = data['certificate_ca'] + filtered_data = underscore_to_hyphen(filter_certificate_ca_data(certificate_ca_data)) + + if state == "present": + return fos.set('certificate', + 'ca', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('certificate', + 'ca', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_certificate(data, fos): + + if data['certificate_ca']: + resp = certificate_ca(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('certificate_ca')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "certificate_ca": { + "required": False, "type": "dict", "default": None, + "options": { + "auto_update_days": {"required": False, "type": "int"}, + "auto_update_days_warning": {"required": False, "type": "int"}, + "ca": {"required": False, "type": "str"}, + "last_updated": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "range": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "scep_url": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["factory", + "user", + "bundle", + "fortiguard"]}, + "source_ip": {"required": False, "type": "str"}, + "trusted": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_crl.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_crl.py new file mode 100644 index 00000000..8692aad0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_crl.py @@ -0,0 +1,377 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_certificate_crl +short_description: Certificate Revocation List as a PEM file in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify certificate feature and crl category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + certificate_crl: + description: + - Certificate Revocation List as a PEM file. + default: null + type: dict + suboptions: + crl: + description: + - Certificate Revocation List as a PEM file. + type: str + http_url: + description: + - HTTP server URL for CRL auto-update. + type: str + last_updated: + description: + - Time at which CRL was last updated. + type: int + ldap_password: + description: + - LDAP server user password. + type: str + ldap_server: + description: + - LDAP server name for CRL auto-update. + type: str + ldap_username: + description: + - LDAP server user name. + type: str + name: + description: + - Name. + required: true + type: str + range: + description: + - Either global or VDOM IP address range for the certificate. + type: str + choices: + - global + - vdom + scep_cert: + description: + - Local certificate for SCEP communication for CRL auto-update. Source certificate.local.name. + type: str + scep_url: + description: + - SCEP server URL for CRL auto-update. + type: str + source: + description: + - Certificate source type. + type: str + choices: + - factory + - user + - bundle + - fortiguard + source_ip: + description: + - Source IP address for communications to a HTTP or SCEP CA server. + type: str + update_interval: + description: + - Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. + type: int + update_vdom: + description: + - VDOM for CRL update. Source system.vdom.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Certificate Revocation List as a PEM file. + fortios_certificate_crl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + certificate_crl: + crl: "" + http_url: "" + last_updated: "5" + ldap_password: "" + ldap_server: "" + ldap_username: "" + name: "default_name_9" + range: "global" + scep_cert: " (source certificate.local.name)" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + update_interval: "15" + update_vdom: " (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_certificate_crl_data(json): + option_list = ['crl', 'http_url', 'last_updated', + 'ldap_password', 'ldap_server', 'ldap_username', + 'name', 'range', 'scep_cert', + 'scep_url', 'source', 'source_ip', + 'update_interval', 'update_vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def certificate_crl(data, fos): + vdom = data['vdom'] + state = data['state'] + certificate_crl_data = data['certificate_crl'] + filtered_data = underscore_to_hyphen(filter_certificate_crl_data(certificate_crl_data)) + + if state == "present": + return fos.set('certificate', + 'crl', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('certificate', + 'crl', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_certificate(data, fos): + + if data['certificate_crl']: + resp = certificate_crl(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('certificate_crl')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "certificate_crl": { + "required": False, "type": "dict", "default": None, + "options": { + "crl": {"required": False, "type": "str"}, + "http_url": {"required": False, "type": "str"}, + "last_updated": {"required": False, "type": "int"}, + "ldap_password": {"required": False, "type": "str"}, + "ldap_server": {"required": False, "type": "str"}, + "ldap_username": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "range": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "scep_cert": {"required": False, "type": "str"}, + "scep_url": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["factory", + "user", + "bundle", + "fortiguard"]}, + "source_ip": {"required": False, "type": "str"}, + "update_interval": {"required": False, "type": "int"}, + "update_vdom": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_local.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_local.py new file mode 100644 index 00000000..1474bbec --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_certificate_local.py @@ -0,0 +1,462 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_certificate_local +short_description: Local keys and certificates in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify certificate feature and local category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + certificate_local: + description: + - Local keys and certificates. + default: null + type: dict + suboptions: + auto_regenerate_days: + description: + - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). + type: int + auto_regenerate_days_warning: + description: + - Number of days to wait before an expiry warning message is generated (0 = disabled). + type: int + ca_identifier: + description: + - CA identifier of the CA server for signing via SCEP. + type: str + certificate: + description: + - PEM format certificate. + type: str + cmp_path: + description: + - Path location inside CMP server. + type: str + cmp_regeneration_method: + description: + - CMP auto-regeneration method. + type: str + choices: + - keyupate + - renewal + cmp_server: + description: + - '"ADDRESS:PORT" for CMP server.' + type: str + cmp_server_cert: + description: + - CMP server certificate. Source certificate.ca.name. + type: str + comments: + description: + - Comment. + type: str + csr: + description: + - Certificate Signing Request. + type: str + enroll_protocol: + description: + - Certificate enrollment protocol. + type: str + choices: + - none + - scep + - cmpv2 + ike_localid: + description: + - Local ID the FortiGate uses for authentication as a VPN client. + type: str + ike_localid_type: + description: + - IKE local ID type. + type: str + choices: + - asn1dn + - fqdn + last_updated: + description: + - Time at which certificate was last updated. + type: int + name: + description: + - Name. + required: true + type: str + name_encoding: + description: + - Name encoding method for auto-regeneration. + type: str + choices: + - printable + - utf8 + password: + description: + - Password as a PEM file. + type: str + private_key: + description: + - PEM format key, encrypted with a password. + type: str + range: + description: + - Either a global or VDOM IP address range for the certificate. + type: str + choices: + - global + - vdom + scep_password: + description: + - SCEP server challenge password for auto-regeneration. + type: str + scep_url: + description: + - SCEP server URL. + type: str + source: + description: + - Certificate source type. + type: str + choices: + - factory + - user + - bundle + - fortiguard + source_ip: + description: + - Source IP address for communications to the SCEP server. + type: str + state: + description: + - Certificate Signing Request State. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Local keys and certificates. + fortios_certificate_local: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + certificate_local: + auto_regenerate_days: "3" + auto_regenerate_days_warning: "4" + ca_identifier: "myId_5" + certificate: "" + cmp_path: "" + cmp_regeneration_method: "keyupate" + cmp_server: "" + cmp_server_cert: " (source certificate.ca.name)" + comments: "" + csr: "" + enroll_protocol: "none" + ike_localid: "" + ike_localid_type: "asn1dn" + last_updated: "16" + name: "default_name_17" + name_encoding: "printable" + password: "" + private_key: "" + range: "global" + scep_password: "" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + state: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_certificate_local_data(json): + option_list = ['auto_regenerate_days', 'auto_regenerate_days_warning', 'ca_identifier', + 'certificate', 'cmp_path', 'cmp_regeneration_method', + 'cmp_server', 'cmp_server_cert', 'comments', + 'csr', 'enroll_protocol', 'ike_localid', + 'ike_localid_type', 'last_updated', 'name', + 'name_encoding', 'password', 'private_key', + 'range', 'scep_password', 'scep_url', + 'source', 'source_ip', 'state'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def certificate_local(data, fos): + vdom = data['vdom'] + state = data['state'] + certificate_local_data = data['certificate_local'] + filtered_data = underscore_to_hyphen(filter_certificate_local_data(certificate_local_data)) + + if state == "present": + return fos.set('certificate', + 'local', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('certificate', + 'local', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_certificate(data, fos): + + if data['certificate_local']: + resp = certificate_local(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('certificate_local')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "certificate_local": { + "required": False, "type": "dict", "default": None, + "options": { + "auto_regenerate_days": {"required": False, "type": "int"}, + "auto_regenerate_days_warning": {"required": False, "type": "int"}, + "ca_identifier": {"required": False, "type": "str"}, + "certificate": {"required": False, "type": "str"}, + "cmp_path": {"required": False, "type": "str"}, + "cmp_regeneration_method": {"required": False, "type": "str", + "choices": ["keyupate", + "renewal"]}, + "cmp_server": {"required": False, "type": "str"}, + "cmp_server_cert": {"required": False, "type": "str"}, + "comments": {"required": False, "type": "str"}, + "csr": {"required": False, "type": "str"}, + "enroll_protocol": {"required": False, "type": "str", + "choices": ["none", + "scep", + "cmpv2"]}, + "ike_localid": {"required": False, "type": "str"}, + "ike_localid_type": {"required": False, "type": "str", + "choices": ["asn1dn", + "fqdn"]}, + "last_updated": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "name_encoding": {"required": False, "type": "str", + "choices": ["printable", + "utf8"]}, + "password": {"required": False, "type": "str"}, + "private_key": {"required": False, "type": "str"}, + "range": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "scep_password": {"required": False, "type": "str"}, + "scep_url": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["factory", + "user", + "bundle", + "fortiguard"]}, + "source_ip": {"required": False, "type": "str"}, + "state": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py new file mode 100644 index 00000000..c02efc34 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py @@ -0,0 +1,2285 @@ +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + +MODULE_MKEY_DEFINITONS = { + "log_gui-display": { + "mkey_type": None, + "mkey": "None", + }, + "router_route-map": { + "mkey_type": str, + "mkey": "name", + }, + "authentication_rule": { + "mkey_type": str, + "mkey": "name", + }, + "log.fortianalyzer_override-setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall.ssl_setting": { + "mkey_type": None, + "mkey": "None", + }, + "vpn.ipsec_phase2-interface": { + "mkey_type": str, + "mkey": "name", + }, + "router_key-chain": { + "mkey_type": str, + "mkey": "name", + }, + "system_ddns": { + "mkey_type": int, + "mkey": "ddnsid", + }, + "system_replacemsg-group": { + "mkey_type": str, + "mkey": "name", + }, + "system_ftm-push": { + "mkey_type": None, + "mkey": "None", + }, + "system_sms-server": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_central-snat-map": { + "mkey_type": int, + "mkey": "policyid", + }, + "firewall_multicast-address6": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_sslvpn": { + "mkey_type": str, + "mkey": "msg_type", + }, + "system_pppoe-interface": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_addrgrp6": { + "mkey_type": str, + "mkey": "name", + }, + "log.disk_filter": { + "mkey_type": None, + "mkey": "None", + }, + "system_affinity-packet-redistribution": { + "mkey_type": int, + "mkey": "id", + }, + "firewall_proxy-address": { + "mkey_type": str, + "mkey": "name", + }, + "router_bgp": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller_custom-command": { + "mkey_type": str, + "mkey": "command_name", + }, + "system_resource-limits": { + "mkey_type": None, + "mkey": "None", + }, + "system.replacemsg_auth": { + "mkey_type": str, + "mkey": "msg_type", + }, + "system.autoupdate_schedule": { + "mkey_type": None, + "mkey": "None", + }, + "waf_sub-class": { + "mkey_type": int, + "mkey": "id", + }, + "firewall_local-in-policy6": { + "mkey_type": int, + "mkey": "policyid", + }, + "log.fortianalyzer_override-filter": { + "mkey_type": None, + "mkey": "None", + }, + "system.replacemsg_icap": { + "mkey_type": str, + "mkey": "msg_type", + }, + "system_object-tagging": { + "mkey_type": str, + "mkey": "category", + }, + "spamfilter_profile": { + "mkey_type": str, + "mkey": "name", + }, + "spamfilter_bwl": { + "mkey_type": int, + "mkey": "id", + }, + "web-proxy_profile": { + "mkey_type": str, + "mkey": "name", + }, + "spamfilter_mheader": { + "mkey_type": int, + "mkey": "id", + }, + "user_adgrp": { + "mkey_type": str, + "mkey": "name", + }, + "system_auto-script": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_quarantine": { + "mkey_type": None, + "mkey": "None", + }, + "firewall.service_category": { + "mkey_type": str, + "mkey": "name", + }, + "system_link-monitor": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_stp-settings": { + "mkey_type": None, + "mkey": "None", + }, + "user_security-exempt-list": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller.qos_qos-policy": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_sniffer": { + "mkey_type": int, + "mkey": "id", + }, + "log.fortiguard_override-setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_internet-service": { + "mkey_type": int, + "mkey": "id", + }, + "firewall_vipgrp46": { + "mkey_type": str, + "mkey": "name", + }, + "log.webtrends_filter": { + "mkey_type": None, + "mkey": "None", + }, + "webfilter_ips-urlfilter-setting6": { + "mkey_type": None, + "mkey": "None", + }, + "router_prefix-list6": { + "mkey_type": str, + "mkey": "name", + }, + "log_setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_address6-template": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller.hotspot20_h2qp-wan-metric": { + "mkey_type": str, + "mkey": "name", + }, + "system_automation-action": { + "mkey_type": str, + "mkey": "name", + }, + "system.autoupdate_tunneling": { + "mkey_type": None, + "mkey": "None", + }, + "webfilter_ips-urlfilter-setting": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller_network-monitor-settings": { + "mkey_type": None, + "mkey": "None", + }, + "system_alias": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_mac-sync-settings": { + "mkey_type": None, + "mkey": "None", + }, + "web-proxy_forward-server-group": { + "mkey_type": str, + "mkey": "name", + }, + "system_session-helper": { + "mkey_type": int, + "mkey": "id", + }, + "router_community-list": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller_qos-profile": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_dnstranslation": { + "mkey_type": int, + "mkey": "id", + }, + "vpn.ssl.web_portal": { + "mkey_type": str, + "mkey": "name", + }, + "system_vdom-property": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_device-detection-portal": { + "mkey_type": str, + "mkey": "msg_type", + }, + "log.syslogd2_setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_internet-service-custom-group": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_profile-group": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.service_group": { + "mkey_type": str, + "mkey": "name", + }, + "system.autoupdate_push-update": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_address6": { + "mkey_type": str, + "mkey": "name", + }, + "endpoint-control_profile": { + "mkey_type": str, + "mkey": "profile_name", + }, + "wireless-controller_wids-profile": { + "mkey_type": str, + "mkey": "name", + }, + "log.fortiguard_filter": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_ipv6-eh-filter": { + "mkey_type": None, + "mkey": "None", + }, + "user_device-category": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_identity-based-route": { + "mkey_type": str, + "mkey": "name", + }, + "system_console": { + "mkey_type": None, + "mkey": "None", + }, + "system_ntp": { + "mkey_type": None, + "mkey": "None", + }, + "system_nat64": { + "mkey_type": None, + "mkey": "None", + }, + "system.3g-modem_custom": { + "mkey_type": int, + "mkey": "id", + }, + "report_layout": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller_timers": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller.hotspot20_icon": { + "mkey_type": str, + "mkey": "name", + }, + "log.memory_global-setting": { + "mkey_type": None, + "mkey": "None", + }, + "router_multicast-flow": { + "mkey_type": str, + "mkey": "name", + }, + "ssh-filter_profile": { + "mkey_type": str, + "mkey": "name", + }, + "system_fortisandbox": { + "mkey_type": None, + "mkey": "None", + }, + "system_virtual-wan-link": { + "mkey_type": None, + "mkey": "None", + }, + "ips_sensor": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.wildcard-fqdn_custom": { + "mkey_type": str, + "mkey": "name", + }, + "router_static": { + "mkey_type": int, + "mkey": "seq_num", + }, + "alertemail_setting": { + "mkey_type": None, + "mkey": "None", + }, + "user_fortitoken": { + "mkey_type": str, + "mkey": "serial_number", + }, + "web-proxy_debug-url": { + "mkey_type": str, + "mkey": "name", + }, + "webfilter_override": { + "mkey_type": int, + "mkey": "id", + }, + "system_fsso-polling": { + "mkey_type": None, + "mkey": "None", + }, + "user_peer": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ssl.web_host-check-software": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_lldp-profile": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ssl.web_realm": { + "mkey_type": str, + "mkey": "url_path", + }, + "system_stp": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller.security-policy_captive-portal": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_shaping-policy": { + "mkey_type": int, + "mkey": "id", + }, + "log_custom-field": { + "mkey_type": str, + "mkey": "id", + }, + "firewall_address": { + "mkey_type": str, + "mkey": "name", + }, + "certificate_crl": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.ssh_setting": { + "mkey_type": None, + "mkey": "None", + }, + "router_access-list": { + "mkey_type": str, + "mkey": "name", + }, + "log.memory_setting": { + "mkey_type": None, + "mkey": "None", + }, + "system_alarm": { + "mkey_type": None, + "mkey": "None", + }, + "system_ipv6-neighbor-cache": { + "mkey_type": int, + "mkey": "id", + }, + "system_cluster-sync": { + "mkey_type": int, + "mkey": "sync_id", + }, + "wanopt_settings": { + "mkey_type": None, + "mkey": "None", + }, + "endpoint-control_registered-forticlient": { + "mkey_type": str, + "mkey": "uid", + }, + "system_dedicated-mgmt": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_policy46": { + "mkey_type": int, + "mkey": "policyid", + }, + "system_modem": { + "mkey_type": None, + "mkey": "None", + }, + "antivirus_settings": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller_802-1X-settings": { + "mkey_type": None, + "mkey": "None", + }, + "system_session-ttl": { + "mkey_type": None, + "mkey": "None", + }, + "system_storage": { + "mkey_type": str, + "mkey": "name", + }, + "log.memory_filter": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_auth-portal": { + "mkey_type": None, + "mkey": "None", + }, + "system_sflow": { + "mkey_type": None, + "mkey": "None", + }, + "user_ldap": { + "mkey_type": str, + "mkey": "name", + }, + "ips_global": { + "mkey_type": None, + "mkey": "None", + }, + "wanopt_remote-storage": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller.hotspot20_qos-map": { + "mkey_type": str, + "mkey": "name", + }, + "vpn_l2tp": { + "mkey_type": None, + "mkey": "None", + }, + "system_npu": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_vip46": { + "mkey_type": str, + "mkey": "name", + }, + "authentication_setting": { + "mkey_type": None, + "mkey": "None", + }, + "vpn.certificate_ocsp-server": { + "mkey_type": str, + "mkey": "name", + }, + "antivirus_heuristic": { + "mkey_type": None, + "mkey": "None", + }, + "spamfilter_bword": { + "mkey_type": int, + "mkey": "id", + }, + "system_custom-language": { + "mkey_type": str, + "mkey": "name", + }, + "web-proxy_explicit": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller_wtp-group": { + "mkey_type": str, + "mkey": "name", + }, + "system_vdom-sflow": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller_igmp-snooping": { + "mkey_type": None, + "mkey": "None", + }, + "waf_signature": { + "mkey_type": int, + "mkey": "id", + }, + "log.null-device_setting": { + "mkey_type": None, + "mkey": "None", + }, + "ips_rule-settings": { + "mkey_type": int, + "mkey": "id", + }, + "log.syslogd_setting": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller.security-policy_802-1X": { + "mkey_type": str, + "mkey": "name", + }, + "report_setting": { + "mkey_type": None, + "mkey": "None", + }, + "user_setting": { + "mkey_type": None, + "mkey": "None", + }, + "icap_profile": { + "mkey_type": str, + "mkey": "name", + }, + "system_geoip-override": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ipsec_phase1": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ipsec_phase2": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller.hotspot20_anqp-network-auth-type": { + "mkey_type": str, + "mkey": "name", + }, + "webfilter_ips-urlfilter-cache-setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall.ipmacbinding_setting": { + "mkey_type": None, + "mkey": "None", + }, + "log.fortianalyzer2_filter": { + "mkey_type": None, + "mkey": "None", + }, + "application_rule-settings": { + "mkey_type": int, + "mkey": "id", + }, + "log.syslogd4_filter": { + "mkey_type": None, + "mkey": "None", + }, + "system_proxy-arp": { + "mkey_type": int, + "mkey": "id", + }, + "webfilter_ftgd-local-rating": { + "mkey_type": str, + "mkey": "url", + }, + "ips_custom": { + "mkey_type": str, + "mkey": "tag", + }, + "switch-controller_switch-interface-tag": { + "mkey_type": str, + "mkey": "name", + }, + "router_policy6": { + "mkey_type": int, + "mkey": "seq_num", + }, + "switch-controller.qos_ip-dscp-map": { + "mkey_type": str, + "mkey": "name", + }, + "log_eventfilter": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_internet-service-custom": { + "mkey_type": str, + "mkey": "name", + }, + "router_auth-path": { + "mkey_type": str, + "mkey": "name", + }, + "system_external-resource": { + "mkey_type": str, + "mkey": "name", + }, + "system_ips-urlfilter-dns6": { + "mkey_type": str, + "mkey": "address6", + }, + "report_style": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller_wtp": { + "mkey_type": str, + "mkey": "wtp_id", + }, + "system_ipip-tunnel": { + "mkey_type": str, + "mkey": "name", + }, + "system.dhcp6_server": { + "mkey_type": int, + "mkey": "id", + }, + "firewall_multicast-policy": { + "mkey_type": int, + "mkey": "id", + }, + "vpn_ocvpn": { + "mkey_type": None, + "mkey": "None", + }, + "router_rip": { + "mkey_type": None, + "mkey": "None", + }, + "system_password-policy": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller_virtual-port-pool": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller_setting": { + "mkey_type": None, + "mkey": "None", + }, + "router_static6": { + "mkey_type": int, + "mkey": "seq_num", + }, + "wireless-controller.hotspot20_anqp-ip-address-type": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_vipgrp": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_switch-profile": { + "mkey_type": str, + "mkey": "name", + }, + "system_switch-interface": { + "mkey_type": str, + "mkey": "name", + }, + "router_isis": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_policy": { + "mkey_type": int, + "mkey": "policyid", + }, + "log.syslogd_override-setting": { + "mkey_type": None, + "mkey": "None", + }, + "system_lte-modem": { + "mkey_type": None, + "mkey": "None", + }, + "webfilter_content": { + "mkey_type": int, + "mkey": "id", + }, + "firewall_vipgrp6": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.schedule_onetime": { + "mkey_type": str, + "mkey": "name", + }, + "antivirus_profile": { + "mkey_type": str, + "mkey": "name", + }, + "log.fortianalyzer_setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_ippool6": { + "mkey_type": str, + "mkey": "name", + }, + "system_central-management": { + "mkey_type": None, + "mkey": "None", + }, + "system.replacemsg_http": { + "mkey_type": str, + "mkey": "msg_type", + }, + "system_zone": { + "mkey_type": str, + "mkey": "name", + }, + "system_vdom-dns": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_multicast-address": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller_wtp-profile": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ssl_settings": { + "mkey_type": None, + "mkey": "None", + }, + "router_ospf": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller.qos_queue-policy": { + "mkey_type": str, + "mkey": "name", + }, + "endpoint-control_forticlient-ems": { + "mkey_type": str, + "mkey": "name", + }, + "ftp-proxy_explicit": { + "mkey_type": None, + "mkey": "None", + }, + "user_device-group": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.certificate_crl": { + "mkey_type": str, + "mkey": "name", + }, + "user_local": { + "mkey_type": str, + "mkey": "name", + }, + "webfilter_profile": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_storm-control": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_ssl-ssh-profile": { + "mkey_type": str, + "mkey": "name", + }, + "log.disk_setting": { + "mkey_type": None, + "mkey": "None", + }, + "dlp_filepattern": { + "mkey_type": int, + "mkey": "id", + }, + "firewall_ippool": { + "mkey_type": str, + "mkey": "name", + }, + "web-proxy_url-match": { + "mkey_type": str, + "mkey": "name", + }, + "dlp_fp-sensitivity": { + "mkey_type": str, + "mkey": "name", + }, + "system_interface": { + "mkey_type": str, + "mkey": "name", + }, + "router_bfd": { + "mkey_type": None, + "mkey": "None", + }, + "system_virtual-wire-pair": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_webproxy": { + "mkey_type": str, + "mkey": "msg_type", + }, + "user_password-policy": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller_inter-controller": { + "mkey_type": None, + "mkey": "None", + }, + "log.syslogd4_setting": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller_switch-group": { + "mkey_type": str, + "mkey": "name", + }, + "user_fsso": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_vipgrp64": { + "mkey_type": str, + "mkey": "name", + }, + "user_quarantine": { + "mkey_type": None, + "mkey": "None", + }, + "system_ips-urlfilter-dns": { + "mkey_type": str, + "mkey": "address", + }, + "system_fm": { + "mkey_type": None, + "mkey": "None", + }, + "system_global": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller.hotspot20_anqp-nai-realm": { + "mkey_type": str, + "mkey": "name", + }, + "system_physical-switch": { + "mkey_type": str, + "mkey": "name", + }, + "log.fortianalyzer3_setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_vip": { + "mkey_type": str, + "mkey": "name", + }, + "system_virtual-switch": { + "mkey_type": str, + "mkey": "name", + }, + "wanopt_auth-group": { + "mkey_type": str, + "mkey": "name", + }, + "wanopt_webcache": { + "mkey_type": None, + "mkey": "None", + }, + "system.snmp_user": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_ip-translation": { + "mkey_type": int, + "mkey": "transid", + }, + "system_settings": { + "mkey_type": None, + "mkey": "None", + }, + "log.fortianalyzer2_setting": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller_vap": { + "mkey_type": str, + "mkey": "name", + }, + "wanopt_cache-service": { + "mkey_type": None, + "mkey": "None", + }, + "switch-controller_switch-log": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_internet-service-group": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_mail": { + "mkey_type": str, + "mkey": "msg_type", + }, + "system_replacemsg-image": { + "mkey_type": str, + "mkey": "name", + }, + "antivirus_quarantine": { + "mkey_type": None, + "mkey": "None", + }, + "vpn.certificate_ca": { + "mkey_type": str, + "mkey": "name", + }, + "endpoint-control_forticlient-registration-sync": { + "mkey_type": str, + "mkey": "peer_name", + }, + "system_sdn-connector": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ssl.web_user-group-bookmark": { + "mkey_type": str, + "mkey": "name", + }, + "endpoint-control_settings": { + "mkey_type": None, + "mkey": "None", + }, + "log.null-device_filter": { + "mkey_type": None, + "mkey": "None", + }, + "dlp_settings": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller_utm-profile": { + "mkey_type": str, + "mkey": "name", + }, + "router_aspath-list": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.schedule_group": { + "mkey_type": str, + "mkey": "name", + }, + "system_dscp-based-priority": { + "mkey_type": int, + "mkey": "id", + }, + "icap_server": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ipsec_phase1-interface": { + "mkey_type": str, + "mkey": "name", + }, + "authentication_scheme": { + "mkey_type": str, + "mkey": "name", + }, + "log.fortianalyzer3_filter": { + "mkey_type": None, + "mkey": "None", + }, + "system_email-server": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller_ap-status": { + "mkey_type": int, + "mkey": "id", + }, + "application_list": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ssl.web_user-bookmark": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.shaper_traffic-shaper": { + "mkey_type": str, + "mkey": "name", + }, + "system_management-tunnel": { + "mkey_type": None, + "mkey": "None", + }, + "system_csf": { + "mkey_type": None, + "mkey": "None", + }, + "firewall.shaper_per-ip-shaper": { + "mkey_type": str, + "mkey": "name", + }, + "dnsfilter_profile": { + "mkey_type": str, + "mkey": "name", + }, + "user_device-access-list": { + "mkey_type": str, + "mkey": "name", + }, + "system_ha-monitor": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller.hotspot20_anqp-venue-name": { + "mkey_type": str, + "mkey": "name", + }, + "system.snmp_sysinfo": { + "mkey_type": None, + "mkey": "None", + }, + "application_custom": { + "mkey_type": str, + "mkey": "tag", + }, + "system_api-user": { + "mkey_type": str, + "mkey": "name", + }, + "ips_rule": { + "mkey_type": str, + "mkey": "name", + }, + "spamfilter_fortishield": { + "mkey_type": None, + "mkey": "None", + }, + "system_netflow": { + "mkey_type": None, + "mkey": "None", + }, + "vpn.ipsec_forticlient": { + "mkey_type": str, + "mkey": "realm", + }, + "system_automation-trigger": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_policy64": { + "mkey_type": int, + "mkey": "policyid", + }, + "wireless-controller.hotspot20_h2qp-osu-provider": { + "mkey_type": str, + "mkey": "name", + }, + "application_name": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.service_custom": { + "mkey_type": str, + "mkey": "name", + }, + "spamfilter_iptrust": { + "mkey_type": int, + "mkey": "id", + }, + "system_mobile-tunnel": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_ttl-policy": { + "mkey_type": int, + "mkey": "id", + }, + "system.replacemsg_utm": { + "mkey_type": str, + "mkey": "msg_type", + }, + "vpn_pptp": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller.hotspot20_hs-profile": { + "mkey_type": str, + "mkey": "name", + }, + "log.webtrends_setting": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_local-in-policy": { + "mkey_type": int, + "mkey": "policyid", + }, + "router_policy": { + "mkey_type": int, + "mkey": "seq_num", + }, + "switch-controller.qos_dot1p-map": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_multicast-policy6": { + "mkey_type": int, + "mkey": "id", + }, + "wanopt_content-delivery-network-rule": { + "mkey_type": str, + "mkey": "name", + }, + "system_dns-database": { + "mkey_type": str, + "mkey": "name", + }, + "waf_main-class": { + "mkey_type": int, + "mkey": "id", + }, + "system.replacemsg_nac-quar": { + "mkey_type": str, + "mkey": "msg_type", + }, + "system_vdom-radius-server": { + "mkey_type": str, + "mkey": "name", + }, + "system_vdom": { + "mkey_type": str, + "mkey": "name", + }, + "user_tacacs+": { + "mkey_type": str, + "mkey": "name", + }, + "wanopt_peer": { + "mkey_type": str, + "mkey": "peer_host_id", + }, + "log.syslogd3_setting": { + "mkey_type": None, + "mkey": "None", + }, + "report_dataset": { + "mkey_type": str, + "mkey": "name", + }, + "webfilter_ftgd-local-cat": { + "mkey_type": str, + "mkey": "desc", + }, + "router_multicast6": { + "mkey_type": None, + "mkey": "None", + }, + "vpn.certificate_remote": { + "mkey_type": str, + "mkey": "name", + }, + "system_fips-cc": { + "mkey_type": None, + "mkey": "None", + }, + "system_ha": { + "mkey_type": None, + "mkey": "None", + }, + "log.syslogd3_filter": { + "mkey_type": None, + "mkey": "None", + }, + "user_radius": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_DoS-policy6": { + "mkey_type": int, + "mkey": "policyid", + }, + "system_tos-based-priority": { + "mkey_type": int, + "mkey": "id", + }, + "vpn.certificate_local": { + "mkey_type": str, + "mkey": "name", + }, + "system_accprofile": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller_global": { + "mkey_type": None, + "mkey": "None", + }, + "log.syslogd_filter": { + "mkey_type": None, + "mkey": "None", + }, + "dlp_sensor": { + "mkey_type": str, + "mkey": "name", + }, + "log.syslogd2_filter": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller_ble-profile": { + "mkey_type": str, + "mkey": "name", + }, + "system_password-policy-guest-admin": { + "mkey_type": None, + "mkey": "None", + }, + "user_pop3": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_system": { + "mkey_type": None, + "mkey": "None", + }, + "voip_profile": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ipsec_manualkey-interface": { + "mkey_type": str, + "mkey": "name", + }, + "system_vdom-netflow": { + "mkey_type": None, + "mkey": "None", + }, + "firewall.ipmacbinding_table": { + "mkey_type": int, + "mkey": "seq_num", + }, + "system_automation-destination": { + "mkey_type": str, + "mkey": "name", + }, + "dlp_fp-doc-source": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_ldb-monitor": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.ssh_host-key": { + "mkey_type": str, + "mkey": "name", + }, + "system_vdom-link": { + "mkey_type": str, + "mkey": "name", + }, + "system_admin": { + "mkey_type": str, + "mkey": "name", + }, + "router_ospf6": { + "mkey_type": None, + "mkey": "None", + }, + "user_device": { + "mkey_type": str, + "mkey": "alias", + }, + "log.fortiguard_setting": { + "mkey_type": None, + "mkey": "None", + }, + "system.snmp_community": { + "mkey_type": int, + "mkey": "id", + }, + "ips_settings": { + "mkey_type": None, + "mkey": "None", + }, + "log.syslogd_override-filter": { + "mkey_type": None, + "mkey": "None", + }, + "system_vdom-exception": { + "mkey_type": int, + "mkey": "id", + }, + "system_wccp": { + "mkey_type": str, + "mkey": "service_id", + }, + "system_automation-stitch": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_profile-protocol-options": { + "mkey_type": str, + "mkey": "name", + }, + "report_theme": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.ssh_local-key": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_vip64": { + "mkey_type": str, + "mkey": "name", + }, + "web-proxy_wisp": { + "mkey_type": str, + "mkey": "name", + }, + "spamfilter_options": { + "mkey_type": None, + "mkey": "None", + }, + "system_dns-server": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_alertmail": { + "mkey_type": str, + "mkey": "msg_type", + }, + "log.fortiguard_override-filter": { + "mkey_type": None, + "mkey": "None", + }, + "endpoint-control_client": { + "mkey_type": int, + "mkey": "id", + }, + "system_fortiguard": { + "mkey_type": None, + "mkey": "None", + }, + "web-proxy_global": { + "mkey_type": None, + "mkey": "None", + }, + "wanopt_profile": { + "mkey_type": str, + "mkey": "name", + }, + "wireless-controller.hotspot20_anqp-3gpp-cellular": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_ec": { + "mkey_type": str, + "mkey": "msg_type", + }, + "switch-controller_vlan": { + "mkey_type": str, + "mkey": "name", + }, + "system_vxlan": { + "mkey_type": str, + "mkey": "name", + }, + "webfilter_search-engine": { + "mkey_type": str, + "mkey": "name", + }, + "system_ipv6-tunnel": { + "mkey_type": str, + "mkey": "name", + }, + "certificate_local": { + "mkey_type": str, + "mkey": "name", + }, + "user_fsso-polling": { + "mkey_type": int, + "mkey": "id", + }, + "system.dhcp_server": { + "mkey_type": int, + "mkey": "id", + }, + "report_chart": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.certificate_setting": { + "mkey_type": None, + "mkey": "None", + }, + "router_bfd6": { + "mkey_type": None, + "mkey": "None", + }, + "system.replacemsg_nntp": { + "mkey_type": str, + "mkey": "msg_type", + }, + "firewall_proxy-policy": { + "mkey_type": int, + "mkey": "policyid", + }, + "system_dns": { + "mkey_type": None, + "mkey": "None", + }, + "user_peergrp": { + "mkey_type": str, + "mkey": "name", + }, + "vpn.ipsec_concentrator": { + "mkey_type": str, + "mkey": "name", + }, + "ips_decoder": { + "mkey_type": str, + "mkey": "name", + }, + "dnsfilter_domain-filter": { + "mkey_type": int, + "mkey": "id", + }, + "wireless-controller_vap-group": { + "mkey_type": str, + "mkey": "name", + }, + "system_affinity-interrupt": { + "mkey_type": int, + "mkey": "id", + }, + "firewall_shaping-profile": { + "mkey_type": str, + "mkey": "profile_name", + }, + "firewall_interface-policy6": { + "mkey_type": int, + "mkey": "policyid", + }, + "vpn.ipsec_manualkey": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_global": { + "mkey_type": None, + "mkey": "None", + }, + "router_setting": { + "mkey_type": None, + "mkey": "None", + }, + "system.replacemsg_admin": { + "mkey_type": str, + "mkey": "msg_type", + }, + "firewall.schedule_recurring": { + "mkey_type": str, + "mkey": "name", + }, + "system_sit-tunnel": { + "mkey_type": str, + "mkey": "name", + }, + "system_arp-table": { + "mkey_type": int, + "mkey": "id", + }, + "switch-controller_lldp-settings": { + "mkey_type": None, + "mkey": "None", + }, + "webfilter_content-header": { + "mkey_type": int, + "mkey": "id", + }, + "system_auto-install": { + "mkey_type": None, + "mkey": "None", + }, + "user_domain-controller": { + "mkey_type": str, + "mkey": "name", + }, + "router_multicast": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_ssl-server": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_traffic-quota": { + "mkey_type": str, + "mkey": "msg_type", + }, + "system_fortimanager": { + "mkey_type": None, + "mkey": "None", + }, + "system_mac-address-table": { + "mkey_type": str, + "mkey": "mac", + }, + "log.fortianalyzer_filter": { + "mkey_type": None, + "mkey": "None", + }, + "system_network-visibility": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_interface-policy": { + "mkey_type": int, + "mkey": "policyid", + }, + "system.replacemsg_fortiguard-wf": { + "mkey_type": str, + "mkey": "msg_type", + }, + "wireless-controller_bonjour-profile": { + "mkey_type": str, + "mkey": "name", + }, + "webfilter_urlfilter": { + "mkey_type": int, + "mkey": "id", + }, + "system_probe-response": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller.hotspot20_h2qp-operator-name": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_sflow": { + "mkey_type": None, + "mkey": "None", + }, + "webfilter_fortiguard": { + "mkey_type": None, + "mkey": "None", + }, + "wireless-controller.hotspot20_anqp-roaming-consortium": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_DoS-policy": { + "mkey_type": int, + "mkey": "policyid", + }, + "firewall_proxy-addrgrp": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_addrgrp": { + "mkey_type": str, + "mkey": "name", + }, + "firewall_policy6": { + "mkey_type": int, + "mkey": "policyid", + }, + "router_ripng": { + "mkey_type": None, + "mkey": "None", + }, + "firewall_vip6": { + "mkey_type": str, + "mkey": "name", + }, + "web-proxy_forward-server": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_spam": { + "mkey_type": str, + "mkey": "msg_type", + }, + "certificate_ca": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.ssh_local-ca": { + "mkey_type": str, + "mkey": "name", + }, + "spamfilter_dnsbl": { + "mkey_type": int, + "mkey": "id", + }, + "router_access-list6": { + "mkey_type": str, + "mkey": "name", + }, + "waf_profile": { + "mkey_type": str, + "mkey": "name", + }, + "firewall.wildcard-fqdn_group": { + "mkey_type": str, + "mkey": "name", + }, + "switch-controller_managed-switch": { + "mkey_type": str, + "mkey": "switch_id", + }, + "user_group": { + "mkey_type": str, + "mkey": "name", + }, + "user_krb-keytab": { + "mkey_type": str, + "mkey": "name", + }, + "application_group": { + "mkey_type": str, + "mkey": "name", + }, + "system.replacemsg_ftp": { + "mkey_type": str, + "mkey": "msg_type", + }, + "log_threat-weight": { + "mkey_type": None, + "mkey": "None", + }, + "extender-controller_extender": { + "mkey_type": str, + "mkey": "id", + }, + "wireless-controller.hotspot20_h2qp-conn-capability": { + "mkey_type": str, + "mkey": "name", + }, + "router_prefix-list": { + "mkey_type": str, + "mkey": "name", + }, + "system_gre-tunnel": { + "mkey_type": str, + "mkey": "name", + }, +} + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def validate_mkey(params): + selector = params['selector'] + selector_params = params.get('params', {}) + definition = MODULE_MKEY_DEFINITONS.get(selector, {}) + + if not selector_params or len(selector_params) == 0 or len(definition) == 0: + return True, {} + + mkey = definition['mkey'] + mkey_type = definition['mkey_type'] + if mkey_type is None: + return False, {"message": "params are not allowed for " + selector} + mkey_value = selector_params.get(mkey) + + if not mkey_value: + return False, {"message": "param '" + mkey + "' is required"} + if not isinstance(mkey_value, mkey_type): + return False, {"message": "param '" + mkey + "' does not match, " + str(mkey_type) + " required"} + + return True, {} + + +def fortios_configuration_fact(params, fos): + isValid, result = validate_mkey(params) + if not isValid: + return True, False, result + + selector = params['selector'] + selector_params = params['params'] + mkey_name = MODULE_MKEY_DEFINITONS[selector]['mkey'] + mkey_value = selector_params.get(mkey_name) if selector_params else None + + [path, name] = selector.split('_') + + fact = None + if mkey_value: + fact = fos.get(path, name, vdom=params['vdom'], mkey=mkey_value) + else: + fact = fos.get(path, name, vdom=params['vdom']) + + return not is_successful_status(fact), False, fact + + +def main(): + fields = { + "host": {"required": False, "type": "str"}, + "username": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "default": "", "no_log": True}, + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "https": {"required": False, "type": "bool", "default": True}, + "ssl_verify": {"required": False, "type": "bool", "default": True}, + "params": {"required": False, "type": "dict"}, + "selector": { + "required": True, + "type": "str", + "options": [ + "log_gui-display", + "router_route-map", + "authentication_rule", + "log.fortianalyzer_override-setting", + "firewall.ssl_setting", + "vpn.ipsec_phase2-interface", + "router_key-chain", + "system_ddns", + "system_replacemsg-group", + "system_ftm-push", + "system_sms-server", + "firewall_central-snat-map", + "firewall_multicast-address6", + "system.replacemsg_sslvpn", + "system_pppoe-interface", + "firewall_addrgrp6", + "log.disk_filter", + "system_affinity-packet-redistribution", + "firewall_proxy-address", + "router_bgp", + "switch-controller_custom-command", + "system_resource-limits", + "system.replacemsg_auth", + "system.autoupdate_schedule", + "waf_sub-class", + "firewall_local-in-policy6", + "log.fortianalyzer_override-filter", + "system.replacemsg_icap", + "system_object-tagging", + "spamfilter_profile", + "spamfilter_bwl", + "web-proxy_profile", + "spamfilter_mheader", + "user_adgrp", + "system_auto-script", + "switch-controller_quarantine", + "firewall.service_category", + "system_link-monitor", + "switch-controller_stp-settings", + "user_security-exempt-list", + "switch-controller.qos_qos-policy", + "firewall_sniffer", + "log.fortiguard_override-setting", + "firewall_internet-service", + "firewall_vipgrp46", + "log.webtrends_filter", + "webfilter_ips-urlfilter-setting6", + "router_prefix-list6", + "log_setting", + "firewall_address6-template", + "wireless-controller.hotspot20_h2qp-wan-metric", + "system_automation-action", + "system.autoupdate_tunneling", + "webfilter_ips-urlfilter-setting", + "switch-controller_network-monitor-settings", + "system_alias", + "switch-controller_mac-sync-settings", + "web-proxy_forward-server-group", + "system_session-helper", + "router_community-list", + "wireless-controller_qos-profile", + "firewall_dnstranslation", + "vpn.ssl.web_portal", + "system_vdom-property", + "system.replacemsg_device-detection-portal", + "log.syslogd2_setting", + "firewall_internet-service-custom-group", + "firewall_profile-group", + "firewall.service_group", + "system.autoupdate_push-update", + "firewall_address6", + "endpoint-control_profile", + "wireless-controller_wids-profile", + "log.fortiguard_filter", + "firewall_ipv6-eh-filter", + "user_device-category", + "firewall_identity-based-route", + "system_console", + "system_ntp", + "system_nat64", + "system.3g-modem_custom", + "report_layout", + "wireless-controller_timers", + "wireless-controller.hotspot20_icon", + "log.memory_global-setting", + "router_multicast-flow", + "ssh-filter_profile", + "system_fortisandbox", + "system_virtual-wan-link", + "ips_sensor", + "firewall.wildcard-fqdn_custom", + "router_static", + "alertemail_setting", + "user_fortitoken", + "web-proxy_debug-url", + "webfilter_override", + "system_fsso-polling", + "user_peer", + "vpn.ssl.web_host-check-software", + "switch-controller_lldp-profile", + "vpn.ssl.web_realm", + "system_stp", + "switch-controller.security-policy_captive-portal", + "firewall_shaping-policy", + "log_custom-field", + "firewall_address", + "certificate_crl", + "firewall.ssh_setting", + "router_access-list", + "log.memory_setting", + "system_alarm", + "system_ipv6-neighbor-cache", + "system_cluster-sync", + "wanopt_settings", + "endpoint-control_registered-forticlient", + "system_dedicated-mgmt", + "firewall_policy46", + "system_modem", + "antivirus_settings", + "switch-controller_802-1X-settings", + "system_session-ttl", + "system_storage", + "log.memory_filter", + "firewall_auth-portal", + "system_sflow", + "user_ldap", + "ips_global", + "wanopt_remote-storage", + "wireless-controller.hotspot20_qos-map", + "vpn_l2tp", + "system_npu", + "firewall_vip46", + "authentication_setting", + "vpn.certificate_ocsp-server", + "antivirus_heuristic", + "spamfilter_bword", + "system_custom-language", + "web-proxy_explicit", + "wireless-controller_wtp-group", + "system_vdom-sflow", + "switch-controller_igmp-snooping", + "waf_signature", + "log.null-device_setting", + "ips_rule-settings", + "log.syslogd_setting", + "switch-controller.security-policy_802-1X", + "report_setting", + "user_setting", + "icap_profile", + "system_geoip-override", + "vpn.ipsec_phase1", + "vpn.ipsec_phase2", + "wireless-controller.hotspot20_anqp-network-auth-type", + "webfilter_ips-urlfilter-cache-setting", + "firewall.ipmacbinding_setting", + "log.fortianalyzer2_filter", + "application_rule-settings", + "log.syslogd4_filter", + "system_proxy-arp", + "webfilter_ftgd-local-rating", + "ips_custom", + "switch-controller_switch-interface-tag", + "router_policy6", + "switch-controller.qos_ip-dscp-map", + "log_eventfilter", + "firewall_internet-service-custom", + "router_auth-path", + "system_external-resource", + "system_ips-urlfilter-dns6", + "report_style", + "wireless-controller_wtp", + "system_ipip-tunnel", + "system.dhcp6_server", + "firewall_multicast-policy", + "vpn_ocvpn", + "router_rip", + "system_password-policy", + "switch-controller_virtual-port-pool", + "wireless-controller_setting", + "router_static6", + "wireless-controller.hotspot20_anqp-ip-address-type", + "firewall_vipgrp", + "switch-controller_switch-profile", + "system_switch-interface", + "router_isis", + "firewall_policy", + "log.syslogd_override-setting", + "system_lte-modem", + "webfilter_content", + "firewall_vipgrp6", + "firewall.schedule_onetime", + "antivirus_profile", + "log.fortianalyzer_setting", + "firewall_ippool6", + "system_central-management", + "system.replacemsg_http", + "system_zone", + "system_vdom-dns", + "firewall_multicast-address", + "wireless-controller_wtp-profile", + "vpn.ssl_settings", + "router_ospf", + "switch-controller.qos_queue-policy", + "endpoint-control_forticlient-ems", + "ftp-proxy_explicit", + "user_device-group", + "vpn.certificate_crl", + "user_local", + "webfilter_profile", + "switch-controller_storm-control", + "firewall_ssl-ssh-profile", + "log.disk_setting", + "dlp_filepattern", + "firewall_ippool", + "web-proxy_url-match", + "dlp_fp-sensitivity", + "system_interface", + "router_bfd", + "system_virtual-wire-pair", + "system.replacemsg_webproxy", + "user_password-policy", + "wireless-controller_inter-controller", + "log.syslogd4_setting", + "switch-controller_switch-group", + "user_fsso", + "firewall_vipgrp64", + "user_quarantine", + "system_ips-urlfilter-dns", + "system_fm", + "system_global", + "wireless-controller.hotspot20_anqp-nai-realm", + "system_physical-switch", + "log.fortianalyzer3_setting", + "firewall_vip", + "system_virtual-switch", + "wanopt_auth-group", + "wanopt_webcache", + "system.snmp_user", + "firewall_ip-translation", + "system_settings", + "log.fortianalyzer2_setting", + "wireless-controller_vap", + "wanopt_cache-service", + "switch-controller_switch-log", + "firewall_internet-service-group", + "system.replacemsg_mail", + "system_replacemsg-image", + "antivirus_quarantine", + "vpn.certificate_ca", + "endpoint-control_forticlient-registration-sync", + "system_sdn-connector", + "vpn.ssl.web_user-group-bookmark", + "endpoint-control_settings", + "log.null-device_filter", + "dlp_settings", + "wireless-controller_utm-profile", + "router_aspath-list", + "firewall.schedule_group", + "system_dscp-based-priority", + "icap_server", + "vpn.ipsec_phase1-interface", + "authentication_scheme", + "log.fortianalyzer3_filter", + "system_email-server", + "wireless-controller_ap-status", + "application_list", + "vpn.ssl.web_user-bookmark", + "firewall.shaper_traffic-shaper", + "system_management-tunnel", + "system_csf", + "firewall.shaper_per-ip-shaper", + "dnsfilter_profile", + "user_device-access-list", + "system_ha-monitor", + "wireless-controller.hotspot20_anqp-venue-name", + "system.snmp_sysinfo", + "application_custom", + "system_api-user", + "ips_rule", + "spamfilter_fortishield", + "system_netflow", + "vpn.ipsec_forticlient", + "system_automation-trigger", + "firewall_policy64", + "wireless-controller.hotspot20_h2qp-osu-provider", + "application_name", + "firewall.service_custom", + "spamfilter_iptrust", + "system_mobile-tunnel", + "firewall_ttl-policy", + "system.replacemsg_utm", + "vpn_pptp", + "wireless-controller.hotspot20_hs-profile", + "log.webtrends_setting", + "firewall_local-in-policy", + "router_policy", + "switch-controller.qos_dot1p-map", + "firewall_multicast-policy6", + "wanopt_content-delivery-network-rule", + "system_dns-database", + "waf_main-class", + "system.replacemsg_nac-quar", + "system_vdom-radius-server", + "system_vdom", + "user_tacacs+", + "wanopt_peer", + "log.syslogd3_setting", + "report_dataset", + "webfilter_ftgd-local-cat", + "router_multicast6", + "vpn.certificate_remote", + "system_fips-cc", + "system_ha", + "log.syslogd3_filter", + "user_radius", + "firewall_DoS-policy6", + "system_tos-based-priority", + "vpn.certificate_local", + "system_accprofile", + "wireless-controller_global", + "log.syslogd_filter", + "dlp_sensor", + "log.syslogd2_filter", + "wireless-controller_ble-profile", + "system_password-policy-guest-admin", + "user_pop3", + "switch-controller_system", + "voip_profile", + "vpn.ipsec_manualkey-interface", + "system_vdom-netflow", + "firewall.ipmacbinding_table", + "system_automation-destination", + "dlp_fp-doc-source", + "firewall_ldb-monitor", + "firewall.ssh_host-key", + "system_vdom-link", + "system_admin", + "router_ospf6", + "user_device", + "log.fortiguard_setting", + "system.snmp_community", + "ips_settings", + "log.syslogd_override-filter", + "system_vdom-exception", + "system_wccp", + "system_automation-stitch", + "firewall_profile-protocol-options", + "report_theme", + "firewall.ssh_local-key", + "firewall_vip64", + "web-proxy_wisp", + "spamfilter_options", + "system_dns-server", + "system.replacemsg_alertmail", + "log.fortiguard_override-filter", + "endpoint-control_client", + "system_fortiguard", + "web-proxy_global", + "wanopt_profile", + "wireless-controller.hotspot20_anqp-3gpp-cellular", + "system.replacemsg_ec", + "switch-controller_vlan", + "system_vxlan", + "webfilter_search-engine", + "system_ipv6-tunnel", + "certificate_local", + "user_fsso-polling", + "system.dhcp_server", + "report_chart", + "vpn.certificate_setting", + "router_bfd6", + "system.replacemsg_nntp", + "firewall_proxy-policy", + "system_dns", + "user_peergrp", + "vpn.ipsec_concentrator", + "ips_decoder", + "dnsfilter_domain-filter", + "wireless-controller_vap-group", + "system_affinity-interrupt", + "firewall_shaping-profile", + "firewall_interface-policy6", + "vpn.ipsec_manualkey", + "switch-controller_global", + "router_setting", + "system.replacemsg_admin", + "firewall.schedule_recurring", + "system_sit-tunnel", + "system_arp-table", + "switch-controller_lldp-settings", + "webfilter_content-header", + "system_auto-install", + "user_domain-controller", + "router_multicast", + "firewall_ssl-server", + "system.replacemsg_traffic-quota", + "system_fortimanager", + "system_mac-address-table", + "log.fortianalyzer_filter", + "system_network-visibility", + "firewall_interface-policy", + "system.replacemsg_fortiguard-wf", + "wireless-controller_bonjour-profile", + "webfilter_urlfilter", + "system_probe-response", + "wireless-controller.hotspot20_h2qp-operator-name", + "switch-controller_sflow", + "webfilter_fortiguard", + "wireless-controller.hotspot20_anqp-roaming-consortium", + "firewall_DoS-policy", + "firewall_proxy-addrgrp", + "firewall_addrgrp", + "firewall_policy6", + "router_ripng", + "firewall_vip6", + "web-proxy_forward-server", + "system.replacemsg_spam", + "certificate_ca", + "firewall.ssh_local-ca", + "spamfilter_dnsbl", + "router_access-list6", + "waf_profile", + "firewall.wildcard-fqdn_group", + "switch-controller_managed-switch", + "user_group", + "user_krb-keytab", + "application_group", + "system.replacemsg_ftp", + "log_threat-weight", + "extender-controller_extender", + "wireless-controller.hotspot20_h2qp-conn-capability", + "router_prefix-list", + "system_gre-tunnel", + ], + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module) + + is_error, has_changed, result = fortios_configuration_fact(module.params, fos) + if not is_error: + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_filepattern.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_filepattern.py new file mode 100644 index 00000000..032a6009 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_filepattern.py @@ -0,0 +1,456 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_dlp_filepattern +short_description: Configure file patterns used by DLP blocking in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify dlp feature and filepattern category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + dlp_filepattern: + description: + - Configure file patterns used by DLP blocking. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Optional comments. + type: str + entries: + description: + - Configure file patterns used by DLP blocking. + type: list + suboptions: + file_type: + description: + - Select a file type. + type: str + choices: + - 7z + - arj + - cab + - lzh + - rar + - tar + - zip + - bzip + - gzip + - bzip2 + - xz + - bat + - msc + - uue + - mime + - base64 + - binhex + - elf + - exe + - hta + - html + - jad + - class + - cod + - javascript + - msoffice + - msofficex + - fsg + - upx + - petite + - aspack + - prc + - sis + - hlp + - activemime + - jpeg + - gif + - tiff + - png + - bmp + - ignored + - unknown + - mpeg + - mov + - mp3 + - wma + - wav + - pdf + - avi + - rm + - torrent + - hibun + - msi + filter_type: + description: + - Filter by file name pattern or by file type. + type: str + choices: + - pattern + - type + pattern: + description: + - Add a file name pattern. + required: true + type: str + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table containing the file pattern list. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure file patterns used by DLP blocking. + fortios_dlp_filepattern: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_filepattern: + comment: "Optional comments." + entries: + - + file_type: "7z" + filter_type: "pattern" + pattern: "" + id: "8" + name: "default_name_9" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_dlp_filepattern_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def dlp_filepattern(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['dlp_filepattern'] and data['dlp_filepattern']['state']: + state = data['dlp_filepattern']['state'] + else: + state = True + dlp_filepattern_data = data['dlp_filepattern'] + filtered_data = underscore_to_hyphen(filter_dlp_filepattern_data(dlp_filepattern_data)) + + if state == "present": + return fos.set('dlp', + 'filepattern', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('dlp', + 'filepattern', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_dlp(data, fos): + + if data['dlp_filepattern']: + resp = dlp_filepattern(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('dlp_filepattern')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "dlp_filepattern": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "file_type": {"required": False, "type": "str", + "choices": ["7z", + "arj", + "cab", + "lzh", + "rar", + "tar", + "zip", + "bzip", + "gzip", + "bzip2", + "xz", + "bat", + "msc", + "uue", + "mime", + "base64", + "binhex", + "elf", + "exe", + "hta", + "html", + "jad", + "class", + "cod", + "javascript", + "msoffice", + "msofficex", + "fsg", + "upx", + "petite", + "aspack", + "prc", + "sis", + "hlp", + "activemime", + "jpeg", + "gif", + "tiff", + "png", + "bmp", + "ignored", + "unknown", + "mpeg", + "mov", + "mp3", + "wma", + "wav", + "pdf", + "avi", + "rm", + "torrent", + "hibun", + "msi"]}, + "filter_type": {"required": False, "type": "str", + "choices": ["pattern", + "type"]}, + "pattern": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_dlp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_doc_source.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_doc_source.py new file mode 100644 index 00000000..c69ac4b7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_doc_source.py @@ -0,0 +1,463 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_dlp_fp_doc_source +short_description: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints in + Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify dlp feature and fp_doc_source category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + dlp_fp_doc_source: + description: + - Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + date: + description: + - Day of the month on which to scan the server (1 - 31). + type: int + file_path: + description: + - Path on the server to the fingerprint files (max 119 characters). + type: str + file_pattern: + description: + - Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards. + type: str + keep_modified: + description: + - Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database. + type: str + choices: + - enable + - disable + name: + description: + - Name of the DLP fingerprint database. + required: true + type: str + password: + description: + - Password required to log into the file server. + type: str + period: + description: + - Frequency for which the FortiGate checks the server for new or changed files. + type: str + choices: + - none + - daily + - weekly + - monthly + remove_deleted: + description: + - Enable to keep the fingerprint database up to date when a file is deleted from the server. + type: str + choices: + - enable + - disable + scan_on_creation: + description: + - Enable to keep the fingerprint database up to date when a file is added or changed on the server. + type: str + choices: + - enable + - disable + scan_subdirectories: + description: + - Enable/disable scanning subdirectories to find files to create fingerprints from. + type: str + choices: + - enable + - disable + sensitivity: + description: + - Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using fp-sensitivity. Source dlp + .fp-sensitivity.name. + type: str + server: + description: + - IPv4 or IPv6 address of the server. + type: str + server_type: + description: + - Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported. + type: str + choices: + - samba + tod_hour: + description: + - Hour of the day on which to scan the server (0 - 23). + type: int + tod_min: + description: + - Minute of the hour on which to scan the server (0 - 59). + type: int + username: + description: + - User name required to log into the file server. + type: str + vdom: + description: + - Select the VDOM that can communicate with the file server. + type: str + choices: + - mgmt + - current + weekday: + description: + - Day of the week on which to scan the server. + type: str + choices: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. + fortios_dlp_fp_doc_source: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_fp_doc_source: + date: "3" + file_path: "" + file_pattern: "" + keep_modified: "enable" + name: "default_name_7" + password: "" + period: "none" + remove_deleted: "enable" + scan_on_creation: "enable" + scan_subdirectories: "enable" + sensitivity: " (source dlp.fp-sensitivity.name)" + server: "192.168.100.40" + server_type: "samba" + tod_hour: "16" + tod_min: "17" + username: "" + vdom: "mgmt" + weekday: "sunday" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_dlp_fp_doc_source_data(json): + option_list = ['date', 'file_path', 'file_pattern', + 'keep_modified', 'name', 'password', + 'period', 'remove_deleted', 'scan_on_creation', + 'scan_subdirectories', 'sensitivity', 'server', + 'server_type', 'tod_hour', 'tod_min', + 'username', 'vdom', 'weekday'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def dlp_fp_doc_source(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['dlp_fp_doc_source'] and data['dlp_fp_doc_source']['state']: + state = data['dlp_fp_doc_source']['state'] + else: + state = True + dlp_fp_doc_source_data = data['dlp_fp_doc_source'] + filtered_data = underscore_to_hyphen(filter_dlp_fp_doc_source_data(dlp_fp_doc_source_data)) + + if state == "present": + return fos.set('dlp', + 'fp-doc-source', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('dlp', + 'fp-doc-source', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_dlp(data, fos): + + if data['dlp_fp_doc_source']: + resp = dlp_fp_doc_source(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('dlp_fp_doc_source')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "dlp_fp_doc_source": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "date": {"required": False, "type": "int"}, + "file_path": {"required": False, "type": "str"}, + "file_pattern": {"required": False, "type": "str"}, + "keep_modified": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str"}, + "period": {"required": False, "type": "str", + "choices": ["none", + "daily", + "weekly", + "monthly"]}, + "remove_deleted": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "scan_on_creation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "scan_subdirectories": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sensitivity": {"required": False, "type": "str"}, + "server": {"required": False, "type": "str"}, + "server_type": {"required": False, "type": "str", + "choices": ["samba"]}, + "tod_hour": {"required": False, "type": "int"}, + "tod_min": {"required": False, "type": "int"}, + "username": {"required": False, "type": "str"}, + "vdom": {"required": False, "type": "str", + "choices": ["mgmt", + "current"]}, + "weekday": {"required": False, "type": "str", + "choices": ["sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_dlp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_sensitivity.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_sensitivity.py new file mode 100644 index 00000000..fc26187b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_fp_sensitivity.py @@ -0,0 +1,303 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_dlp_fp_sensitivity +short_description: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet's FortiOS and + FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify dlp feature and fp_sensitivity category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + dlp_fp_sensitivity: + description: + - Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + name: + description: + - DLP Sensitivity Levels. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. + fortios_dlp_fp_sensitivity: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_fp_sensitivity: + name: "default_name_3" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_dlp_fp_sensitivity_data(json): + option_list = ['name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def dlp_fp_sensitivity(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['dlp_fp_sensitivity'] and data['dlp_fp_sensitivity']['state']: + state = data['dlp_fp_sensitivity']['state'] + else: + state = True + dlp_fp_sensitivity_data = data['dlp_fp_sensitivity'] + filtered_data = underscore_to_hyphen(filter_dlp_fp_sensitivity_data(dlp_fp_sensitivity_data)) + + if state == "present": + return fos.set('dlp', + 'fp-sensitivity', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('dlp', + 'fp-sensitivity', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_dlp(data, fos): + + if data['dlp_fp_sensitivity']: + resp = dlp_fp_sensitivity(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('dlp_fp_sensitivity')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "dlp_fp_sensitivity": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_dlp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_sensor.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_sensor.py new file mode 100644 index 00000000..c083ebce --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_sensor.py @@ -0,0 +1,613 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_dlp_sensor +short_description: Configure DLP sensors in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify dlp feature and sensor category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + dlp_sensor: + description: + - Configure DLP sensors. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Comment. + type: str + dlp_log: + description: + - Enable/disable DLP logging. + type: str + choices: + - enable + - disable + extended_log: + description: + - Enable/disable extended logging for data leak prevention. + type: str + choices: + - enable + - disable + filter: + description: + - Set up DLP filters for this sensor. + type: list + suboptions: + action: + description: + - Action to take with content that this DLP sensor matches. + type: str + choices: + - allow + - log-only + - block + - quarantine-ip + archive: + description: + - Enable/disable DLP archiving. + type: str + choices: + - disable + - enable + company_identifier: + description: + - Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. + type: str + expiry: + description: + - Quarantine duration in days, hours, minutes format (dddhhmm). + type: str + file_size: + description: + - Match files this size or larger (0 - 4294967295 kbytes). + type: int + file_type: + description: + - Select the number of a DLP file pattern table to match. Source dlp.filepattern.id. + type: int + filter_by: + description: + - Select the type of content to match. + type: str + choices: + - credit-card + - ssn + - regexp + - file-type + - file-size + - fingerprint + - watermark + - encrypted + fp_sensitivity: + description: + - Select a DLP file pattern sensitivity to match. + type: list + suboptions: + name: + description: + - Select a DLP sensitivity. Source dlp.fp-sensitivity.name. + required: true + type: str + id: + description: + - ID. + required: true + type: int + match_percentage: + description: + - Percentage of fingerprints in the fingerprint databases designated with the selected fp-sensitivity to match. + type: int + name: + description: + - Filter name. + type: str + proto: + description: + - Check messages or files over one or more of these protocols. + type: str + choices: + - smtp + - pop3 + - imap + - http-get + - http-post + - ftp + - nntp + - mapi + - mm1 + - mm3 + - mm4 + - mm7 + regexp: + description: + - Enter a regular expression to match (max. 255 characters). + type: str + severity: + description: + - Select the severity or threat level that matches this filter. + type: str + choices: + - info + - low + - medium + - high + - critical + type: + description: + - Select whether to check the content of messages (an email message) or files (downloaded files or email attachments). + type: str + choices: + - file + - message + flow_based: + description: + - Enable/disable flow-based DLP. + type: str + choices: + - enable + - disable + full_archive_proto: + description: + - Protocols to always content archive. + type: str + choices: + - smtp + - pop3 + - imap + - http-get + - http-post + - ftp + - nntp + - mapi + - mm1 + - mm3 + - mm4 + - mm7 + nac_quar_log: + description: + - Enable/disable NAC quarantine logging. + type: str + choices: + - enable + - disable + name: + description: + - Name of the DLP sensor. + required: true + type: str + options: + description: + - Configure DLP options. + type: str + replacemsg_group: + description: + - Replacement message group used by this DLP sensor. Source system.replacemsg-group.name. + type: str + summary_proto: + description: + - Protocols to always log summary. + type: str + choices: + - smtp + - pop3 + - imap + - http-get + - http-post + - ftp + - nntp + - mapi + - mm1 + - mm3 + - mm4 + - mm7 +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DLP sensors. + fortios_dlp_sensor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dlp_sensor: + comment: "Comment." + dlp_log: "enable" + extended_log: "enable" + filter: + - + action: "allow" + archive: "disable" + company_identifier: "myId_9" + expiry: "" + file_size: "11" + file_type: "12 (source dlp.filepattern.id)" + filter_by: "credit-card" + fp_sensitivity: + - + name: "default_name_15 (source dlp.fp-sensitivity.name)" + id: "16" + match_percentage: "17" + name: "default_name_18" + proto: "smtp" + regexp: "" + severity: "info" + type: "file" + flow_based: "enable" + full_archive_proto: "smtp" + nac_quar_log: "enable" + name: "default_name_26" + options: "" + replacemsg_group: " (source system.replacemsg-group.name)" + summary_proto: "smtp" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_dlp_sensor_data(json): + option_list = ['comment', 'dlp_log', 'extended_log', + 'filter', 'flow_based', 'full_archive_proto', + 'nac_quar_log', 'name', 'options', + 'replacemsg_group', 'summary_proto'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def dlp_sensor(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['dlp_sensor'] and data['dlp_sensor']['state']: + state = data['dlp_sensor']['state'] + else: + state = True + dlp_sensor_data = data['dlp_sensor'] + filtered_data = underscore_to_hyphen(filter_dlp_sensor_data(dlp_sensor_data)) + + if state == "present": + return fos.set('dlp', + 'sensor', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('dlp', + 'sensor', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_dlp(data, fos): + + if data['dlp_sensor']: + resp = dlp_sensor(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('dlp_sensor')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "dlp_sensor": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "dlp_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "extended_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "log-only", + "block", + "quarantine-ip"]}, + "archive": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "company_identifier": {"required": False, "type": "str"}, + "expiry": {"required": False, "type": "str"}, + "file_size": {"required": False, "type": "int"}, + "file_type": {"required": False, "type": "int"}, + "filter_by": {"required": False, "type": "str", + "choices": ["credit-card", + "ssn", + "regexp", + "file-type", + "file-size", + "fingerprint", + "watermark", + "encrypted"]}, + "fp_sensitivity": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "match_percentage": {"required": False, "type": "int"}, + "name": {"required": False, "type": "str"}, + "proto": {"required": False, "type": "str", + "choices": ["smtp", + "pop3", + "imap", + "http-get", + "http-post", + "ftp", + "nntp", + "mapi", + "mm1", + "mm3", + "mm4", + "mm7"]}, + "regexp": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["info", + "low", + "medium", + "high", + "critical"]}, + "type": {"required": False, "type": "str", + "choices": ["file", + "message"]} + }}, + "flow_based": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "full_archive_proto": {"required": False, "type": "str", + "choices": ["smtp", + "pop3", + "imap", + "http-get", + "http-post", + "ftp", + "nntp", + "mapi", + "mm1", + "mm3", + "mm4", + "mm7"]}, + "nac_quar_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "options": {"required": False, "type": "str"}, + "replacemsg_group": {"required": False, "type": "str"}, + "summary_proto": {"required": False, "type": "str", + "choices": ["smtp", + "pop3", + "imap", + "http-get", + "http-post", + "ftp", + "nntp", + "mapi", + "mm1", + "mm3", + "mm4", + "mm7"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_dlp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_settings.py new file mode 100644 index 00000000..87d587ef --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dlp_settings.py @@ -0,0 +1,290 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_dlp_settings +short_description: Designate logical storage for DLP fingerprint database in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify dlp feature and settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + dlp_settings: + description: + - Designate logical storage for DLP fingerprint database. + default: null + type: dict + suboptions: + cache_mem_percent: + description: + - Maximum percentage of available memory allocated to caching (1 - 15%). + type: int + chunk_size: + description: + - Maximum fingerprint chunk size. **Changing will flush the entire database**. + type: int + db_mode: + description: + - Behaviour when the maximum size is reached. + type: str + choices: + - stop-adding + - remove-modified-then-oldest + - remove-oldest + size: + description: + - Maximum total size of files within the storage (MB). + type: int + storage_device: + description: + - Storage device name. Source system.storage.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Designate logical storage for DLP fingerprint database. + fortios_dlp_settings: + vdom: "{{ vdom }}" + dlp_settings: + cache_mem_percent: "3" + chunk_size: "4" + db_mode: "stop-adding" + size: "6" + storage_device: " (source system.storage.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_dlp_settings_data(json): + option_list = ['cache_mem_percent', 'chunk_size', 'db_mode', + 'size', 'storage_device'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def dlp_settings(data, fos): + vdom = data['vdom'] + dlp_settings_data = data['dlp_settings'] + filtered_data = underscore_to_hyphen(filter_dlp_settings_data(dlp_settings_data)) + + return fos.set('dlp', + 'settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_dlp(data, fos): + + if data['dlp_settings']: + resp = dlp_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('dlp_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "dlp_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "cache_mem_percent": {"required": False, "type": "int"}, + "chunk_size": {"required": False, "type": "int"}, + "db_mode": {"required": False, "type": "str", + "choices": ["stop-adding", + "remove-modified-then-oldest", + "remove-oldest"]}, + "size": {"required": False, "type": "int"}, + "storage_device": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_dlp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_domain_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_domain_filter.py new file mode 100644 index 00000000..b532975d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_domain_filter.py @@ -0,0 +1,375 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_dnsfilter_domain_filter +short_description: Configure DNS domain filters in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify dnsfilter feature and domain_filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + dnsfilter_domain_filter: + description: + - Configure DNS domain filters. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Optional comments. + type: str + entries: + description: + - DNS domain filter entries. + type: list + suboptions: + action: + description: + - Action to take for domain filter matches. + type: str + choices: + - block + - allow + - monitor + domain: + description: + - Domain entries to be filtered. + type: str + id: + description: + - Id. + required: true + type: int + status: + description: + - Enable/disable this domain filter. + type: str + choices: + - enable + - disable + type: + description: + - DNS domain filter type. + type: str + choices: + - simple + - regex + - wildcard + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS domain filters. + fortios_dnsfilter_domain_filter: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dnsfilter_domain_filter: + comment: "Optional comments." + entries: + - + action: "block" + domain: "" + id: "7" + status: "enable" + type: "simple" + id: "10" + name: "default_name_11" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_dnsfilter_domain_filter_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def dnsfilter_domain_filter(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['dnsfilter_domain_filter'] and data['dnsfilter_domain_filter']['state']: + state = data['dnsfilter_domain_filter']['state'] + else: + state = True + dnsfilter_domain_filter_data = data['dnsfilter_domain_filter'] + filtered_data = underscore_to_hyphen(filter_dnsfilter_domain_filter_data(dnsfilter_domain_filter_data)) + + if state == "present": + return fos.set('dnsfilter', + 'domain-filter', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('dnsfilter', + 'domain-filter', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_dnsfilter(data, fos): + + if data['dnsfilter_domain_filter']: + resp = dnsfilter_domain_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('dnsfilter_domain_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "dnsfilter_domain_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["block", + "allow", + "monitor"]}, + "domain": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "type": {"required": False, "type": "str", + "choices": ["simple", + "regex", + "wildcard"]} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_dnsfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_profile.py new file mode 100644 index 00000000..8d4c89c4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_dnsfilter_profile.py @@ -0,0 +1,492 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_dnsfilter_profile +short_description: Configure DNS domain filter profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify dnsfilter feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + dnsfilter_profile: + description: + - Configure DNS domain filter profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + block_action: + description: + - Action to take for blocked domains. + type: str + choices: + - block + - redirect + block_botnet: + description: + - Enable/disable blocking botnet C&C DNS lookups. + type: str + choices: + - disable + - enable + comment: + description: + - Comment. + type: str + domain_filter: + description: + - Domain filter settings. + type: dict + suboptions: + domain_filter_table: + description: + - DNS domain filter table ID. Source dnsfilter.domain-filter.id. + type: int + external_ip_blocklist: + description: + - One or more external IP block lists. + type: list + suboptions: + name: + description: + - External domain block list name. Source system.external-resource.name. + required: true + type: str + ftgd_dns: + description: + - FortiGuard DNS Filter settings. + type: dict + suboptions: + filters: + description: + - FortiGuard DNS domain filters. + type: list + suboptions: + action: + description: + - Action to take for DNS requests matching the category. + type: str + choices: + - block + - monitor + category: + description: + - Category number. + type: int + id: + description: + - ID number. + required: true + type: int + log: + description: + - Enable/disable DNS filter logging for this DNS profile. + type: str + choices: + - enable + - disable + options: + description: + - FortiGuard DNS filter options. + type: str + choices: + - error-allow + - ftgd-disable + log_all_domain: + description: + - Enable/disable logging of all domains visited (detailed DNS logging). + type: str + choices: + - enable + - disable + name: + description: + - Profile name. + required: true + type: str + redirect_portal: + description: + - IP address of the SDNS redirect portal. + type: str + safe_search: + description: + - Enable/disable Google, Bing, and YouTube safe search. + type: str + choices: + - disable + - enable + sdns_domain_log: + description: + - Enable/disable domain filtering and botnet domain logging. + type: str + choices: + - enable + - disable + sdns_ftgd_err_log: + description: + - Enable/disable FortiGuard SDNS rating error logging. + type: str + choices: + - enable + - disable + youtube_restrict: + description: + - Set safe search for YouTube restriction level. + type: str + choices: + - strict + - moderate +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS domain filter profiles. + fortios_dnsfilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + dnsfilter_profile: + block_action: "block" + block_botnet: "disable" + comment: "Comment." + domain_filter: + domain_filter_table: "7 (source dnsfilter.domain-filter.id)" + external_ip_blocklist: + - + name: "default_name_9 (source system.external-resource.name)" + ftgd_dns: + filters: + - + action: "block" + category: "13" + id: "14" + log: "enable" + options: "error-allow" + log_all_domain: "enable" + name: "default_name_18" + redirect_portal: "" + safe_search: "disable" + sdns_domain_log: "enable" + sdns_ftgd_err_log: "enable" + youtube_restrict: "strict" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_dnsfilter_profile_data(json): + option_list = ['block_action', 'block_botnet', 'comment', + 'domain_filter', 'external_ip_blocklist', 'ftgd_dns', + 'log_all_domain', 'name', 'redirect_portal', + 'safe_search', 'sdns_domain_log', 'sdns_ftgd_err_log', + 'youtube_restrict'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def dnsfilter_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['dnsfilter_profile'] and data['dnsfilter_profile']['state']: + state = data['dnsfilter_profile']['state'] + else: + state = True + dnsfilter_profile_data = data['dnsfilter_profile'] + filtered_data = underscore_to_hyphen(filter_dnsfilter_profile_data(dnsfilter_profile_data)) + + if state == "present": + return fos.set('dnsfilter', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('dnsfilter', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_dnsfilter(data, fos): + + if data['dnsfilter_profile']: + resp = dnsfilter_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('dnsfilter_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "dnsfilter_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "block_action": {"required": False, "type": "str", + "choices": ["block", + "redirect"]}, + "block_botnet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "comment": {"required": False, "type": "str"}, + "domain_filter": {"required": False, "type": "dict", + "options": { + "domain_filter_table": {"required": False, "type": "int"} + }}, + "external_ip_blocklist": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ftgd_dns": {"required": False, "type": "dict", + "options": { + "filters": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["block", + "monitor"]}, + "category": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "options": {"required": False, "type": "str", + "choices": ["error-allow", + "ftgd-disable"]} + }}, + "log_all_domain": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "redirect_portal": {"required": False, "type": "str"}, + "safe_search": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "sdns_domain_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sdns_ftgd_err_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "youtube_restrict": {"required": False, "type": "str", + "choices": ["strict", + "moderate"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_dnsfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_client.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_client.py new file mode 100644 index 00000000..d94d3f20 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_client.py @@ -0,0 +1,333 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_endpoint_control_client +short_description: Configure endpoint control client lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify endpoint_control feature and client category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + endpoint_control_client: + description: + - Configure endpoint control client lists. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + ad_groups: + description: + - Endpoint client AD logon groups. + type: str + ftcl_uid: + description: + - Endpoint FortiClient UID. + type: str + id: + description: + - Endpoint client ID. + required: true + type: int + info: + description: + - Endpoint client information. + type: str + src_ip: + description: + - Endpoint client IP address. + type: str + src_mac: + description: + - Endpoint client MAC address. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure endpoint control client lists. + fortios_endpoint_control_client: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_client: + ad_groups: "" + ftcl_uid: "" + id: "5" + info: "" + src_ip: "" + src_mac: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_endpoint_control_client_data(json): + option_list = ['ad_groups', 'ftcl_uid', 'id', + 'info', 'src_ip', 'src_mac'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def endpoint_control_client(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['endpoint_control_client'] and data['endpoint_control_client']['state']: + state = data['endpoint_control_client']['state'] + else: + state = True + endpoint_control_client_data = data['endpoint_control_client'] + filtered_data = underscore_to_hyphen(filter_endpoint_control_client_data(endpoint_control_client_data)) + + if state == "present": + return fos.set('endpoint-control', + 'client', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('endpoint-control', + 'client', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_endpoint_control(data, fos): + + if data['endpoint_control_client']: + resp = endpoint_control_client(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('endpoint_control_client')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "endpoint_control_client": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ad_groups": {"required": False, "type": "str"}, + "ftcl_uid": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "info": {"required": False, "type": "str"}, + "src_ip": {"required": False, "type": "str"}, + "src_mac": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_endpoint_control(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_ems.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_ems.py new file mode 100644 index 00000000..99540499 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_ems.py @@ -0,0 +1,369 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_endpoint_control_forticlient_ems +short_description: Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify endpoint_control feature and forticlient_ems category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + endpoint_control_forticlient_ems: + description: + - Configure FortiClient Enterprise Management Server (EMS) entries. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + address: + description: + - Firewall address name. Source firewall.address.name. + type: str + admin_password: + description: + - FortiClient EMS admin password. + type: str + admin_type: + description: + - FortiClient EMS admin type. + type: str + choices: + - Windows + - LDAP + admin_username: + description: + - FortiClient EMS admin username. + type: str + https_port: + description: + - 'FortiClient EMS HTTPS access port number. (1 - 65535).' + type: int + listen_port: + description: + - 'FortiClient EMS telemetry listen port number. (1 - 65535).' + type: int + name: + description: + - FortiClient Enterprise Management Server (EMS) name. + required: true + type: str + rest_api_auth: + description: + - FortiClient EMS REST API authentication. + type: str + choices: + - disable + - userpass + serial_number: + description: + - FortiClient EMS Serial Number. + type: str + upload_port: + description: + - 'FortiClient EMS telemetry upload port number. (1 - 65535).' + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient Enterprise Management Server (EMS) entries. + fortios_endpoint_control_forticlient_ems: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_forticlient_ems: + address: " (source firewall.address.name)" + admin_password: "" + admin_type: "Windows" + admin_username: "" + https_port: "7" + listen_port: "8" + name: "default_name_9" + rest_api_auth: "disable" + serial_number: "" + upload_port: "12" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_endpoint_control_forticlient_ems_data(json): + option_list = ['address', 'admin_password', 'admin_type', + 'admin_username', 'https_port', 'listen_port', + 'name', 'rest_api_auth', 'serial_number', + 'upload_port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def endpoint_control_forticlient_ems(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['endpoint_control_forticlient_ems'] and data['endpoint_control_forticlient_ems']['state']: + state = data['endpoint_control_forticlient_ems']['state'] + else: + state = True + endpoint_control_forticlient_ems_data = data['endpoint_control_forticlient_ems'] + filtered_data = underscore_to_hyphen(filter_endpoint_control_forticlient_ems_data(endpoint_control_forticlient_ems_data)) + + if state == "present": + return fos.set('endpoint-control', + 'forticlient-ems', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('endpoint-control', + 'forticlient-ems', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_endpoint_control(data, fos): + + if data['endpoint_control_forticlient_ems']: + resp = endpoint_control_forticlient_ems(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('endpoint_control_forticlient_ems')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "endpoint_control_forticlient_ems": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "address": {"required": False, "type": "str"}, + "admin_password": {"required": False, "type": "str"}, + "admin_type": {"required": False, "type": "str", + "choices": ["Windows", + "LDAP"]}, + "admin_username": {"required": False, "type": "str"}, + "https_port": {"required": False, "type": "int"}, + "listen_port": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "rest_api_auth": {"required": False, "type": "str", + "choices": ["disable", + "userpass"]}, + "serial_number": {"required": False, "type": "str"}, + "upload_port": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_endpoint_control(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_registration_sync.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_registration_sync.py new file mode 100644 index 00000000..ff844468 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_forticlient_registration_sync.py @@ -0,0 +1,307 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_endpoint_control_forticlient_registration_sync +short_description: Configure FortiClient registration synchronization settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify endpoint_control feature and forticlient_registration_sync category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + endpoint_control_forticlient_registration_sync: + description: + - Configure FortiClient registration synchronization settings. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + peer_ip: + description: + - IP address of the peer FortiGate for endpoint license synchronization. + type: str + peer_name: + description: + - Peer name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient registration synchronization settings. + fortios_endpoint_control_forticlient_registration_sync: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_forticlient_registration_sync: + peer_ip: "" + peer_name: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_endpoint_control_forticlient_registration_sync_data(json): + option_list = ['peer_ip', 'peer_name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def endpoint_control_forticlient_registration_sync(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['endpoint_control_forticlient_registration_sync'] and data['endpoint_control_forticlient_registration_sync']['state']: + state = data['endpoint_control_forticlient_registration_sync']['state'] + else: + state = True + endpoint_control_forticlient_registration_sync_data = data['endpoint_control_forticlient_registration_sync'] + filtered_data = underscore_to_hyphen(filter_endpoint_control_forticlient_registration_sync_data(endpoint_control_forticlient_registration_sync_data)) + + if state == "present": + return fos.set('endpoint-control', + 'forticlient-registration-sync', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('endpoint-control', + 'forticlient-registration-sync', + mkey=filtered_data['peer-name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_endpoint_control(data, fos): + + if data['endpoint_control_forticlient_registration_sync']: + resp = endpoint_control_forticlient_registration_sync(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('endpoint_control_forticlient_registration_sync')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'peer-name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "endpoint_control_forticlient_registration_sync": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "peer_ip": {"required": False, "type": "str"}, + "peer_name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_endpoint_control(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_profile.py new file mode 100644 index 00000000..afa51fa4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_profile.py @@ -0,0 +1,1200 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_endpoint_control_profile +short_description: Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify endpoint_control feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + endpoint_control_profile: + description: + - Configure FortiClient endpoint control profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + description: + description: + - Description. + type: str + device_groups: + description: + - Device groups. + type: list + suboptions: + name: + description: + - Device group object from available options. Source user.device-group.name user.device-category.name. + required: true + type: str + forticlient_android_settings: + description: + - FortiClient settings for Android platform. + type: dict + suboptions: + disable_wf_when_protected: + description: + - Enable/disable FortiClient web category filtering when protected by FortiGate. + type: str + choices: + - enable + - disable + forticlient_advanced_vpn: + description: + - Enable/disable advanced FortiClient VPN configuration. + type: str + choices: + - enable + - disable + forticlient_advanced_vpn_buffer: + description: + - Advanced FortiClient VPN configuration. + type: str + forticlient_vpn_provisioning: + description: + - Enable/disable FortiClient VPN provisioning. + type: str + choices: + - enable + - disable + forticlient_vpn_settings: + description: + - FortiClient VPN settings. + type: list + suboptions: + auth_method: + description: + - Authentication method. + type: str + choices: + - psk + - certificate + name: + description: + - VPN name. + required: true + type: str + preshared_key: + description: + - Pre-shared secret for PSK authentication. + type: str + remote_gw: + description: + - IP address or FQDN of the remote VPN gateway. + type: str + sslvpn_access_port: + description: + - SSL VPN access port (1 - 65535). + type: int + sslvpn_require_certificate: + description: + - Enable/disable requiring SSL VPN client certificate. + type: str + choices: + - enable + - disable + type: + description: + - VPN type (IPsec or SSL VPN). + type: str + choices: + - ipsec + - ssl + forticlient_wf: + description: + - Enable/disable FortiClient web filtering. + type: str + choices: + - enable + - disable + forticlient_wf_profile: + description: + - The FortiClient web filter profile to apply. Source webfilter.profile.name. + type: str + forticlient_ios_settings: + description: + - FortiClient settings for iOS platform. + type: dict + suboptions: + client_vpn_provisioning: + description: + - FortiClient VPN provisioning. + type: str + choices: + - enable + - disable + client_vpn_settings: + description: + - FortiClient VPN settings. + type: list + suboptions: + auth_method: + description: + - Authentication method. + type: str + choices: + - psk + - certificate + name: + description: + - VPN name. + required: true + type: str + preshared_key: + description: + - Pre-shared secret for PSK authentication. + type: str + remote_gw: + description: + - IP address or FQDN of the remote VPN gateway. + type: str + sslvpn_access_port: + description: + - SSL VPN access port (1 - 65535). + type: int + sslvpn_require_certificate: + description: + - Enable/disable requiring SSL VPN client certificate. + type: str + choices: + - enable + - disable + type: + description: + - VPN type (IPsec or SSL VPN). + type: str + choices: + - ipsec + - ssl + vpn_configuration_content: + description: + - Content of VPN configuration. + type: str + vpn_configuration_name: + description: + - Name of VPN configuration. + type: str + configuration_content: + description: + - Content of configuration profile. + type: str + configuration_name: + description: + - Name of configuration profile. + type: str + disable_wf_when_protected: + description: + - Enable/disable FortiClient web category filtering when protected by FortiGate. + type: str + choices: + - enable + - disable + distribute_configuration_profile: + description: + - Enable/disable configuration profile (.mobileconfig file) distribution. + type: str + choices: + - enable + - disable + forticlient_wf: + description: + - Enable/disable FortiClient web filtering. + type: str + choices: + - enable + - disable + forticlient_wf_profile: + description: + - The FortiClient web filter profile to apply. Source webfilter.profile.name. + type: str + forticlient_winmac_settings: + description: + - FortiClient settings for Windows/Mac platform. + type: dict + suboptions: + av_realtime_protection: + description: + - Enable/disable FortiClient AntiVirus real-time protection. + type: str + choices: + - enable + - disable + av_signature_up_to_date: + description: + - Enable/disable FortiClient AV signature updates. + type: str + choices: + - enable + - disable + forticlient_application_firewall: + description: + - Enable/disable the FortiClient application firewall. + type: str + choices: + - enable + - disable + forticlient_application_firewall_list: + description: + - FortiClient application firewall rule list. Source application.list.name. + type: str + forticlient_av: + description: + - Enable/disable FortiClient AntiVirus scanning. + type: str + choices: + - enable + - disable + forticlient_ems_compliance: + description: + - Enable/disable FortiClient Enterprise Management Server (EMS) compliance. + type: str + choices: + - enable + - disable + forticlient_ems_compliance_action: + description: + - FortiClient EMS compliance action. + type: str + choices: + - block + - warning + forticlient_ems_entries: + description: + - FortiClient EMS entries. + type: list + suboptions: + name: + description: + - FortiClient EMS name. Source endpoint-control.forticlient-ems.name. + required: true + type: str + forticlient_linux_ver: + description: + - Minimum FortiClient Linux version. + type: str + forticlient_log_upload: + description: + - Enable/disable uploading FortiClient logs. + type: str + choices: + - enable + - disable + forticlient_log_upload_level: + description: + - Select the FortiClient logs to upload. + type: str + choices: + - traffic + - vulnerability + - event + forticlient_log_upload_server: + description: + - IP address or FQDN of the server to which to upload FortiClient logs. + type: str + forticlient_mac_ver: + description: + - Minimum FortiClient Mac OS version. + type: str + forticlient_minimum_software_version: + description: + - Enable/disable requiring clients to run FortiClient with a minimum software version number. + type: str + choices: + - enable + - disable + forticlient_operating_system: + description: + - FortiClient operating system. + type: list + suboptions: + id: + description: + - Operating system entry ID. + required: true + type: int + os_name: + description: + - 'Customize operating system name or Mac OS format:x.x.x' + type: str + os_type: + description: + - Operating system type. + type: str + choices: + - custom + - mac-os + - win-7 + - win-80 + - win-81 + - win-10 + - win-2000 + - win-home-svr + - win-svr-10 + - win-svr-2003 + - win-svr-2003-r2 + - win-svr-2008 + - win-svr-2008-r2 + - win-svr-2012 + - win-svr-2012-r2 + - win-sto-svr-2003 + - win-vista + - win-xp + - ubuntu-linux + - centos-linux + - redhat-linux + - fedora-linux + forticlient_own_file: + description: + - Checking the path and filename of the FortiClient application. + type: list + suboptions: + file: + description: + - File path and name. + type: str + id: + description: + - File ID. + required: true + type: int + forticlient_registration_compliance_action: + description: + - FortiClient registration compliance action. + type: str + choices: + - block + - warning + forticlient_registry_entry: + description: + - FortiClient registry entry. + type: list + suboptions: + id: + description: + - Registry entry ID. + required: true + type: int + registry_entry: + description: + - Registry entry. + type: str + forticlient_running_app: + description: + - Use FortiClient to verify if the listed applications are running on the client. + type: list + suboptions: + app_name: + description: + - Application name. + type: str + app_sha256_signature: + description: + - App"s SHA256 signature. + type: str + app_sha256_signature2: + description: + - App"s SHA256 Signature. + type: str + app_sha256_signature3: + description: + - App"s SHA256 Signature. + type: str + app_sha256_signature4: + description: + - App"s SHA256 Signature. + type: str + application_check_rule: + description: + - Application check rule. + type: str + choices: + - present + - absent + id: + description: + - Application ID. + required: true + type: int + process_name: + description: + - Process name. + type: str + process_name2: + description: + - Process name. + type: str + process_name3: + description: + - Process name. + type: str + process_name4: + description: + - Process name. + type: str + forticlient_security_posture: + description: + - Enable/disable FortiClient security posture check options. + type: str + choices: + - enable + - disable + forticlient_security_posture_compliance_action: + description: + - FortiClient security posture compliance action. + type: str + choices: + - block + - warning + forticlient_system_compliance: + description: + - Enable/disable enforcement of FortiClient system compliance. + type: str + choices: + - enable + - disable + forticlient_system_compliance_action: + description: + - Block or warn clients not compliant with FortiClient requirements. + type: str + choices: + - block + - warning + forticlient_vuln_scan: + description: + - Enable/disable FortiClient vulnerability scanning. + type: str + choices: + - enable + - disable + forticlient_vuln_scan_compliance_action: + description: + - FortiClient vulnerability compliance action. + type: str + choices: + - block + - warning + forticlient_vuln_scan_enforce: + description: + - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action. + type: str + choices: + - critical + - high + - medium + - low + - info + forticlient_vuln_scan_enforce_grace: + description: + - FortiClient vulnerability scan enforcement grace period (0 - 30 days). + type: int + forticlient_vuln_scan_exempt: + description: + - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically. + type: str + choices: + - enable + - disable + forticlient_wf: + description: + - Enable/disable FortiClient web filtering. + type: str + choices: + - enable + - disable + forticlient_wf_profile: + description: + - The FortiClient web filter profile to apply. Source webfilter.profile.name. + type: str + forticlient_win_ver: + description: + - Minimum FortiClient Windows version. + type: str + os_av_software_installed: + description: + - Enable/disable checking for OS recognized AntiVirus software. + type: str + choices: + - enable + - disable + sandbox_address: + description: + - FortiSandbox address. + type: str + sandbox_analysis: + description: + - Enable/disable sending files to FortiSandbox for analysis. + type: str + choices: + - enable + - disable + on_net_addr: + description: + - Addresses for on-net detection. + type: list + suboptions: + name: + description: + - Address object from available options. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + profile_name: + description: + - Profile name. + type: str + replacemsg_override_group: + description: + - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name. + type: str + src_addr: + description: + - Source addresses. + type: list + suboptions: + name: + description: + - Address object from available options. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + user_groups: + description: + - User groups. + type: list + suboptions: + name: + description: + - User group name. Source user.group.name. + required: true + type: str + users: + description: + - Users. + type: list + suboptions: + name: + description: + - User name. Source user.local.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient endpoint control profiles. + fortios_endpoint_control_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_profile: + description: "" + device_groups: + - + name: "default_name_5 (source user.device-group.name user.device-category.name)" + forticlient_android_settings: + disable_wf_when_protected: "enable" + forticlient_advanced_vpn: "enable" + forticlient_advanced_vpn_buffer: "" + forticlient_vpn_provisioning: "enable" + forticlient_vpn_settings: + - + auth_method: "psk" + name: "default_name_13" + preshared_key: "" + remote_gw: "" + sslvpn_access_port: "16" + sslvpn_require_certificate: "enable" + type: "ipsec" + forticlient_wf: "enable" + forticlient_wf_profile: " (source webfilter.profile.name)" + forticlient_ios_settings: + client_vpn_provisioning: "enable" + client_vpn_settings: + - + auth_method: "psk" + name: "default_name_25" + preshared_key: "" + remote_gw: "" + sslvpn_access_port: "28" + sslvpn_require_certificate: "enable" + type: "ipsec" + vpn_configuration_content: "" + vpn_configuration_name: "" + configuration_content: "" + configuration_name: "" + disable_wf_when_protected: "enable" + distribute_configuration_profile: "enable" + forticlient_wf: "enable" + forticlient_wf_profile: " (source webfilter.profile.name)" + forticlient_winmac_settings: + av_realtime_protection: "enable" + av_signature_up_to_date: "enable" + forticlient_application_firewall: "enable" + forticlient_application_firewall_list: " (source application.list.name)" + forticlient_av: "enable" + forticlient_ems_compliance: "enable" + forticlient_ems_compliance_action: "block" + forticlient_ems_entries: + - + name: "default_name_48 (source endpoint-control.forticlient-ems.name)" + forticlient_linux_ver: "" + forticlient_log_upload: "enable" + forticlient_log_upload_level: "traffic" + forticlient_log_upload_server: "" + forticlient_mac_ver: "" + forticlient_minimum_software_version: "enable" + forticlient_operating_system: + - + id: "56" + os_name: "" + os_type: "custom" + forticlient_own_file: + - + file: "" + id: "61" + forticlient_registration_compliance_action: "block" + forticlient_registry_entry: + - + id: "64" + registry_entry: "" + forticlient_running_app: + - + app_name: "" + app_sha256_signature: "" + app_sha256_signature2: "" + app_sha256_signature3: "" + app_sha256_signature4: "" + application_check_rule: "present" + id: "73" + process_name: "" + process_name2: "" + process_name3: "" + process_name4: "" + forticlient_security_posture: "enable" + forticlient_security_posture_compliance_action: "block" + forticlient_system_compliance: "enable" + forticlient_system_compliance_action: "block" + forticlient_vuln_scan: "enable" + forticlient_vuln_scan_compliance_action: "block" + forticlient_vuln_scan_enforce: "critical" + forticlient_vuln_scan_enforce_grace: "85" + forticlient_vuln_scan_exempt: "enable" + forticlient_wf: "enable" + forticlient_wf_profile: " (source webfilter.profile.name)" + forticlient_win_ver: "" + os_av_software_installed: "enable" + sandbox_address: "" + sandbox_analysis: "enable" + on_net_addr: + - + name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)" + profile_name: "" + replacemsg_override_group: " (source system.replacemsg-group.name)" + src_addr: + - + name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)" + user_groups: + - + name: "default_name_100 (source user.group.name)" + users: + - + name: "default_name_102 (source user.local.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_endpoint_control_profile_data(json): + option_list = ['description', 'device_groups', 'forticlient_android_settings', + 'forticlient_ios_settings', 'forticlient_winmac_settings', 'on_net_addr', + 'profile_name', 'replacemsg_override_group', 'src_addr', + 'user_groups', 'users'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def endpoint_control_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['endpoint_control_profile'] and data['endpoint_control_profile']['state']: + state = data['endpoint_control_profile']['state'] + else: + state = True + endpoint_control_profile_data = data['endpoint_control_profile'] + filtered_data = underscore_to_hyphen(filter_endpoint_control_profile_data(endpoint_control_profile_data)) + + if state == "present": + return fos.set('endpoint-control', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('endpoint-control', + 'profile', + mkey=filtered_data['profile-name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_endpoint_control(data, fos): + + if data['endpoint_control_profile']: + resp = endpoint_control_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('endpoint_control_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'profile-name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "endpoint_control_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "description": {"required": False, "type": "str"}, + "device_groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "forticlient_android_settings": {"required": False, "type": "dict", + "options": { + "disable_wf_when_protected": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_advanced_vpn": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_advanced_vpn_buffer": {"required": False, "type": "str"}, + "forticlient_vpn_provisioning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_vpn_settings": {"required": False, "type": "list", + "options": { + "auth_method": {"required": False, "type": "str", + "choices": ["psk", + "certificate"]}, + "name": {"required": True, "type": "str"}, + "preshared_key": {"required": False, "type": "str"}, + "remote_gw": {"required": False, "type": "str"}, + "sslvpn_access_port": {"required": False, "type": "int"}, + "sslvpn_require_certificate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "type": {"required": False, "type": "str", + "choices": ["ipsec", + "ssl"]} + }}, + "forticlient_wf": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_wf_profile": {"required": False, "type": "str"} + }}, + "forticlient_ios_settings": {"required": False, "type": "dict", + "options": { + "client_vpn_provisioning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_vpn_settings": {"required": False, "type": "list", + "options": { + "auth_method": {"required": False, "type": "str", + "choices": ["psk", + "certificate"]}, + "name": {"required": True, "type": "str"}, + "preshared_key": {"required": False, "type": "str"}, + "remote_gw": {"required": False, "type": "str"}, + "sslvpn_access_port": {"required": False, "type": "int"}, + "sslvpn_require_certificate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "type": {"required": False, "type": "str", + "choices": ["ipsec", + "ssl"]}, + "vpn_configuration_content": {"required": False, "type": "str"}, + "vpn_configuration_name": {"required": False, "type": "str"} + }}, + "configuration_content": {"required": False, "type": "str"}, + "configuration_name": {"required": False, "type": "str"}, + "disable_wf_when_protected": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "distribute_configuration_profile": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_wf": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_wf_profile": {"required": False, "type": "str"} + }}, + "forticlient_winmac_settings": {"required": False, "type": "dict", + "options": { + "av_realtime_protection": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "av_signature_up_to_date": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_application_firewall": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_application_firewall_list": {"required": False, "type": "str"}, + "forticlient_av": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_ems_compliance": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_ems_compliance_action": {"required": False, "type": "str", + "choices": ["block", + "warning"]}, + "forticlient_ems_entries": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "forticlient_linux_ver": {"required": False, "type": "str"}, + "forticlient_log_upload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_log_upload_level": {"required": False, "type": "str", + "choices": ["traffic", + "vulnerability", + "event"]}, + "forticlient_log_upload_server": {"required": False, "type": "str"}, + "forticlient_mac_ver": {"required": False, "type": "str"}, + "forticlient_minimum_software_version": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_operating_system": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "os_name": {"required": False, "type": "str"}, + "os_type": {"required": False, "type": "str", + "choices": ["custom", + "mac-os", + "win-7", + "win-80", + "win-81", + "win-10", + "win-2000", + "win-home-svr", + "win-svr-10", + "win-svr-2003", + "win-svr-2003-r2", + "win-svr-2008", + "win-svr-2008-r2", + "win-svr-2012", + "win-svr-2012-r2", + "win-sto-svr-2003", + "win-vista", + "win-xp", + "ubuntu-linux", + "centos-linux", + "redhat-linux", + "fedora-linux"]} + }}, + "forticlient_own_file": {"required": False, "type": "list", + "options": { + "file": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "forticlient_registration_compliance_action": {"required": False, "type": "str", + "choices": ["block", + "warning"]}, + "forticlient_registry_entry": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "registry_entry": {"required": False, "type": "str"} + }}, + "forticlient_running_app": {"required": False, "type": "list", + "options": { + "app_name": {"required": False, "type": "str"}, + "app_sha256_signature": {"required": False, "type": "str"}, + "app_sha256_signature2": {"required": False, "type": "str"}, + "app_sha256_signature3": {"required": False, "type": "str"}, + "app_sha256_signature4": {"required": False, "type": "str"}, + "application_check_rule": {"required": False, "type": "str", + "choices": ["present", + "absent"]}, + "id": {"required": True, "type": "int"}, + "process_name": {"required": False, "type": "str"}, + "process_name2": {"required": False, "type": "str"}, + "process_name3": {"required": False, "type": "str"}, + "process_name4": {"required": False, "type": "str"} + }}, + "forticlient_security_posture": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_security_posture_compliance_action": {"required": False, "type": "str", + "choices": ["block", + "warning"]}, + "forticlient_system_compliance": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_system_compliance_action": {"required": False, "type": "str", + "choices": ["block", + "warning"]}, + "forticlient_vuln_scan": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_vuln_scan_compliance_action": {"required": False, "type": "str", + "choices": ["block", + "warning"]}, + "forticlient_vuln_scan_enforce": {"required": False, "type": "str", + "choices": ["critical", + "high", + "medium", + "low", + "info"]}, + "forticlient_vuln_scan_enforce_grace": {"required": False, "type": "int"}, + "forticlient_vuln_scan_exempt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_wf": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_wf_profile": {"required": False, "type": "str"}, + "forticlient_win_ver": {"required": False, "type": "str"}, + "os_av_software_installed": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sandbox_address": {"required": False, "type": "str"}, + "sandbox_analysis": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "on_net_addr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "profile_name": {"required": False, "type": "str"}, + "replacemsg_override_group": {"required": False, "type": "str"}, + "src_addr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "user_groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "users": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_endpoint_control(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_registered_forticlient.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_registered_forticlient.py new file mode 100644 index 00000000..4befb4d1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_registered_forticlient.py @@ -0,0 +1,319 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_endpoint_control_registered_forticlient +short_description: Registered FortiClient list in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify endpoint_control feature and registered_forticlient category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + endpoint_control_registered_forticlient: + description: + - Registered FortiClient list. + default: null + type: dict + suboptions: + flag: + description: + - FortiClient registration flag. + type: int + ip: + description: + - Endpoint IP address. + type: str + mac: + description: + - Endpoint MAC address. + type: str + reg_fortigate: + description: + - Registering FortiGate SN. + type: str + status: + description: + - FortiClient registration status. + type: int + uid: + description: + - FortiClient UID. + required: true + type: str + vdom: + description: + - Registering vdom. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Registered FortiClient list. + fortios_endpoint_control_registered_forticlient: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + endpoint_control_registered_forticlient: + flag: "3" + ip: "" + mac: "" + reg_fortigate: "" + status: "7" + uid: "" + vdom: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_endpoint_control_registered_forticlient_data(json): + option_list = ['flag', 'ip', 'mac', + 'reg_fortigate', 'status', 'uid', + 'vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def endpoint_control_registered_forticlient(data, fos): + vdom = data['vdom'] + state = data['state'] + endpoint_control_registered_forticlient_data = data['endpoint_control_registered_forticlient'] + filtered_data = underscore_to_hyphen(filter_endpoint_control_registered_forticlient_data(endpoint_control_registered_forticlient_data)) + + if state == "present": + return fos.set('endpoint-control', + 'registered-forticlient', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('endpoint-control', + 'registered-forticlient', + mkey=filtered_data['uid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_endpoint_control(data, fos): + + if data['endpoint_control_registered_forticlient']: + resp = endpoint_control_registered_forticlient(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('endpoint_control_registered_forticlient')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'uid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "endpoint_control_registered_forticlient": { + "required": False, "type": "dict", "default": None, + "options": { + "flag": {"required": False, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "mac": {"required": False, "type": "str"}, + "reg_fortigate": {"required": False, "type": "str"}, + "status": {"required": False, "type": "int"}, + "uid": {"required": True, "type": "str"}, + "vdom": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_endpoint_control(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_settings.py new file mode 100644 index 00000000..e938f4a5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_endpoint_control_settings.py @@ -0,0 +1,365 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_endpoint_control_settings +short_description: Configure endpoint control settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify endpoint_control feature and settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + endpoint_control_settings: + description: + - Configure endpoint control settings. + default: null + type: dict + suboptions: + download_custom_link: + description: + - Customized URL for downloading FortiClient. + type: str + download_location: + description: + - FortiClient download location (FortiGuard or custom). + type: str + choices: + - fortiguard + - custom + forticlient_avdb_update_interval: + description: + - Period of time between FortiClient AntiVirus database updates (0 - 24 hours). + type: int + forticlient_dereg_unsupported_client: + description: + - Enable/disable deregistering unsupported FortiClient endpoints. + type: str + choices: + - enable + - disable + forticlient_ems_rest_api_call_timeout: + description: + - FortiClient EMS call timeout in milliseconds (500 - 30000 milliseconds). + type: int + forticlient_keepalive_interval: + description: + - Interval between two KeepAlive messages from FortiClient (20 - 300 sec). + type: int + forticlient_offline_grace: + description: + - Enable/disable grace period for offline registered clients. + type: str + choices: + - enable + - disable + forticlient_offline_grace_interval: + description: + - Grace period for offline registered FortiClient (60 - 600 sec). + type: int + forticlient_reg_key: + description: + - FortiClient registration key. + type: str + forticlient_reg_key_enforce: + description: + - Enable/disable requiring or enforcing FortiClient registration keys. + type: str + choices: + - enable + - disable + forticlient_reg_timeout: + description: + - FortiClient registration license timeout (days, min = 1, max = 180, 0 means unlimited). + type: int + forticlient_sys_update_interval: + description: + - Interval between two system update messages from FortiClient (30 - 1440 min). + type: int + forticlient_user_avatar: + description: + - Enable/disable uploading FortiClient user avatars. + type: str + choices: + - enable + - disable + forticlient_warning_interval: + description: + - Period of time between FortiClient portal warnings (0 - 24 hours). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure endpoint control settings. + fortios_endpoint_control_settings: + vdom: "{{ vdom }}" + endpoint_control_settings: + download_custom_link: "" + download_location: "fortiguard" + forticlient_avdb_update_interval: "5" + forticlient_dereg_unsupported_client: "enable" + forticlient_ems_rest_api_call_timeout: "7" + forticlient_keepalive_interval: "8" + forticlient_offline_grace: "enable" + forticlient_offline_grace_interval: "10" + forticlient_reg_key: "" + forticlient_reg_key_enforce: "enable" + forticlient_reg_timeout: "13" + forticlient_sys_update_interval: "14" + forticlient_user_avatar: "enable" + forticlient_warning_interval: "16" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_endpoint_control_settings_data(json): + option_list = ['download_custom_link', 'download_location', 'forticlient_avdb_update_interval', + 'forticlient_dereg_unsupported_client', 'forticlient_ems_rest_api_call_timeout', 'forticlient_keepalive_interval', + 'forticlient_offline_grace', 'forticlient_offline_grace_interval', 'forticlient_reg_key', + 'forticlient_reg_key_enforce', 'forticlient_reg_timeout', 'forticlient_sys_update_interval', + 'forticlient_user_avatar', 'forticlient_warning_interval'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def endpoint_control_settings(data, fos): + vdom = data['vdom'] + endpoint_control_settings_data = data['endpoint_control_settings'] + filtered_data = underscore_to_hyphen(filter_endpoint_control_settings_data(endpoint_control_settings_data)) + + return fos.set('endpoint-control', + 'settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_endpoint_control(data, fos): + + if data['endpoint_control_settings']: + resp = endpoint_control_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('endpoint_control_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "endpoint_control_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "download_custom_link": {"required": False, "type": "str"}, + "download_location": {"required": False, "type": "str", + "choices": ["fortiguard", + "custom"]}, + "forticlient_avdb_update_interval": {"required": False, "type": "int"}, + "forticlient_dereg_unsupported_client": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_ems_rest_api_call_timeout": {"required": False, "type": "int"}, + "forticlient_keepalive_interval": {"required": False, "type": "int"}, + "forticlient_offline_grace": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_offline_grace_interval": {"required": False, "type": "int"}, + "forticlient_reg_key": {"required": False, "type": "str"}, + "forticlient_reg_key_enforce": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_reg_timeout": {"required": False, "type": "int"}, + "forticlient_sys_update_interval": {"required": False, "type": "int"}, + "forticlient_user_avatar": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_warning_interval": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_endpoint_control(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_extender_controller_extender.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_extender_controller_extender.py new file mode 100644 index 00000000..e6b87aca --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_extender_controller_extender.py @@ -0,0 +1,622 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_extender_controller_extender +short_description: Extender controller configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify extender_controller feature and extender category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + extender_controller_extender: + description: + - Extender controller configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + aaa_shared_secret: + description: + - AAA shared secret. + type: str + access_point_name: + description: + - Access point name(APN). + type: str + admin: + description: + - FortiExtender Administration (enable or disable). + type: str + choices: + - disable + - discovered + - enable + at_dial_script: + description: + - Initialization AT commands specific to the MODEM. + type: str + billing_start_day: + description: + - Billing start day. + type: int + cdma_aaa_spi: + description: + - CDMA AAA SPI. + type: str + cdma_ha_spi: + description: + - CDMA HA SPI. + type: str + cdma_nai: + description: + - NAI for CDMA MODEMS. + type: str + conn_status: + description: + - Connection status. + type: int + description: + description: + - Description. + type: str + dial_mode: + description: + - Dial mode (dial-on-demand or always-connect). + type: str + choices: + - dial-on-demand + - always-connect + dial_status: + description: + - Dial status. + type: int + ext_name: + description: + - FortiExtender name. + type: str + ha_shared_secret: + description: + - HA shared secret. + type: str + id: + description: + - FortiExtender serial number. + required: true + type: str + ifname: + description: + - FortiExtender interface name. + type: str + initiated_update: + description: + - Allow/disallow network initiated updates to the MODEM. + type: str + choices: + - enable + - disable + mode: + description: + - FortiExtender mode. + type: str + choices: + - standalone + - redundant + modem_passwd: + description: + - MODEM password. + type: str + modem_type: + description: + - MODEM type (CDMA, GSM/LTE or WIMAX). + type: str + choices: + - cdma + - gsm/lte + - wimax + multi_mode: + description: + - MODEM mode of operation(3G,LTE,etc). + type: str + choices: + - auto + - auto-3g + - force-lte + - force-3g + - force-2g + ppp_auth_protocol: + description: + - PPP authentication protocol (PAP,CHAP or auto). + type: str + choices: + - auto + - pap + - chap + ppp_echo_request: + description: + - Enable/disable PPP echo request. + type: str + choices: + - enable + - disable + ppp_password: + description: + - PPP password. + type: str + ppp_username: + description: + - PPP username. + type: str + primary_ha: + description: + - Primary HA. + type: str + quota_limit_mb: + description: + - Monthly quota limit (MB). + type: int + redial: + description: + - Number of redials allowed based on failed attempts. + type: str + choices: + - none + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 + - 10 + redundant_intf: + description: + - Redundant interface. + type: str + roaming: + description: + - Enable/disable MODEM roaming. + type: str + choices: + - enable + - disable + role: + description: + - FortiExtender work role(Primary, Secondary, None). + type: str + choices: + - none + - primary + - secondary + secondary_ha: + description: + - Secondary HA. + type: str + sim_pin: + description: + - SIM PIN. + type: str + vdom: + description: + - VDOM + type: int + wimax_auth_protocol: + description: + - WiMax authentication protocol(TLS or TTLS). + type: str + choices: + - tls + - ttls + wimax_carrier: + description: + - WiMax carrier. + type: str + wimax_realm: + description: + - WiMax realm. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Extender controller configuration. + fortios_extender_controller_extender: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + extender_controller_extender: + aaa_shared_secret: "" + access_point_name: "" + admin: "disable" + at_dial_script: "" + billing_start_day: "7" + cdma_aaa_spi: "" + cdma_ha_spi: "" + cdma_nai: "" + conn_status: "11" + description: "" + dial_mode: "dial-on-demand" + dial_status: "14" + ext_name: "" + ha_shared_secret: "" + id: "17" + ifname: "" + initiated_update: "enable" + mode: "standalone" + modem_passwd: "" + modem_type: "cdma" + multi_mode: "auto" + ppp_auth_protocol: "auto" + ppp_echo_request: "enable" + ppp_password: "" + ppp_username: "" + primary_ha: "" + quota_limit_mb: "29" + redial: "none" + redundant_intf: "" + roaming: "enable" + role: "none" + secondary_ha: "" + sim_pin: "" + vdom: "36" + wimax_auth_protocol: "tls" + wimax_carrier: "" + wimax_realm: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_extender_controller_extender_data(json): + option_list = ['aaa_shared_secret', 'access_point_name', 'admin', + 'at_dial_script', 'billing_start_day', 'cdma_aaa_spi', + 'cdma_ha_spi', 'cdma_nai', 'conn_status', + 'description', 'dial_mode', 'dial_status', + 'ext_name', 'ha_shared_secret', 'id', + 'ifname', 'initiated_update', 'mode', + 'modem_passwd', 'modem_type', 'multi_mode', + 'ppp_auth_protocol', 'ppp_echo_request', 'ppp_password', + 'ppp_username', 'primary_ha', 'quota_limit_mb', + 'redial', 'redundant_intf', 'roaming', + 'role', 'secondary_ha', 'sim_pin', + 'vdom', 'wimax_auth_protocol', 'wimax_carrier', + 'wimax_realm'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def extender_controller_extender(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['extender_controller_extender'] and data['extender_controller_extender']['state']: + state = data['extender_controller_extender']['state'] + else: + state = True + extender_controller_extender_data = data['extender_controller_extender'] + filtered_data = underscore_to_hyphen(filter_extender_controller_extender_data(extender_controller_extender_data)) + + if state == "present": + return fos.set('extender-controller', + 'extender', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('extender-controller', + 'extender', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_extender_controller(data, fos): + + if data['extender_controller_extender']: + resp = extender_controller_extender(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('extender_controller_extender')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "extender_controller_extender": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "aaa_shared_secret": {"required": False, "type": "str"}, + "access_point_name": {"required": False, "type": "str"}, + "admin": {"required": False, "type": "str", + "choices": ["disable", + "discovered", + "enable"]}, + "at_dial_script": {"required": False, "type": "str"}, + "billing_start_day": {"required": False, "type": "int"}, + "cdma_aaa_spi": {"required": False, "type": "str"}, + "cdma_ha_spi": {"required": False, "type": "str"}, + "cdma_nai": {"required": False, "type": "str"}, + "conn_status": {"required": False, "type": "int"}, + "description": {"required": False, "type": "str"}, + "dial_mode": {"required": False, "type": "str", + "choices": ["dial-on-demand", + "always-connect"]}, + "dial_status": {"required": False, "type": "int"}, + "ext_name": {"required": False, "type": "str"}, + "ha_shared_secret": {"required": False, "type": "str"}, + "id": {"required": True, "type": "str"}, + "ifname": {"required": False, "type": "str"}, + "initiated_update": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mode": {"required": False, "type": "str", + "choices": ["standalone", + "redundant"]}, + "modem_passwd": {"required": False, "type": "str"}, + "modem_type": {"required": False, "type": "str", + "choices": ["cdma", + "gsm/lte", + "wimax"]}, + "multi_mode": {"required": False, "type": "str", + "choices": ["auto", + "auto-3g", + "force-lte", + "force-3g", + "force-2g"]}, + "ppp_auth_protocol": {"required": False, "type": "str", + "choices": ["auto", + "pap", + "chap"]}, + "ppp_echo_request": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ppp_password": {"required": False, "type": "str"}, + "ppp_username": {"required": False, "type": "str"}, + "primary_ha": {"required": False, "type": "str"}, + "quota_limit_mb": {"required": False, "type": "int"}, + "redial": {"required": False, "type": "str", + "choices": ["none", + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10"]}, + "redundant_intf": {"required": False, "type": "str"}, + "roaming": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "role": {"required": False, "type": "str", + "choices": ["none", + "primary", + "secondary"]}, + "secondary_ha": {"required": False, "type": "str"}, + "sim_pin": {"required": False, "type": "str"}, + "vdom": {"required": False, "type": "int"}, + "wimax_auth_protocol": {"required": False, "type": "str", + "choices": ["tls", + "ttls"]}, + "wimax_carrier": {"required": False, "type": "str"}, + "wimax_realm": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_extender_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_facts.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_facts.py new file mode 100644 index 00000000..540789af --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_facts.py @@ -0,0 +1,281 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_facts +version_added: "2.9" +short_description: Get facts about fortios devices (about to be deprecated). +description: + - Collects facts from network devices running the fortios operating + system. This module places the facts gathered in the fact tree keyed by the + respective resource name. This facts module will only collect those + facts which user specified in playbook. +author: + - Don Yao (@fortinetps) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - httpapi mode is the new recommended way for any network modules + - the module is going to be deprecated in next major release. +requirements: + - galaxy collection fortinet.fortios +options: + host: + description: + - FortiOS or FortiGate IP address. + type: str + required: false + username: + description: + - FortiOS or FortiGate username. + type: str + required: false + password: + description: + - FortiOS or FortiGate password. + type: str + default: "" + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + required: false + https: + description: + - Indicates if the requests towards FortiGate must use HTTPS protocol. + type: bool + default: true + required: false + ssl_verify: + description: + - Ensures FortiGate certificate must be verified by a proper CA. + type: bool + default: false + required: false + gather_subset: + description: + - When supplied, this argument will restrict the facts collected + to a given subset. Possible values for this argument include + system_current-admins_select, system_firmware_select, + system_fortimanager_status, system_ha-checksums_select, + system_interface_select, system_status_select and system_time_select + type: list + elements: dict + required: true + suboptions: + fact: + description: + - Name of the facts to gather + type: str + required: true + filters: + description: + - Filters apply when gathering facts + type: list + elements: dict + required: false +''' + +EXAMPLES = ''' +- hosts: localhost + vars: + host: "192.168.122.40" + username: "admin" + password: "" + vdom: "root" + ssl_verify: "False" + + tasks: + - name: gather basic system status facts + fortios_facts: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + gather_subset: + - fact: 'system_status_select' + + - name: gather all physical interfaces status facts + fortios_facts: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + gather_subset: + - fact: 'system_interface_select' + + - name: gather gather all physical and vlan interfaces status facts + fortios_facts: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + gather_subset: + - fact: 'system_interface_select' + filters: + - include_vlan: true + + - name: gather basic system info and physical interface port3 status facts + fortios_facts: + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + gather_subset: + - fact: 'system_status_select' + - fact: 'system_interface_select' + filters: + - interface_name: 'port3' +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'GET' +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "firmware" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "system" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" +ansible_facts: + description: The list of fact subsets collected from the device + returned: always + type: dict + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.argspec.facts.facts import FactsArgs +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.facts.facts import Facts + + +def login(data, fos): + host = data['host'] + username = data['username'] + password = data['password'] + ssl_verify = data['ssl_verify'] + + fos.debug('on') + if 'https' in data and not data['https']: + fos.https('off') + else: + fos.https('on') + + fos.login(host, username, password, verify=ssl_verify) + + +def main(): + """ Main entry point for AnsibleModule + """ + argument_spec = FactsArgs.argument_spec + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=False) + + # legacy_mode refers to using fortiosapi instead of HTTPAPI + legacy_mode = 'host' in module.params and module.params['host'] is not None and \ + 'username' in module.params and module.params['username'] is not None and \ + 'password' in module.params and module.params['password'] is not None + + if not legacy_mode: + if module._socket_path: + warnings = [] + connection = Connection(module._socket_path) + module._connection = connection + fos = FortiOSHandler(connection, module) + + result = Facts(module, fos).get_facts() + + ansible_facts, additional_warnings = result + warnings.extend(additional_warnings) + + module.exit_json(ansible_facts=ansible_facts, warnings=warnings) + else: + module.fail_json(**FAIL_SOCKET_MSG) + else: + try: + from fortiosapi import FortiOSAPI + except ImportError: + module.fail_json(msg="fortiosapi module is required") + + warnings = [] + + fos = FortiOSAPI() + login(module.params, fos) + module._connection = fos + + result = Facts(module, fos).get_facts() + + ansible_facts, additional_warnings = result + warnings.extend(additional_warnings) + + module.exit_json(ansible_facts=ansible_facts, warnings=warnings) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address.py new file mode 100644 index 00000000..88720e9c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address.py @@ -0,0 +1,547 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_address +short_description: Configure IPv4 addresses in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and address category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_address: + description: + - Configure IPv4 addresses. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + allow_routing: + description: + - Enable/disable use of this address in the static route configuration. + type: str + choices: + - enable + - disable + associated_interface: + description: + - Network interface associated with address. Source system.interface.name system.zone.name. + type: str + cache_ttl: + description: + - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. + type: int + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + country: + description: + - IP addresses associated to a specific country. + type: str + end_ip: + description: + - Final IP address (inclusive) in the range for the address. + type: str + epg_name: + description: + - Endpoint group name. + type: str + filter: + description: + - Match criteria filter. + type: str + fqdn: + description: + - Fully Qualified Domain Name address. + type: str + list: + description: + - IP address list. + type: list + suboptions: + ip: + description: + - IP. + required: true + type: str + name: + description: + - Address name. + required: true + type: str + obj_id: + description: + - Object ID for NSX. + type: int + organization: + description: + - 'Organization domain name (Syntax: organization/domain).' + type: str + policy_group: + description: + - Policy group name. + type: str + sdn: + description: + - SDN. + type: str + choices: + - aci + - aws + - azure + - nsx + - nuage + sdn_tag: + description: + - SDN Tag. + type: str + start_ip: + description: + - First IP address (inclusive) in the range for the address. + type: str + subnet: + description: + - IP address and subnet mask of address. + type: str + subnet_name: + description: + - Subnet name. + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + tenant: + description: + - Tenant. + type: str + type: + description: + - Type of address. + type: str + choices: + - ipmask + - iprange + - fqdn + - geography + - wildcard + - wildcard-fqdn + - dynamic + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable address visibility in the GUI. + type: str + choices: + - enable + - disable + wildcard: + description: + - IP address and wildcard netmask. + type: str + wildcard_fqdn: + description: + - Fully Qualified Domain Name with wildcard characters. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 addresses. + fortios_firewall_address: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_address: + allow_routing: "enable" + associated_interface: " (source system.interface.name system.zone.name)" + cache_ttl: "5" + color: "6" + comment: "Comment." + country: "" + end_ip: "" + epg_name: "" + filter: "" + fqdn: "" + list: + - + ip: "" + name: "default_name_15" + obj_id: "16" + organization: "" + policy_group: "" + sdn: "aci" + sdn_tag: "" + start_ip: "" + subnet: "" + subnet_name: "" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_26" + tags: + - + name: "default_name_28 (source system.object-tagging.tags.name)" + tenant: "" + type: "ipmask" + uuid: "" + visibility: "enable" + wildcard: "" + wildcard_fqdn: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_address_data(json): + option_list = ['allow_routing', 'associated_interface', 'cache_ttl', + 'color', 'comment', 'country', + 'end_ip', 'epg_name', 'filter', + 'fqdn', 'list', 'name', + 'obj_id', 'organization', 'policy_group', + 'sdn', 'sdn_tag', 'start_ip', + 'subnet', 'subnet_name', 'tagging', + 'tenant', 'type', 'uuid', + 'visibility', 'wildcard', 'wildcard_fqdn'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_address(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_address'] and data['firewall_address']['state']: + state = data['firewall_address']['state'] + else: + state = True + firewall_address_data = data['firewall_address'] + filtered_data = underscore_to_hyphen(filter_firewall_address_data(firewall_address_data)) + + if state == "present": + return fos.set('firewall', + 'address', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'address', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_address']: + resp = firewall_address(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_address')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_address": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "allow_routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "associated_interface": {"required": False, "type": "str"}, + "cache_ttl": {"required": False, "type": "int"}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "country": {"required": False, "type": "str"}, + "end_ip": {"required": False, "type": "str"}, + "epg_name": {"required": False, "type": "str"}, + "filter": {"required": False, "type": "str"}, + "fqdn": {"required": False, "type": "str"}, + "list": {"required": False, "type": "list", + "options": { + "ip": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "obj_id": {"required": False, "type": "int"}, + "organization": {"required": False, "type": "str"}, + "policy_group": {"required": False, "type": "str"}, + "sdn": {"required": False, "type": "str", + "choices": ["aci", + "aws", + "azure", + "nsx", + "nuage"]}, + "sdn_tag": {"required": False, "type": "str"}, + "start_ip": {"required": False, "type": "str"}, + "subnet": {"required": False, "type": "str"}, + "subnet_name": {"required": False, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "tenant": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["ipmask", + "iprange", + "fqdn", + "geography", + "wildcard", + "wildcard-fqdn", + "dynamic"]}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wildcard": {"required": False, "type": "str"}, + "wildcard_fqdn": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6.py new file mode 100644 index 00000000..151a4b03 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6.py @@ -0,0 +1,513 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_address6 +short_description: Configure IPv6 firewall addresses in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and address6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_address6: + description: + - Configure IPv6 firewall addresses. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + cache_ttl: + description: + - Minimal TTL of individual IPv6 addresses in FQDN cache. + type: int + color: + description: + - Integer value to determine the color of the icon in the GUI (range 1 to 32). + type: int + comment: + description: + - Comment. + type: str + end_ip: + description: + - 'Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).' + type: str + fqdn: + description: + - Fully qualified domain name. + type: str + host: + description: + - Host Address. + type: str + host_type: + description: + - Host type. + type: str + choices: + - any + - specific + ip6: + description: + - 'IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx).' + type: str + list: + description: + - IP address list. + type: list + suboptions: + ip: + description: + - IP. + required: true + type: str + name: + description: + - Address name. + required: true + type: str + obj_id: + description: + - Object ID for NSX. + type: int + sdn: + description: + - SDN. + type: str + choices: + - nsx + start_ip: + description: + - 'First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).' + type: str + subnet_segment: + description: + - IPv6 subnet segments. + type: list + suboptions: + name: + description: + - Name. + required: true + type: str + type: + description: + - Subnet segment type. + type: str + choices: + - any + - specific + value: + description: + - Subnet segment value. + type: str + tagging: + description: + - Config object tagging + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + template: + description: + - IPv6 address template. Source firewall.address6-template.name. + type: str + type: + description: + - Type of IPv6 address object . + type: str + choices: + - ipprefix + - iprange + - fqdn + - dynamic + - template + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable the visibility of the object in the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 firewall addresses. + fortios_firewall_address6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_address6: + cache_ttl: "3" + color: "4" + comment: "Comment." + end_ip: "" + fqdn: "" + host: "" + host_type: "any" + ip6: "" + list: + - + ip: "" + name: "default_name_13" + obj_id: "14" + sdn: "nsx" + start_ip: "" + subnet_segment: + - + name: "default_name_18" + type: "any" + value: "" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_23" + tags: + - + name: "default_name_25 (source system.object-tagging.tags.name)" + template: " (source firewall.address6-template.name)" + type: "ipprefix" + uuid: "" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_address6_data(json): + option_list = ['cache_ttl', 'color', 'comment', + 'end_ip', 'fqdn', 'host', + 'host_type', 'ip6', 'list', + 'name', 'obj_id', 'sdn', + 'start_ip', 'subnet_segment', 'tagging', + 'template', 'type', 'uuid', + 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_address6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_address6'] and data['firewall_address6']['state']: + state = data['firewall_address6']['state'] + else: + state = True + firewall_address6_data = data['firewall_address6'] + filtered_data = underscore_to_hyphen(filter_firewall_address6_data(firewall_address6_data)) + + if state == "present": + return fos.set('firewall', + 'address6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'address6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_address6']: + resp = firewall_address6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_address6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_address6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "cache_ttl": {"required": False, "type": "int"}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "end_ip": {"required": False, "type": "str"}, + "fqdn": {"required": False, "type": "str"}, + "host": {"required": False, "type": "str"}, + "host_type": {"required": False, "type": "str", + "choices": ["any", + "specific"]}, + "ip6": {"required": False, "type": "str"}, + "list": {"required": False, "type": "list", + "options": { + "ip": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "obj_id": {"required": False, "type": "int"}, + "sdn": {"required": False, "type": "str", + "choices": ["nsx"]}, + "start_ip": {"required": False, "type": "str"}, + "subnet_segment": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["any", + "specific"]}, + "value": {"required": False, "type": "str"} + }}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "template": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["ipprefix", + "iprange", + "fqdn", + "dynamic", + "template"]}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6_template.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6_template.py new file mode 100644 index 00000000..0a65dd1b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_address6_template.py @@ -0,0 +1,378 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_address6_template +short_description: Configure IPv6 address templates in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and address6_template category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_address6_template: + description: + - Configure IPv6 address templates. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + ip6: + description: + - IPv6 address prefix. + type: str + name: + description: + - IPv6 address template name. + required: true + type: str + subnet_segment: + description: + - IPv6 subnet segments. + type: list + suboptions: + bits: + description: + - Number of bits. + type: int + exclusive: + description: + - Enable/disable exclusive value. + type: str + choices: + - enable + - disable + id: + description: + - Subnet segment ID. + required: true + type: int + name: + description: + - Subnet segment name. + type: str + values: + description: + - Subnet segment values. + type: list + suboptions: + name: + description: + - Subnet segment value name. + required: true + type: str + value: + description: + - Subnet segment value. + type: str + subnet_segment_count: + description: + - Number of IPv6 subnet segments. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 address templates. + fortios_firewall_address6_template: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_address6_template: + ip6: "" + name: "default_name_4" + subnet_segment: + - + bits: "6" + exclusive: "enable" + id: "8" + name: "default_name_9" + values: + - + name: "default_name_11" + value: "" + subnet_segment_count: "13" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_address6_template_data(json): + option_list = ['ip6', 'name', 'subnet_segment', + 'subnet_segment_count'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_address6_template(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_address6_template'] and data['firewall_address6_template']['state']: + state = data['firewall_address6_template']['state'] + else: + state = True + firewall_address6_template_data = data['firewall_address6_template'] + filtered_data = underscore_to_hyphen(filter_firewall_address6_template_data(firewall_address6_template_data)) + + if state == "present": + return fos.set('firewall', + 'address6-template', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'address6-template', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_address6_template']: + resp = firewall_address6_template(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_address6_template')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_address6_template": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ip6": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "subnet_segment": {"required": False, "type": "list", + "options": { + "bits": {"required": False, "type": "int"}, + "exclusive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"}, + "values": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "value": {"required": False, "type": "str"} + }} + }}, + "subnet_segment_count": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp.py new file mode 100644 index 00000000..b7862aa5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp.py @@ -0,0 +1,401 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_addrgrp +short_description: Configure IPv4 address groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and addrgrp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_addrgrp: + description: + - Configure IPv4 address groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + allow_routing: + description: + - Enable/disable use of this group in the static route configuration. + type: str + choices: + - enable + - disable + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + member: + description: + - Address objects contained within the group. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + name: + description: + - Address group name. + required: true + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable address visibility in the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 address groups. + fortios_firewall_addrgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_addrgrp: + allow_routing: "enable" + color: "4" + comment: "Comment." + member: + - + name: "default_name_7 (source firewall.address.name firewall.addrgrp.name)" + name: "default_name_8" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_11" + tags: + - + name: "default_name_13 (source system.object-tagging.tags.name)" + uuid: "" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_addrgrp_data(json): + option_list = ['allow_routing', 'color', 'comment', + 'member', 'name', 'tagging', + 'uuid', 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_addrgrp(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_addrgrp'] and data['firewall_addrgrp']['state']: + state = data['firewall_addrgrp']['state'] + else: + state = True + firewall_addrgrp_data = data['firewall_addrgrp'] + filtered_data = underscore_to_hyphen(filter_firewall_addrgrp_data(firewall_addrgrp_data)) + + if state == "present": + return fos.set('firewall', + 'addrgrp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'addrgrp', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_addrgrp']: + resp = firewall_addrgrp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_addrgrp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_addrgrp": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "allow_routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp6.py new file mode 100644 index 00000000..eb084ca9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_addrgrp6.py @@ -0,0 +1,390 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_addrgrp6 +short_description: Configure IPv6 address groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and addrgrp6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_addrgrp6: + description: + - Configure IPv6 address groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Integer value to determine the color of the icon in the GUI (1 - 32). + type: int + comment: + description: + - Comment. + type: str + member: + description: + - Address objects contained within the group. + type: list + suboptions: + name: + description: + - Address6/addrgrp6 name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + name: + description: + - IPv6 address group name. + required: true + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable address group6 visibility in the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 address groups. + fortios_firewall_addrgrp6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_addrgrp6: + color: "3" + comment: "Comment." + member: + - + name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)" + name: "default_name_7" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_10" + tags: + - + name: "default_name_12 (source system.object-tagging.tags.name)" + uuid: "" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_addrgrp6_data(json): + option_list = ['color', 'comment', 'member', + 'name', 'tagging', 'uuid', + 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_addrgrp6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_addrgrp6'] and data['firewall_addrgrp6']['state']: + state = data['firewall_addrgrp6']['state'] + else: + state = True + firewall_addrgrp6_data = data['firewall_addrgrp6'] + filtered_data = underscore_to_hyphen(filter_firewall_addrgrp6_data(firewall_addrgrp6_data)) + + if state == "present": + return fos.set('firewall', + 'addrgrp6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'addrgrp6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_addrgrp6']: + resp = firewall_addrgrp6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_addrgrp6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_addrgrp6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_auth_portal.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_auth_portal.py new file mode 100644 index 00000000..5b306deb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_auth_portal.py @@ -0,0 +1,288 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_auth_portal +short_description: Configure firewall authentication portals in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and auth_portal category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + firewall_auth_portal: + description: + - Configure firewall authentication portals. + default: null + type: dict + suboptions: + groups: + description: + - Firewall user groups permitted to authenticate through this portal. Separate group names with spaces. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + identity_based_route: + description: + - Name of the identity-based route that applies to this portal. Source firewall.identity-based-route.name. + type: str + portal_addr: + description: + - Address (or FQDN) of the authentication portal. + type: str + portal_addr6: + description: + - IPv6 address (or FQDN) of authentication portal. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure firewall authentication portals. + fortios_firewall_auth_portal: + vdom: "{{ vdom }}" + firewall_auth_portal: + groups: + - + name: "default_name_4 (source user.group.name)" + identity_based_route: " (source firewall.identity-based-route.name)" + portal_addr: "" + portal_addr6: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_auth_portal_data(json): + option_list = ['groups', 'identity_based_route', 'portal_addr', + 'portal_addr6'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_auth_portal(data, fos): + vdom = data['vdom'] + firewall_auth_portal_data = data['firewall_auth_portal'] + filtered_data = underscore_to_hyphen(filter_firewall_auth_portal_data(firewall_auth_portal_data)) + + return fos.set('firewall', + 'auth-portal', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_auth_portal']: + resp = firewall_auth_portal(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_auth_portal')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "firewall_auth_portal": { + "required": False, "type": "dict", "default": None, + "options": { + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "identity_based_route": {"required": False, "type": "str"}, + "portal_addr": {"required": False, "type": "str"}, + "portal_addr6": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_central_snat_map.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_central_snat_map.py new file mode 100644 index 00000000..3f592716 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_central_snat_map.py @@ -0,0 +1,436 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_central_snat_map +short_description: Configure central SNAT policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and central_snat_map category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_central_snat_map: + description: + - Configure central SNAT policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comments: + description: + - Comment. + type: str + dst_addr: + description: + - Destination address name from available addresses. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + dstintf: + description: + - Destination interface name from available interfaces. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + nat: + description: + - Enable/disable source NAT. + type: str + choices: + - disable + - enable + nat_ippool: + description: + - Name of the IP pools to be used to translate addresses from available IP Pools. + type: list + suboptions: + name: + description: + - IP pool name. Source firewall.ippool.name. + required: true + type: str + nat_port: + description: + - Translated port or port range (0 to 65535). + type: str + orig_addr: + description: + - Original address. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + orig_port: + description: + - Original TCP port (0 to 65535). + type: str + policyid: + description: + - Policy ID. + required: true + type: int + protocol: + description: + - Integer value for the protocol type (0 - 255). + type: int + srcintf: + description: + - Source interface name from available interfaces. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + status: + description: + - Enable/disable the active status of this policy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure central SNAT policies. + fortios_firewall_central_snat_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_central_snat_map: + comments: "" + dst_addr: + - + name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" + dstintf: + - + name: "default_name_7 (source system.interface.name system.zone.name)" + nat: "disable" + nat_ippool: + - + name: "default_name_10 (source firewall.ippool.name)" + nat_port: "" + orig_addr: + - + name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)" + orig_port: "" + policyid: "15" + protocol: "16" + srcintf: + - + name: "default_name_18 (source system.interface.name system.zone.name)" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_central_snat_map_data(json): + option_list = ['comments', 'dst_addr', 'dstintf', + 'nat', 'nat_ippool', 'nat_port', + 'orig_addr', 'orig_port', 'policyid', + 'protocol', 'srcintf', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_central_snat_map(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_central_snat_map'] and data['firewall_central_snat_map']['state']: + state = data['firewall_central_snat_map']['state'] + else: + state = True + firewall_central_snat_map_data = data['firewall_central_snat_map'] + filtered_data = underscore_to_hyphen(filter_firewall_central_snat_map_data(firewall_central_snat_map_data)) + + if state == "present": + return fos.set('firewall', + 'central-snat-map', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'central-snat-map', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_central_snat_map']: + resp = firewall_central_snat_map(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_central_snat_map')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_central_snat_map": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comments": {"required": False, "type": "str"}, + "dst_addr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "nat": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "nat_ippool": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "nat_port": {"required": False, "type": "str"}, + "orig_addr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "orig_port": {"required": False, "type": "str"}, + "policyid": {"required": True, "type": "int"}, + "protocol": {"required": False, "type": "int"}, + "srcintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dnstranslation.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dnstranslation.py new file mode 100644 index 00000000..e50d1d9a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dnstranslation.py @@ -0,0 +1,323 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_dnstranslation +short_description: Configure DNS translation in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and dnstranslation category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_dnstranslation: + description: + - Configure DNS translation. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + dst: + description: + - IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or + subnet on the external network, but number of addresses must equal number of mapped IP addresses in src. + type: str + id: + description: + - ID. + required: true + type: int + netmask: + description: + - If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst. + type: str + src: + description: + - IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address + matches, the resolved address is substituted with dst. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS translation. + fortios_firewall_dnstranslation: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_dnstranslation: + dst: "" + id: "4" + netmask: "" + src: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_dnstranslation_data(json): + option_list = ['dst', 'id', 'netmask', + 'src'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_dnstranslation(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_dnstranslation'] and data['firewall_dnstranslation']['state']: + state = data['firewall_dnstranslation']['state'] + else: + state = True + firewall_dnstranslation_data = data['firewall_dnstranslation'] + filtered_data = underscore_to_hyphen(filter_firewall_dnstranslation_data(firewall_dnstranslation_data)) + + if state == "present": + return fos.set('firewall', + 'dnstranslation', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'dnstranslation', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_dnstranslation']: + resp = firewall_dnstranslation(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_dnstranslation')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_dnstranslation": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "dst": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "netmask": {"required": False, "type": "str"}, + "src": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy.py new file mode 100644 index 00000000..518a4a3f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy.py @@ -0,0 +1,448 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_dos_policy +short_description: Configure IPv4 DoS policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and dos_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + firewall_dos_policy: + description: + - Configure IPv4 DoS policies. + default: null + type: dict + suboptions: + anomaly: + description: + - Anomaly name. + type: list + suboptions: + action: + description: + - Action taken when the threshold is reached. + type: str + choices: + - pass + - block + log: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + name: + description: + - Anomaly name. + required: true + type: str + quarantine: + description: + - Quarantine method. + type: str + choices: + - none + - attacker + quarantine_expiry: + description: + - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. + type: str + quarantine_log: + description: + - Enable/disable quarantine logging. + type: str + choices: + - disable + - enable + status: + description: + - Enable/disable this anomaly. + type: str + choices: + - disable + - enable + threshold: + description: + - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. + type: int + threshold(default): + description: + - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold + value assigned to it. + type: int + comments: + description: + - Comment. + type: str + dstaddr: + description: + - Destination address name from available addresses. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + interface: + description: + - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. + type: str + policyid: + description: + - Policy ID. + required: true + type: int + service: + description: + - Service object from available options. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source address name from available addresses. + type: list + suboptions: + name: + description: + - Service name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + status: + description: + - Enable/disable this policy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 DoS policies. + fortios_firewall_dos_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_dos_policy: + anomaly: + - + action: "pass" + log: "enable" + name: "default_name_6" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + status: "disable" + threshold: "11" + threshold(default): "12" + comments: "" + dstaddr: + - + name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)" + interface: " (source system.zone.name system.interface.name)" + policyid: "17" + service: + - + name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_21 (source firewall.address.name firewall.addrgrp.name)" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_dos_policy_data(json): + option_list = ['anomaly', 'comments', 'dstaddr', + 'interface', 'policyid', 'service', + 'srcaddr', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_dos_policy(data, fos): + vdom = data['vdom'] + state = data['state'] + firewall_dos_policy_data = data['firewall_dos_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_dos_policy_data(firewall_dos_policy_data)) + + if state == "present": + return fos.set('firewall', + 'DoS-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'DoS-policy', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_dos_policy']: + resp = firewall_dos_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_dos_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "firewall_dos_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "quarantine": {"required": False, "type": "str", + "choices": ["none", + "attacker"]}, + "quarantine_expiry": {"required": False, "type": "str"}, + "quarantine_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "threshold": {"required": False, "type": "int"}, + "threshold(default)": {"required": False, "type": "int"} + }}, + "comments": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "interface": {"required": False, "type": "str"}, + "policyid": {"required": True, "type": "int"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy6.py new file mode 100644 index 00000000..d3fbf871 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_dos_policy6.py @@ -0,0 +1,448 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_dos_policy6 +short_description: Configure IPv6 DoS policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and dos_policy6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + firewall_dos_policy6: + description: + - Configure IPv6 DoS policies. + default: null + type: dict + suboptions: + anomaly: + description: + - Anomaly name. + type: list + suboptions: + action: + description: + - Action taken when the threshold is reached. + type: str + choices: + - pass + - block + log: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + name: + description: + - Anomaly name. + required: true + type: str + quarantine: + description: + - Quarantine method. + type: str + choices: + - none + - attacker + quarantine_expiry: + description: + - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. + type: str + quarantine_log: + description: + - Enable/disable quarantine logging. + type: str + choices: + - disable + - enable + status: + description: + - Enable/disable this anomaly. + type: str + choices: + - disable + - enable + threshold: + description: + - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. + type: int + threshold(default): + description: + - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold + value assigned to it. + type: int + comments: + description: + - Comment. + type: str + dstaddr: + description: + - Destination address name from available addresses. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + interface: + description: + - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. + type: str + policyid: + description: + - Policy ID. + required: true + type: int + service: + description: + - Service object from available options. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source address name from available addresses. + type: list + suboptions: + name: + description: + - Service name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + status: + description: + - Enable/disable this policy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 DoS policies. + fortios_firewall_dos_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_dos_policy6: + anomaly: + - + action: "pass" + log: "enable" + name: "default_name_6" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + status: "disable" + threshold: "11" + threshold(default): "12" + comments: "" + dstaddr: + - + name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)" + interface: " (source system.zone.name system.interface.name)" + policyid: "17" + service: + - + name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_21 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_dos_policy6_data(json): + option_list = ['anomaly', 'comments', 'dstaddr', + 'interface', 'policyid', 'service', + 'srcaddr', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_dos_policy6(data, fos): + vdom = data['vdom'] + state = data['state'] + firewall_dos_policy6_data = data['firewall_dos_policy6'] + filtered_data = underscore_to_hyphen(filter_firewall_dos_policy6_data(firewall_dos_policy6_data)) + + if state == "present": + return fos.set('firewall', + 'DoS-policy6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'DoS-policy6', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_dos_policy6']: + resp = firewall_dos_policy6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_dos_policy6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "firewall_dos_policy6": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "quarantine": {"required": False, "type": "str", + "choices": ["none", + "attacker"]}, + "quarantine_expiry": {"required": False, "type": "str"}, + "quarantine_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "threshold": {"required": False, "type": "int"}, + "threshold(default)": {"required": False, "type": "int"} + }}, + "comments": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "interface": {"required": False, "type": "str"}, + "policyid": {"required": True, "type": "int"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_identity_based_route.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_identity_based_route.py new file mode 100644 index 00000000..554046a2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_identity_based_route.py @@ -0,0 +1,354 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_identity_based_route +short_description: Configure identity based routing in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and identity_based_route category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_identity_based_route: + description: + - Configure identity based routing. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comments: + description: + - Comments. + type: str + name: + description: + - Name. + required: true + type: str + rule: + description: + - Rule. + type: list + suboptions: + device: + description: + - Outgoing interface for the rule. Source system.interface.name. + type: str + gateway: + description: + - 'IPv4 address of the gateway (Format: xxx.xxx.xxx.xxx ).' + type: str + groups: + description: + - Select one or more group(s) from available groups that are allowed to use this route. Separate group names with a space. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + id: + description: + - Rule ID. + required: true + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure identity based routing. + fortios_firewall_identity_based_route: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_identity_based_route: + comments: "" + name: "default_name_4" + rule: + - + device: " (source system.interface.name)" + gateway: "" + groups: + - + name: "default_name_9 (source user.group.name)" + id: "10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_identity_based_route_data(json): + option_list = ['comments', 'name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_identity_based_route(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_identity_based_route'] and data['firewall_identity_based_route']['state']: + state = data['firewall_identity_based_route']['state'] + else: + state = True + firewall_identity_based_route_data = data['firewall_identity_based_route'] + filtered_data = underscore_to_hyphen(filter_firewall_identity_based_route_data(firewall_identity_based_route_data)) + + if state == "present": + return fos.set('firewall', + 'identity-based-route', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'identity-based-route', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_identity_based_route']: + resp = firewall_identity_based_route(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_identity_based_route')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_identity_based_route": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comments": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "device": {"required": False, "type": "str"}, + "gateway": {"required": False, "type": "str"}, + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy.py new file mode 100644 index 00000000..f36ec18f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy.py @@ -0,0 +1,539 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_interface_policy +short_description: Configure IPv4 interface policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and interface_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_interface_policy: + description: + - Configure IPv4 interface policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + address_type: + description: + - Policy address type (IPv4 or IPv6). + type: str + choices: + - ipv4 + - ipv6 + application_list: + description: + - Application list name. Source application.list.name. + type: str + application_list_status: + description: + - Enable/disable application control. + type: str + choices: + - enable + - disable + av_profile: + description: + - Antivirus profile. Source antivirus.profile.name. + type: str + av_profile_status: + description: + - Enable/disable antivirus. + type: str + choices: + - enable + - disable + comments: + description: + - Comments. + type: str + dlp_sensor: + description: + - DLP sensor name. Source dlp.sensor.name. + type: str + dlp_sensor_status: + description: + - Enable/disable DLP. + type: str + choices: + - enable + - disable + dsri: + description: + - Enable/disable DSRI. + type: str + choices: + - enable + - disable + dstaddr: + description: + - Address object to limit traffic monitoring to network traffic sent to the specified address or range. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + interface: + description: + - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. + type: str + ips_sensor: + description: + - IPS sensor name. Source ips.sensor.name. + type: str + ips_sensor_status: + description: + - Enable/disable IPS. + type: str + choices: + - enable + - disable + label: + description: + - Label. + type: str + logtraffic: + description: + - 'Logging type to be used in this policy (Options: all | utm | disable).' + type: str + choices: + - all + - utm + - disable + policyid: + description: + - Policy ID. + required: true + type: int + scan_botnet_connections: + description: + - Enable/disable scanning for connections to Botnet servers. + type: str + choices: + - disable + - block + - monitor + service: + description: + - Service object from available options. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + spamfilter_profile: + description: + - Antispam profile. Source spamfilter.profile.name. + type: str + spamfilter_profile_status: + description: + - Enable/disable antispam. + type: str + choices: + - enable + - disable + srcaddr: + description: + - Address object to limit traffic monitoring to network traffic sent from the specified address or range. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + status: + description: + - Enable/disable this policy. + type: str + choices: + - enable + - disable + webfilter_profile: + description: + - Web filter profile. Source webfilter.profile.name. + type: str + webfilter_profile_status: + description: + - Enable/disable web filtering. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 interface policies. + fortios_firewall_interface_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_interface_policy: + address_type: "ipv4" + application_list: " (source application.list.name)" + application_list_status: "enable" + av_profile: " (source antivirus.profile.name)" + av_profile_status: "enable" + comments: "" + dlp_sensor: " (source dlp.sensor.name)" + dlp_sensor_status: "enable" + dsri: "enable" + dstaddr: + - + name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)" + interface: " (source system.zone.name system.interface.name)" + ips_sensor: " (source ips.sensor.name)" + ips_sensor_status: "enable" + label: "" + logtraffic: "all" + policyid: "19" + scan_botnet_connections: "disable" + service: + - + name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)" + spamfilter_profile: " (source spamfilter.profile.name)" + spamfilter_profile_status: "enable" + srcaddr: + - + name: "default_name_26 (source firewall.address.name firewall.addrgrp.name)" + status: "enable" + webfilter_profile: " (source webfilter.profile.name)" + webfilter_profile_status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_interface_policy_data(json): + option_list = ['address_type', 'application_list', 'application_list_status', + 'av_profile', 'av_profile_status', 'comments', + 'dlp_sensor', 'dlp_sensor_status', 'dsri', + 'dstaddr', 'interface', 'ips_sensor', + 'ips_sensor_status', 'label', 'logtraffic', + 'policyid', 'scan_botnet_connections', 'service', + 'spamfilter_profile', 'spamfilter_profile_status', 'srcaddr', + 'status', 'webfilter_profile', 'webfilter_profile_status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_interface_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_interface_policy'] and data['firewall_interface_policy']['state']: + state = data['firewall_interface_policy']['state'] + else: + state = True + firewall_interface_policy_data = data['firewall_interface_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_interface_policy_data(firewall_interface_policy_data)) + + if state == "present": + return fos.set('firewall', + 'interface-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'interface-policy', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_interface_policy']: + resp = firewall_interface_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_interface_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_interface_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "address_type": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "application_list": {"required": False, "type": "str"}, + "application_list_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "av_profile": {"required": False, "type": "str"}, + "av_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comments": {"required": False, "type": "str"}, + "dlp_sensor": {"required": False, "type": "str"}, + "dlp_sensor_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dsri": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "interface": {"required": False, "type": "str"}, + "ips_sensor": {"required": False, "type": "str"}, + "ips_sensor_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "label": {"required": False, "type": "str"}, + "logtraffic": {"required": False, "type": "str", + "choices": ["all", + "utm", + "disable"]}, + "policyid": {"required": True, "type": "int"}, + "scan_botnet_connections": {"required": False, "type": "str", + "choices": ["disable", + "block", + "monitor"]}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "spamfilter_profile": {"required": False, "type": "str"}, + "spamfilter_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webfilter_profile": {"required": False, "type": "str"}, + "webfilter_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy6.py new file mode 100644 index 00000000..829d22c6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_interface_policy6.py @@ -0,0 +1,539 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_interface_policy6 +short_description: Configure IPv6 interface policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and interface_policy6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_interface_policy6: + description: + - Configure IPv6 interface policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + address_type: + description: + - Policy address type (IPv4 or IPv6). + type: str + choices: + - ipv4 + - ipv6 + application_list: + description: + - Application list name. Source application.list.name. + type: str + application_list_status: + description: + - Enable/disable application control. + type: str + choices: + - enable + - disable + av_profile: + description: + - Antivirus profile. Source antivirus.profile.name. + type: str + av_profile_status: + description: + - Enable/disable antivirus. + type: str + choices: + - enable + - disable + comments: + description: + - Comments. + type: str + dlp_sensor: + description: + - DLP sensor name. Source dlp.sensor.name. + type: str + dlp_sensor_status: + description: + - Enable/disable DLP. + type: str + choices: + - enable + - disable + dsri: + description: + - Enable/disable DSRI. + type: str + choices: + - enable + - disable + dstaddr6: + description: + - IPv6 address object to limit traffic monitoring to network traffic sent to the specified address or range. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + interface: + description: + - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. + type: str + ips_sensor: + description: + - IPS sensor name. Source ips.sensor.name. + type: str + ips_sensor_status: + description: + - Enable/disable IPS. + type: str + choices: + - enable + - disable + label: + description: + - Label. + type: str + logtraffic: + description: + - 'Logging type to be used in this policy (Options: all | utm | disable).' + type: str + choices: + - all + - utm + - disable + policyid: + description: + - Policy ID. + required: true + type: int + scan_botnet_connections: + description: + - Enable/disable scanning for connections to Botnet servers. + type: str + choices: + - disable + - block + - monitor + service6: + description: + - Service name. + type: list + suboptions: + name: + description: + - Address name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + spamfilter_profile: + description: + - Antispam profile. Source spamfilter.profile.name. + type: str + spamfilter_profile_status: + description: + - Enable/disable antispam. + type: str + choices: + - enable + - disable + srcaddr6: + description: + - IPv6 address object to limit traffic monitoring to network traffic sent from the specified address or range. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + status: + description: + - Enable/disable this policy. + type: str + choices: + - enable + - disable + webfilter_profile: + description: + - Web filter profile. Source webfilter.profile.name. + type: str + webfilter_profile_status: + description: + - Enable/disable web filtering. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 interface policies. + fortios_firewall_interface_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_interface_policy6: + address_type: "ipv4" + application_list: " (source application.list.name)" + application_list_status: "enable" + av_profile: " (source antivirus.profile.name)" + av_profile_status: "enable" + comments: "" + dlp_sensor: " (source dlp.sensor.name)" + dlp_sensor_status: "enable" + dsri: "enable" + dstaddr6: + - + name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)" + interface: " (source system.zone.name system.interface.name)" + ips_sensor: " (source ips.sensor.name)" + ips_sensor_status: "enable" + label: "" + logtraffic: "all" + policyid: "19" + scan_botnet_connections: "disable" + service6: + - + name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)" + spamfilter_profile: " (source spamfilter.profile.name)" + spamfilter_profile_status: "enable" + srcaddr6: + - + name: "default_name_26 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + webfilter_profile: " (source webfilter.profile.name)" + webfilter_profile_status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_interface_policy6_data(json): + option_list = ['address_type', 'application_list', 'application_list_status', + 'av_profile', 'av_profile_status', 'comments', + 'dlp_sensor', 'dlp_sensor_status', 'dsri', + 'dstaddr6', 'interface', 'ips_sensor', + 'ips_sensor_status', 'label', 'logtraffic', + 'policyid', 'scan_botnet_connections', 'service6', + 'spamfilter_profile', 'spamfilter_profile_status', 'srcaddr6', + 'status', 'webfilter_profile', 'webfilter_profile_status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_interface_policy6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_interface_policy6'] and data['firewall_interface_policy6']['state']: + state = data['firewall_interface_policy6']['state'] + else: + state = True + firewall_interface_policy6_data = data['firewall_interface_policy6'] + filtered_data = underscore_to_hyphen(filter_firewall_interface_policy6_data(firewall_interface_policy6_data)) + + if state == "present": + return fos.set('firewall', + 'interface-policy6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'interface-policy6', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_interface_policy6']: + resp = firewall_interface_policy6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_interface_policy6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_interface_policy6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "address_type": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "application_list": {"required": False, "type": "str"}, + "application_list_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "av_profile": {"required": False, "type": "str"}, + "av_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comments": {"required": False, "type": "str"}, + "dlp_sensor": {"required": False, "type": "str"}, + "dlp_sensor_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dsri": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "interface": {"required": False, "type": "str"}, + "ips_sensor": {"required": False, "type": "str"}, + "ips_sensor_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "label": {"required": False, "type": "str"}, + "logtraffic": {"required": False, "type": "str", + "choices": ["all", + "utm", + "disable"]}, + "policyid": {"required": True, "type": "int"}, + "scan_botnet_connections": {"required": False, "type": "str", + "choices": ["disable", + "block", + "monitor"]}, + "service6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "spamfilter_profile": {"required": False, "type": "str"}, + "spamfilter_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "srcaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webfilter_profile": {"required": False, "type": "str"}, + "webfilter_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service.py new file mode 100644 index 00000000..ffba3ec4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service.py @@ -0,0 +1,399 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_internet_service +short_description: Show Internet Service application in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and internet_service category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_internet_service: + description: + - Show Internet Service application. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + database: + description: + - Database name this Internet Service belongs to. + type: str + choices: + - isdb + - irdb + direction: + description: + - How this service may be used in a firewall policy (source, destination or both). + type: str + choices: + - src + - dst + - both + entry: + description: + - Entries in the Internet Service database. + type: list + suboptions: + id: + description: + - Entry ID. + required: true + type: int + ip_number: + description: + - Total number of IP addresses. + type: int + ip_range_number: + description: + - Total number of IP ranges. + type: int + port: + description: + - Integer value for the TCP/IP port (0 - 65535). + type: int + protocol: + description: + - Integer value for the protocol type as defined by IANA (0 - 255). + type: int + icon_id: + description: + - Icon ID of Internet Service. + type: int + id: + description: + - Internet Service ID. + required: true + type: int + name: + description: + - Internet Service name. + type: str + offset: + description: + - Offset of Internet Service ID. + type: int + reputation: + description: + - Reputation level of the Internet Service. + type: int + sld_id: + description: + - Second Level Domain. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Show Internet Service application. + fortios_firewall_internet_service: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service: + database: "isdb" + direction: "src" + entry: + - + id: "6" + ip_number: "7" + ip_range_number: "8" + port: "9" + protocol: "10" + icon_id: "11" + id: "12" + name: "default_name_13" + offset: "14" + reputation: "15" + sld_id: "16" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_internet_service_data(json): + option_list = ['database', 'direction', 'entry', + 'icon_id', 'id', 'name', + 'offset', 'reputation', 'sld_id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_internet_service(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_internet_service'] and data['firewall_internet_service']['state']: + state = data['firewall_internet_service']['state'] + else: + state = True + firewall_internet_service_data = data['firewall_internet_service'] + filtered_data = underscore_to_hyphen(filter_firewall_internet_service_data(firewall_internet_service_data)) + + if state == "present": + return fos.set('firewall', + 'internet-service', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'internet-service', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_internet_service']: + resp = firewall_internet_service(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_internet_service')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_internet_service": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "database": {"required": False, "type": "str", + "choices": ["isdb", + "irdb"]}, + "direction": {"required": False, "type": "str", + "choices": ["src", + "dst", + "both"]}, + "entry": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "ip_number": {"required": False, "type": "int"}, + "ip_range_number": {"required": False, "type": "int"}, + "port": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "int"} + }}, + "icon_id": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"}, + "offset": {"required": False, "type": "int"}, + "reputation": {"required": False, "type": "int"}, + "sld_id": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom.py new file mode 100644 index 00000000..17cfefc8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom.py @@ -0,0 +1,443 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_internet_service_custom +short_description: Configure custom Internet Services in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and internet_service_custom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_internet_service_custom: + description: + - Configure custom Internet Services. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Comment. + type: str + disable_entry: + description: + - Disable entries in the Internet Service database. + type: list + suboptions: + id: + description: + - Disable entry ID. + required: true + type: int + ip_range: + description: + - IP ranges in the disable entry. + type: list + suboptions: + end_ip: + description: + - End IP address. + type: str + id: + description: + - Disable entry range ID. + required: true + type: int + start_ip: + description: + - Start IP address. + type: str + port: + description: + - Integer value for the TCP/IP port (0 - 65535). + type: int + protocol: + description: + - Integer value for the protocol type as defined by IANA (0 - 255). + type: int + entry: + description: + - Entries added to the Internet Service database and custom database. + type: list + suboptions: + dst: + description: + - Destination address or address group name. + type: list + suboptions: + name: + description: + - Select the destination address or address group object from available options. Source firewall.address.name firewall + .addrgrp.name. + required: true + type: str + id: + description: + - Entry ID(1-255). + required: true + type: int + port_range: + description: + - Port ranges in the custom entry. + type: list + suboptions: + end_port: + description: + - Integer value for ending TCP/UDP/SCTP destination port in range (1 to 65535). + type: int + id: + description: + - Custom entry port range ID. + required: true + type: int + start_port: + description: + - Integer value for starting TCP/UDP/SCTP destination port in range (1 to 65535). + type: int + protocol: + description: + - Integer value for the protocol type as defined by IANA (0 - 255). + type: int + master_service_id: + description: + - Internet Service ID in the Internet Service database. Source firewall.internet-service.id. + type: int + name: + description: + - Internet Service name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom Internet Services. + fortios_firewall_internet_service_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_custom: + comment: "Comment." + disable_entry: + - + id: "5" + ip_range: + - + end_ip: "" + id: "8" + start_ip: "" + port: "10" + protocol: "11" + entry: + - + dst: + - + name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" + id: "15" + port_range: + - + end_port: "17" + id: "18" + start_port: "19" + protocol: "20" + master_service_id: "21 (source firewall.internet-service.id)" + name: "default_name_22" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_internet_service_custom_data(json): + option_list = ['comment', 'disable_entry', 'entry', + 'master_service_id', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_internet_service_custom(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_internet_service_custom'] and data['firewall_internet_service_custom']['state']: + state = data['firewall_internet_service_custom']['state'] + else: + state = True + firewall_internet_service_custom_data = data['firewall_internet_service_custom'] + filtered_data = underscore_to_hyphen(filter_firewall_internet_service_custom_data(firewall_internet_service_custom_data)) + + if state == "present": + return fos.set('firewall', + 'internet-service-custom', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'internet-service-custom', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_internet_service_custom']: + resp = firewall_internet_service_custom(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_internet_service_custom')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_internet_service_custom": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "disable_entry": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "ip_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "port": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "int"} + }}, + "entry": {"required": False, "type": "list", + "options": { + "dst": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "port_range": {"required": False, "type": "list", + "options": { + "end_port": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "start_port": {"required": False, "type": "int"} + }}, + "protocol": {"required": False, "type": "int"} + }}, + "master_service_id": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom_group.py new file mode 100644 index 00000000..783e67b6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_custom_group.py @@ -0,0 +1,304 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_internet_service_custom_group +short_description: Configure custom Internet Service group in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and internet_service_custom_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + firewall_internet_service_custom_group: + description: + - Configure custom Internet Service group. + default: null + type: dict + suboptions: + comment: + description: + - Comment. + type: str + member: + description: + - Custom Internet Service group members. + type: list + suboptions: + name: + description: + - Group member name. Source firewall.internet-service-custom.name. + required: true + type: str + name: + description: + - Custom Internet Service group name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom Internet Service group. + fortios_firewall_internet_service_custom_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_custom_group: + comment: "Comment." + member: + - + name: "default_name_5 (source firewall.internet-service-custom.name)" + name: "default_name_6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_internet_service_custom_group_data(json): + option_list = ['comment', 'member', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_internet_service_custom_group(data, fos): + vdom = data['vdom'] + state = data['state'] + firewall_internet_service_custom_group_data = data['firewall_internet_service_custom_group'] + filtered_data = underscore_to_hyphen(filter_firewall_internet_service_custom_group_data(firewall_internet_service_custom_group_data)) + + if state == "present": + return fos.set('firewall', + 'internet-service-custom-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'internet-service-custom-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_internet_service_custom_group']: + resp = firewall_internet_service_custom_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_internet_service_custom_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "firewall_internet_service_custom_group": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_group.py new file mode 100644 index 00000000..7a197f43 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_internet_service_group.py @@ -0,0 +1,325 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_internet_service_group +short_description: Configure group of Internet Service in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and internet_service_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_internet_service_group: + description: + - Configure group of Internet Service. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Comment. + type: str + member: + description: + - Internet Service group member. + type: list + suboptions: + id: + description: + - Internet Service ID. Source firewall.internet-service.id. + required: true + type: int + name: + description: + - Internet Service group name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure group of Internet Service. + fortios_firewall_internet_service_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_internet_service_group: + comment: "Comment." + member: + - + id: "5 (source firewall.internet-service.id)" + name: "default_name_6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_internet_service_group_data(json): + option_list = ['comment', 'member', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_internet_service_group(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_internet_service_group'] and data['firewall_internet_service_group']['state']: + state = data['firewall_internet_service_group']['state'] + else: + state = True + firewall_internet_service_group_data = data['firewall_internet_service_group'] + filtered_data = underscore_to_hyphen(filter_firewall_internet_service_group_data(firewall_internet_service_group_data)) + + if state == "present": + return fos.set('firewall', + 'internet-service-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'internet-service-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_internet_service_group']: + resp = firewall_internet_service_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_internet_service_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_internet_service_group": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ip_translation.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ip_translation.py new file mode 100644 index 00000000..b6955237 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ip_translation.py @@ -0,0 +1,330 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ip_translation +short_description: Configure firewall IP-translation in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ip_translation category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ip_translation: + description: + - Configure firewall IP-translation. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + endip: + description: + - 'Final IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx).' + type: str + map_startip: + description: + - 'Address to be used as the starting point for translation in the range (format xxx.xxx.xxx.xxx).' + type: str + startip: + description: + - 'First IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx).' + type: str + transid: + description: + - IP translation ID. + required: true + type: int + type: + description: + - 'IP translation type (option: SCTP).' + type: str + choices: + - SCTP +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure firewall IP-translation. + fortios_firewall_ip_translation: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ip_translation: + endip: "" + map_startip: "" + startip: "" + transid: "6" + type: "SCTP" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ip_translation_data(json): + option_list = ['endip', 'map_startip', 'startip', + 'transid', 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ip_translation(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ip_translation'] and data['firewall_ip_translation']['state']: + state = data['firewall_ip_translation']['state'] + else: + state = True + firewall_ip_translation_data = data['firewall_ip_translation'] + filtered_data = underscore_to_hyphen(filter_firewall_ip_translation_data(firewall_ip_translation_data)) + + if state == "present": + return fos.set('firewall', + 'ip-translation', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'ip-translation', + mkey=filtered_data['transid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ip_translation']: + resp = firewall_ip_translation(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ip_translation')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'transid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ip_translation": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "endip": {"required": False, "type": "str"}, + "map_startip": {"required": False, "type": "str"}, + "startip": {"required": False, "type": "str"}, + "transid": {"required": True, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["SCTP"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_setting.py new file mode 100644 index 00000000..932574b0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_setting.py @@ -0,0 +1,285 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ipmacbinding_setting +short_description: Configure IP to MAC binding settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_ipmacbinding feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + firewall_ipmacbinding_setting: + description: + - Configure IP to MAC binding settings. + default: null + type: dict + suboptions: + bindthroughfw: + description: + - Enable/disable use of IP/MAC binding to filter packets that would normally go through the firewall. + type: str + choices: + - enable + - disable + bindtofw: + description: + - Enable/disable use of IP/MAC binding to filter packets that would normally go to the firewall. + type: str + choices: + - enable + - disable + undefinedhost: + description: + - Select action to take on packets with IP/MAC addresses not in the binding list . + type: str + choices: + - allow + - block +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP to MAC binding settings. + fortios_firewall_ipmacbinding_setting: + vdom: "{{ vdom }}" + firewall_ipmacbinding_setting: + bindthroughfw: "enable" + bindtofw: "enable" + undefinedhost: "allow" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ipmacbinding_setting_data(json): + option_list = ['bindthroughfw', 'bindtofw', 'undefinedhost'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ipmacbinding_setting(data, fos): + vdom = data['vdom'] + firewall_ipmacbinding_setting_data = data['firewall_ipmacbinding_setting'] + filtered_data = underscore_to_hyphen(filter_firewall_ipmacbinding_setting_data(firewall_ipmacbinding_setting_data)) + + return fos.set('firewall.ipmacbinding', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_ipmacbinding(data, fos): + + if data['firewall_ipmacbinding_setting']: + resp = firewall_ipmacbinding_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ipmacbinding_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "firewall_ipmacbinding_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "bindthroughfw": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bindtofw": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "undefinedhost": {"required": False, "type": "str", + "choices": ["allow", + "block"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_table.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_table.py new file mode 100644 index 00000000..fadd6163 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipmacbinding_table.py @@ -0,0 +1,331 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ipmacbinding_table +short_description: Configure IP to MAC address pairs in the IP/MAC binding table in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_ipmacbinding feature and table category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ipmacbinding_table: + description: + - Configure IP to MAC address pairs in the IP/MAC binding table. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + ip: + description: + - 'IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx).' + type: str + mac: + description: + - 'MAC address portion of the pair (format: xx:xx:xx:xx:xx:xx in hexidecimal).' + type: str + name: + description: + - Name of the pair (optional). + type: str + seq_num: + description: + - Entry number. + type: int + status: + description: + - Enable/disable this IP-mac binding pair. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP to MAC address pairs in the IP/MAC binding table. + fortios_firewall_ipmacbinding_table: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ipmacbinding_table: + ip: "" + mac: "" + name: "default_name_5" + seq_num: "6" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ipmacbinding_table_data(json): + option_list = ['ip', 'mac', 'name', + 'seq_num', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ipmacbinding_table(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ipmacbinding_table'] and data['firewall_ipmacbinding_table']['state']: + state = data['firewall_ipmacbinding_table']['state'] + else: + state = True + firewall_ipmacbinding_table_data = data['firewall_ipmacbinding_table'] + filtered_data = underscore_to_hyphen(filter_firewall_ipmacbinding_table_data(firewall_ipmacbinding_table_data)) + + if state == "present": + return fos.set('firewall.ipmacbinding', + 'table', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.ipmacbinding', + 'table', + mkey=filtered_data['seq-num'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_ipmacbinding(data, fos): + + if data['firewall_ipmacbinding_table']: + resp = firewall_ipmacbinding_table(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ipmacbinding_table')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'seq-num' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ipmacbinding_table": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ip": {"required": False, "type": "str"}, + "mac": {"required": False, "type": "str"}, + "name": {"required": False, "type": "str"}, + "seq_num": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool.py new file mode 100644 index 00000000..d10c4775 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool.py @@ -0,0 +1,403 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ippool +short_description: Configure IPv4 IP pools in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ippool category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ippool: + description: + - Configure IPv4 IP pools. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + arp_intf: + description: + - Select an interface from available options that will reply to ARP requests. (If blank, any is selected). Source system.interface.name. + type: str + arp_reply: + description: + - Enable/disable replying to ARP requests when an IP Pool is added to a policy . + type: str + choices: + - disable + - enable + associated_interface: + description: + - Associated interface name. Source system.interface.name. + type: str + block_size: + description: + - Number of addresses in a block (64 to 4096). + type: int + comments: + description: + - Comment. + type: str + endip: + description: + - 'Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx).' + type: str + name: + description: + - IP pool name. + required: true + type: str + num_blocks_per_user: + description: + - Number of addresses blocks that can be used by a user (1 to 128). + type: int + pba_timeout: + description: + - Port block allocation timeout (seconds). + type: int + permit_any_host: + description: + - Enable/disable full cone NAT. + type: str + choices: + - disable + - enable + source_endip: + description: + - 'Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx).' + type: str + source_startip: + description: + - ' First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx).' + type: str + startip: + description: + - 'First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx).' + type: str + type: + description: + - IP pool type (overload, one-to-one, fixed port range, or port block allocation). + type: str + choices: + - overload + - one-to-one + - fixed-port-range + - port-block-allocation +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 IP pools. + fortios_firewall_ippool: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ippool: + arp_intf: " (source system.interface.name)" + arp_reply: "disable" + associated_interface: " (source system.interface.name)" + block_size: "6" + comments: "" + endip: "" + name: "default_name_9" + num_blocks_per_user: "10" + pba_timeout: "11" + permit_any_host: "disable" + source_endip: "" + source_startip: "" + startip: "" + type: "overload" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ippool_data(json): + option_list = ['arp_intf', 'arp_reply', 'associated_interface', + 'block_size', 'comments', 'endip', + 'name', 'num_blocks_per_user', 'pba_timeout', + 'permit_any_host', 'source_endip', 'source_startip', + 'startip', 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ippool(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ippool'] and data['firewall_ippool']['state']: + state = data['firewall_ippool']['state'] + else: + state = True + firewall_ippool_data = data['firewall_ippool'] + filtered_data = underscore_to_hyphen(filter_firewall_ippool_data(firewall_ippool_data)) + + if state == "present": + return fos.set('firewall', + 'ippool', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'ippool', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ippool']: + resp = firewall_ippool(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ippool')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ippool": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "arp_intf": {"required": False, "type": "str"}, + "arp_reply": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "associated_interface": {"required": False, "type": "str"}, + "block_size": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "endip": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "num_blocks_per_user": {"required": False, "type": "int"}, + "pba_timeout": {"required": False, "type": "int"}, + "permit_any_host": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "source_endip": {"required": False, "type": "str"}, + "source_startip": {"required": False, "type": "str"}, + "startip": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["overload", + "one-to-one", + "fixed-port-range", + "port-block-allocation"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool6.py new file mode 100644 index 00000000..3042540f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ippool6.py @@ -0,0 +1,321 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ippool6 +short_description: Configure IPv6 IP pools in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ippool6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ippool6: + description: + - Configure IPv6 IP pools. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comments: + description: + - Comment. + type: str + endip: + description: + - 'Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).' + type: str + name: + description: + - IPv6 IP pool name. + required: true + type: str + startip: + description: + - 'First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 IP pools. + fortios_firewall_ippool6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ippool6: + comments: "" + endip: "" + name: "default_name_5" + startip: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ippool6_data(json): + option_list = ['comments', 'endip', 'name', + 'startip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ippool6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ippool6'] and data['firewall_ippool6']['state']: + state = data['firewall_ippool6']['state'] + else: + state = True + firewall_ippool6_data = data['firewall_ippool6'] + filtered_data = underscore_to_hyphen(filter_firewall_ippool6_data(firewall_ippool6_data)) + + if state == "present": + return fos.set('firewall', + 'ippool6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'ippool6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ippool6']: + resp = firewall_ippool6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ippool6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ippool6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comments": {"required": False, "type": "str"}, + "endip": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "startip": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipv6_eh_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipv6_eh_filter.py new file mode 100644 index 00000000..79cb0ffd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ipv6_eh_filter.py @@ -0,0 +1,332 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ipv6_eh_filter +short_description: Configure IPv6 extension header filter in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ipv6_eh_filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + firewall_ipv6_eh_filter: + description: + - Configure IPv6 extension header filter. + default: null + type: dict + suboptions: + auth: + description: + - Enable/disable blocking packets with the Authentication header . + type: str + choices: + - enable + - disable + dest_opt: + description: + - Enable/disable blocking packets with Destination Options headers . + type: str + choices: + - enable + - disable + fragment: + description: + - Enable/disable blocking packets with the Fragment header . + type: str + choices: + - enable + - disable + hdopt_type: + description: + - Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255). + type: int + hop_opt: + description: + - Enable/disable blocking packets with the Hop-by-Hop Options header . + type: str + choices: + - enable + - disable + no_next: + description: + - Enable/disable blocking packets with the No Next header + type: str + choices: + - enable + - disable + routing: + description: + - Enable/disable blocking packets with Routing headers . + type: str + choices: + - enable + - disable + routing_type: + description: + - Block specific Routing header types (max. 7 types, each between 0 and 255). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 extension header filter. + fortios_firewall_ipv6_eh_filter: + vdom: "{{ vdom }}" + firewall_ipv6_eh_filter: + auth: "enable" + dest_opt: "enable" + fragment: "enable" + hdopt_type: "6" + hop_opt: "enable" + no_next: "enable" + routing: "enable" + routing_type: "10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ipv6_eh_filter_data(json): + option_list = ['auth', 'dest_opt', 'fragment', + 'hdopt_type', 'hop_opt', 'no_next', + 'routing', 'routing_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ipv6_eh_filter(data, fos): + vdom = data['vdom'] + firewall_ipv6_eh_filter_data = data['firewall_ipv6_eh_filter'] + filtered_data = underscore_to_hyphen(filter_firewall_ipv6_eh_filter_data(firewall_ipv6_eh_filter_data)) + + return fos.set('firewall', + 'ipv6-eh-filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ipv6_eh_filter']: + resp = firewall_ipv6_eh_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ipv6_eh_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "firewall_ipv6_eh_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dest_opt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fragment": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "hdopt_type": {"required": False, "type": "int"}, + "hop_opt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "no_next": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "routing_type": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ldb_monitor.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ldb_monitor.py new file mode 100644 index 00000000..efcbf9e9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ldb_monitor.py @@ -0,0 +1,361 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ldb_monitor +short_description: Configure server load balancing health monitors in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ldb_monitor category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ldb_monitor: + description: + - Configure server load balancing health monitors. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + http_get: + description: + - URL used to send a GET request to check the health of an HTTP server. + type: str + http_match: + description: + - String to match the value expected in response to an HTTP-GET request. + type: str + http_max_redirects: + description: + - The maximum number of HTTP redirects to be allowed (0 - 5). + type: int + interval: + description: + - Time between health checks (5 - 65635 sec). + type: int + name: + description: + - Monitor name. + required: true + type: str + port: + description: + - Service port used to perform the health check. If 0, health check monitor inherits port configured for the server (0 - 65635). + type: int + retry: + description: + - Number health check attempts before the server is considered down (1 - 255). + type: int + timeout: + description: + - Time to wait to receive response to a health check from a server. Reaching the timeout means the health check failed (1 - 255 sec). + type: int + type: + description: + - Select the Monitor type used by the health check monitor to check the health of the server (PING | TCP | HTTP). + type: str + choices: + - ping + - tcp + - http + - passive-sip +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure server load balancing health monitors. + fortios_firewall_ldb_monitor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ldb_monitor: + http_get: "" + http_match: "" + http_max_redirects: "5" + interval: "6" + name: "default_name_7" + port: "8" + retry: "9" + timeout: "10" + type: "ping" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ldb_monitor_data(json): + option_list = ['http_get', 'http_match', 'http_max_redirects', + 'interval', 'name', 'port', + 'retry', 'timeout', 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ldb_monitor(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ldb_monitor'] and data['firewall_ldb_monitor']['state']: + state = data['firewall_ldb_monitor']['state'] + else: + state = True + firewall_ldb_monitor_data = data['firewall_ldb_monitor'] + filtered_data = underscore_to_hyphen(filter_firewall_ldb_monitor_data(firewall_ldb_monitor_data)) + + if state == "present": + return fos.set('firewall', + 'ldb-monitor', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'ldb-monitor', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ldb_monitor']: + resp = firewall_ldb_monitor(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ldb_monitor')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ldb_monitor": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "http_get": {"required": False, "type": "str"}, + "http_match": {"required": False, "type": "str"}, + "http_max_redirects": {"required": False, "type": "int"}, + "interval": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "retry": {"required": False, "type": "int"}, + "timeout": {"required": False, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["ping", + "tcp", + "http", + "passive-sip"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy.py new file mode 100644 index 00000000..60e945cc --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy.py @@ -0,0 +1,408 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_local_in_policy +short_description: Configure user defined IPv4 local-in policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and local_in_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_local_in_policy: + description: + - Configure user defined IPv4 local-in policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Action performed on traffic matching the policy . + type: str + choices: + - accept + - deny + comments: + description: + - Comment. + type: str + dstaddr: + description: + - Destination address object from available options. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + ha_mgmt_intf_only: + description: + - Enable/disable dedicating the HA management interface only for local-in policy. + type: str + choices: + - enable + - disable + intf: + description: + - Incoming interface name from available options. Source system.zone.name system.interface.name. + type: str + policyid: + description: + - User defined local in policy ID. + required: true + type: int + schedule: + description: + - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group + .name. + type: str + service: + description: + - Service object from available options. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source address object from available options. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + status: + description: + - Enable/disable this local-in policy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user defined IPv4 local-in policies. + fortios_firewall_local_in_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_local_in_policy: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.address.name firewall.addrgrp.name)" + ha_mgmt_intf_only: "enable" + intf: " (source system.zone.name system.interface.name)" + policyid: "9" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_local_in_policy_data(json): + option_list = ['action', 'comments', 'dstaddr', + 'ha_mgmt_intf_only', 'intf', 'policyid', + 'schedule', 'service', 'srcaddr', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_local_in_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_local_in_policy'] and data['firewall_local_in_policy']['state']: + state = data['firewall_local_in_policy']['state'] + else: + state = True + firewall_local_in_policy_data = data['firewall_local_in_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_local_in_policy_data(firewall_local_in_policy_data)) + + if state == "present": + return fos.set('firewall', + 'local-in-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'local-in-policy', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_local_in_policy']: + resp = firewall_local_in_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_local_in_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_local_in_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "comments": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ha_mgmt_intf_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "intf": {"required": False, "type": "str"}, + "policyid": {"required": True, "type": "int"}, + "schedule": {"required": False, "type": "str"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy6.py new file mode 100644 index 00000000..22179546 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_local_in_policy6.py @@ -0,0 +1,396 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_local_in_policy6 +short_description: Configure user defined IPv6 local-in policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and local_in_policy6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_local_in_policy6: + description: + - Configure user defined IPv6 local-in policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Action performed on traffic matching the policy . + type: str + choices: + - accept + - deny + comments: + description: + - Comment. + type: str + dstaddr: + description: + - Destination address object from available options. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + intf: + description: + - Incoming interface name from available options. Source system.zone.name system.interface.name. + type: str + policyid: + description: + - User defined local in policy ID. + required: true + type: int + schedule: + description: + - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group + .name. + type: str + service: + description: + - Service object from available options. Separate names with a space. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source address object from available options. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + status: + description: + - Enable/disable this local-in policy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user defined IPv6 local-in policies. + fortios_firewall_local_in_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_local_in_policy6: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)" + intf: " (source system.zone.name system.interface.name)" + policyid: "8" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_11 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_local_in_policy6_data(json): + option_list = ['action', 'comments', 'dstaddr', + 'intf', 'policyid', 'schedule', + 'service', 'srcaddr', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_local_in_policy6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_local_in_policy6'] and data['firewall_local_in_policy6']['state']: + state = data['firewall_local_in_policy6']['state'] + else: + state = True + firewall_local_in_policy6_data = data['firewall_local_in_policy6'] + filtered_data = underscore_to_hyphen(filter_firewall_local_in_policy6_data(firewall_local_in_policy6_data)) + + if state == "present": + return fos.set('firewall', + 'local-in-policy6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'local-in-policy6', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_local_in_policy6']: + resp = firewall_local_in_policy6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_local_in_policy6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_local_in_policy6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "comments": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "intf": {"required": False, "type": "str"}, + "policyid": {"required": True, "type": "int"}, + "schedule": {"required": False, "type": "str"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address.py new file mode 100644 index 00000000..f7e34465 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address.py @@ -0,0 +1,404 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_multicast_address +short_description: Configure multicast addresses in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and multicast_address category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_multicast_address: + description: + - Configure multicast addresses. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + associated_interface: + description: + - Interface associated with the address object. When setting up a policy, only addresses associated with this interface are available. + Source system.interface.name. + type: str + color: + description: + - Integer value to determine the color of the icon in the GUI (1 - 32). + type: int + comment: + description: + - Comment. + type: str + end_ip: + description: + - Final IPv4 address (inclusive) in the range for the address. + type: str + name: + description: + - Multicast address name. + required: true + type: str + start_ip: + description: + - First IPv4 address (inclusive) in the range for the address. + type: str + subnet: + description: + - Broadcast address and subnet. + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + type: + description: + - 'Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address.' + type: str + choices: + - multicastrange + - broadcastmask + visibility: + description: + - Enable/disable visibility of the multicast address on the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure multicast addresses. + fortios_firewall_multicast_address: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_address: + associated_interface: " (source system.interface.name)" + color: "4" + comment: "Comment." + end_ip: "" + name: "default_name_7" + start_ip: "" + subnet: "" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_12" + tags: + - + name: "default_name_14 (source system.object-tagging.tags.name)" + type: "multicastrange" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_multicast_address_data(json): + option_list = ['associated_interface', 'color', 'comment', + 'end_ip', 'name', 'start_ip', + 'subnet', 'tagging', 'type', + 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_multicast_address(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_multicast_address'] and data['firewall_multicast_address']['state']: + state = data['firewall_multicast_address']['state'] + else: + state = True + firewall_multicast_address_data = data['firewall_multicast_address'] + filtered_data = underscore_to_hyphen(filter_firewall_multicast_address_data(firewall_multicast_address_data)) + + if state == "present": + return fos.set('firewall', + 'multicast-address', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'multicast-address', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_multicast_address']: + resp = firewall_multicast_address(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_multicast_address')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_multicast_address": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "associated_interface": {"required": False, "type": "str"}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "end_ip": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "start_ip": {"required": False, "type": "str"}, + "subnet": {"required": False, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "type": {"required": False, "type": "str", + "choices": ["multicastrange", + "broadcastmask"]}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address6.py new file mode 100644 index 00000000..5f77b93f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_address6.py @@ -0,0 +1,372 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_multicast_address6 +short_description: Configure IPv6 multicast address in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and multicast_address6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_multicast_address6: + description: + - Configure IPv6 multicast address. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + ip6: + description: + - 'IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx).' + type: str + name: + description: + - IPv6 multicast address name. + required: true + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + visibility: + description: + - Enable/disable visibility of the IPv6 multicast address on the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 multicast address. + fortios_firewall_multicast_address6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_address6: + color: "3" + comment: "Comment." + ip6: "" + name: "default_name_6" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_9" + tags: + - + name: "default_name_11 (source system.object-tagging.tags.name)" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_multicast_address6_data(json): + option_list = ['color', 'comment', 'ip6', + 'name', 'tagging', 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_multicast_address6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_multicast_address6'] and data['firewall_multicast_address6']['state']: + state = data['firewall_multicast_address6']['state'] + else: + state = True + firewall_multicast_address6_data = data['firewall_multicast_address6'] + filtered_data = underscore_to_hyphen(filter_firewall_multicast_address6_data(firewall_multicast_address6_data)) + + if state == "present": + return fos.set('firewall', + 'multicast-address6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'multicast-address6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_multicast_address6']: + resp = firewall_multicast_address6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_multicast_address6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_multicast_address6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "ip6": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy.py new file mode 100644 index 00000000..2f7e2c81 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy.py @@ -0,0 +1,426 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_multicast_policy +short_description: Configure multicast NAT policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and multicast_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_multicast_policy: + description: + - Configure multicast NAT policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Accept or deny traffic matching the policy. + type: str + choices: + - accept + - deny + dnat: + description: + - IPv4 DNAT address used for multicast destination addresses. + type: str + dstaddr: + description: + - Destination address objects. + type: list + suboptions: + name: + description: + - Destination address objects. Source firewall.multicast-address.name. + required: true + type: str + dstintf: + description: + - Destination interface name. Source system.interface.name system.zone.name. + type: str + end_port: + description: + - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). + type: int + id: + description: + - Policy ID. + required: true + type: int + logtraffic: + description: + - Enable/disable logging traffic accepted by this policy. + type: str + choices: + - enable + - disable + protocol: + description: + - Integer value for the protocol type as defined by IANA (0 - 255). + type: int + snat: + description: + - Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT). + type: str + choices: + - enable + - disable + snat_ip: + description: + - IPv4 address to be used as the source address for NATed traffic. + type: str + srcaddr: + description: + - Source address objects. + type: list + suboptions: + name: + description: + - Source address objects. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + srcintf: + description: + - Source interface name. Source system.interface.name system.zone.name. + type: str + start_port: + description: + - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). + type: int + status: + description: + - Enable/disable this policy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure multicast NAT policies. + fortios_firewall_multicast_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_policy: + action: "accept" + dnat: "" + dstaddr: + - + name: "default_name_6 (source firewall.multicast-address.name)" + dstintf: " (source system.interface.name system.zone.name)" + end_port: "8" + id: "9" + logtraffic: "enable" + protocol: "11" + snat: "enable" + snat_ip: "" + srcaddr: + - + name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)" + srcintf: " (source system.interface.name system.zone.name)" + start_port: "17" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_multicast_policy_data(json): + option_list = ['action', 'dnat', 'dstaddr', + 'dstintf', 'end_port', 'id', + 'logtraffic', 'protocol', 'snat', + 'snat_ip', 'srcaddr', 'srcintf', + 'start_port', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_multicast_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_multicast_policy'] and data['firewall_multicast_policy']['state']: + state = data['firewall_multicast_policy']['state'] + else: + state = True + firewall_multicast_policy_data = data['firewall_multicast_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_multicast_policy_data(firewall_multicast_policy_data)) + + if state == "present": + return fos.set('firewall', + 'multicast-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'multicast-policy', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_multicast_policy']: + resp = firewall_multicast_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_multicast_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_multicast_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "dnat": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstintf": {"required": False, "type": "str"}, + "end_port": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "logtraffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "protocol": {"required": False, "type": "int"}, + "snat": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "snat_ip": {"required": False, "type": "str"}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcintf": {"required": False, "type": "str"}, + "start_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy6.py new file mode 100644 index 00000000..3ec0000a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_multicast_policy6.py @@ -0,0 +1,402 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_multicast_policy6 +short_description: Configure IPv6 multicast NAT policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and multicast_policy6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_multicast_policy6: + description: + - Configure IPv6 multicast NAT policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Accept or deny traffic matching the policy. + type: str + choices: + - accept + - deny + dstaddr: + description: + - IPv6 destination address name. + type: list + suboptions: + name: + description: + - Address name. Source firewall.multicast-address6.name. + required: true + type: str + dstintf: + description: + - IPv6 destination interface name. Source system.interface.name system.zone.name. + type: str + end_port: + description: + - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). + type: int + id: + description: + - Policy ID. + required: true + type: int + logtraffic: + description: + - Enable/disable logging traffic accepted by this policy. + type: str + choices: + - enable + - disable + protocol: + description: + - Integer value for the protocol type as defined by IANA (0 - 255). + type: int + srcaddr: + description: + - IPv6 source address name. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + srcintf: + description: + - IPv6 source interface name. Source system.interface.name system.zone.name. + type: str + start_port: + description: + - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). + type: int + status: + description: + - Enable/disable this policy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 multicast NAT policies. + fortios_firewall_multicast_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_multicast_policy6: + action: "accept" + dstaddr: + - + name: "default_name_5 (source firewall.multicast-address6.name)" + dstintf: " (source system.interface.name system.zone.name)" + end_port: "7" + id: "8" + logtraffic: "enable" + protocol: "10" + srcaddr: + - + name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)" + srcintf: " (source system.interface.name system.zone.name)" + start_port: "14" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_multicast_policy6_data(json): + option_list = ['action', 'dstaddr', 'dstintf', + 'end_port', 'id', 'logtraffic', + 'protocol', 'srcaddr', 'srcintf', + 'start_port', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_multicast_policy6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_multicast_policy6'] and data['firewall_multicast_policy6']['state']: + state = data['firewall_multicast_policy6']['state'] + else: + state = True + firewall_multicast_policy6_data = data['firewall_multicast_policy6'] + filtered_data = underscore_to_hyphen(filter_firewall_multicast_policy6_data(firewall_multicast_policy6_data)) + + if state == "present": + return fos.set('firewall', + 'multicast-policy6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'multicast-policy6', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_multicast_policy6']: + resp = firewall_multicast_policy6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_multicast_policy6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_multicast_policy6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstintf": {"required": False, "type": "str"}, + "end_port": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "logtraffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "protocol": {"required": False, "type": "int"}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcintf": {"required": False, "type": "str"}, + "start_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy.py new file mode 100644 index 00000000..818b373b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy.py @@ -0,0 +1,1617 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_policy +short_description: Configure IPv4 policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + - Adjust object order by moving self after(before) another. + - Only one of [after, before] must be specified when action is moving an object. + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + action: + description: + - the action indiactor to move an object in the list + type: str + choices: + - move + self: + description: + - mkey of self identifier + type: str + after: + description: + - mkey of target identifier + type: str + before: + description: + - mkey of target identifier + type: str + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_policy: + description: + - Configure IPv4 policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Policy action (allow/deny/ipsec). + type: str + choices: + - accept + - deny + - ipsec + app_category: + description: + - Application category ID list. + type: list + suboptions: + id: + description: + - Category IDs. + required: true + type: int + app_group: + description: + - Application group names. + type: list + suboptions: + name: + description: + - Application group names. Source application.group.name. + required: true + type: str + application: + description: + - Application ID list. + type: list + suboptions: + id: + description: + - Application IDs. + required: true + type: int + application_list: + description: + - Name of an existing Application list. Source application.list.name. + type: str + auth_cert: + description: + - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. + type: str + auth_path: + description: + - Enable/disable authentication-based routing. + type: str + choices: + - enable + - disable + auth_redirect_addr: + description: + - HTTP-to-HTTPS redirect address for firewall authentication. + type: str + av_profile: + description: + - Name of an existing Antivirus profile. Source antivirus.profile.name. + type: str + block_notification: + description: + - Enable/disable block notification. + type: str + choices: + - enable + - disable + captive_portal_exempt: + description: + - Enable to exempt some users from the captive portal. + type: str + choices: + - enable + - disable + capture_packet: + description: + - Enable/disable capture packets. + type: str + choices: + - enable + - disable + comments: + description: + - Comment. + type: str + custom_log_fields: + description: + - Custom fields to append to log messages for this policy. + type: list + suboptions: + field_id: + description: + - Custom log field. Source log.custom-field.id. + type: str + delay_tcp_npu_session: + description: + - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. + type: str + choices: + - enable + - disable + devices: + description: + - Names of devices or device groups that can be matched by the policy. + type: list + suboptions: + name: + description: + - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. + required: true + type: str + diffserv_forward: + description: + - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. + type: str + choices: + - enable + - disable + diffserv_reverse: + description: + - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. + type: str + choices: + - enable + - disable + diffservcode_forward: + description: + - Change packet"s DiffServ to this value. + type: str + diffservcode_rev: + description: + - Change packet"s reverse (reply) DiffServ to this value. + type: str + disclaimer: + description: + - Enable/disable user authentication disclaimer. + type: str + choices: + - enable + - disable + dlp_sensor: + description: + - Name of an existing DLP sensor. Source dlp.sensor.name. + type: str + dnsfilter_profile: + description: + - Name of an existing DNS filter profile. Source dnsfilter.profile.name. + type: str + dscp_match: + description: + - Enable DSCP check. + type: str + choices: + - enable + - disable + dscp_negate: + description: + - Enable negated DSCP match. + type: str + choices: + - enable + - disable + dscp_value: + description: + - DSCP value. + type: str + dsri: + description: + - Enable DSRI to ignore HTTP server responses. + type: str + choices: + - enable + - disable + dstaddr: + description: + - Destination address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name. + required: true + type: str + dstaddr_negate: + description: + - When enabled dstaddr specifies what the destination address must NOT be. + type: str + choices: + - enable + - disable + dstintf: + description: + - Outgoing (egress) interface. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + firewall_session_dirty: + description: + - How to handle sessions if the configuration of this firewall policy changes. + type: str + choices: + - check-all + - check-new + fixedport: + description: + - Enable to prevent source NAT from changing a session"s source port. + type: str + choices: + - enable + - disable + fsso: + description: + - Enable/disable Fortinet Single Sign-On. + type: str + choices: + - enable + - disable + fsso_agent_for_ntlm: + description: + - FSSO agent to use for NTLM authentication. Source user.fsso.name. + type: str + global_label: + description: + - Label for the policy that appears when the GUI is in Global View mode. + type: str + groups: + description: + - Names of user groups that can authenticate with this policy. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + icap_profile: + description: + - Name of an existing ICAP profile. Source icap.profile.name. + type: str + identity_based_route: + description: + - Name of identity-based routing rule. Source firewall.identity-based-route.name. + type: str + inbound: + description: + - 'Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.' + type: str + choices: + - enable + - disable + internet_service: + description: + - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. + type: str + choices: + - enable + - disable + internet_service_custom: + description: + - Custom Internet Service name. + type: list + suboptions: + name: + description: + - Custom Internet Service name. Source firewall.internet-service-custom.name. + required: true + type: str + internet_service_id: + description: + - Internet Service ID. + type: list + suboptions: + id: + description: + - Internet Service ID. Source firewall.internet-service.id. + required: true + type: int + internet_service_negate: + description: + - When enabled internet-service specifies what the service must NOT be. + type: str + choices: + - enable + - disable + internet_service_src: + description: + - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. + type: str + choices: + - enable + - disable + internet_service_src_custom: + description: + - Custom Internet Service source name. + type: list + suboptions: + name: + description: + - Custom Internet Service name. Source firewall.internet-service-custom.name. + required: true + type: str + internet_service_src_id: + description: + - Internet Service source ID. + type: list + suboptions: + id: + description: + - Internet Service ID. Source firewall.internet-service.id. + required: true + type: int + internet_service_src_negate: + description: + - When enabled internet-service-src specifies what the service must NOT be. + type: str + choices: + - enable + - disable + ippool: + description: + - Enable to use IP Pools for source NAT. + type: str + choices: + - enable + - disable + ips_sensor: + description: + - Name of an existing IPS sensor. Source ips.sensor.name. + type: str + label: + description: + - Label for the policy that appears when the GUI is in Section View mode. + type: str + learning_mode: + description: + - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. + type: str + choices: + - enable + - disable + logtraffic: + description: + - Enable or disable logging. Log all sessions or security profile sessions. + type: str + choices: + - all + - utm + - disable + logtraffic_start: + description: + - Record logs when a session starts and ends. + type: str + choices: + - enable + - disable + match_vip: + description: + - Enable to match packets that have had their destination addresses changed by a VIP. + type: str + choices: + - enable + - disable + name: + description: + - Policy name. + type: str + nat: + description: + - Enable/disable source NAT. + type: str + choices: + - enable + - disable + natinbound: + description: + - 'Policy-based IPsec VPN: apply destination NAT to inbound traffic.' + type: str + choices: + - enable + - disable + natip: + description: + - 'Policy-based IPsec VPN: source NAT IP address for outgoing traffic.' + type: str + natoutbound: + description: + - 'Policy-based IPsec VPN: apply source NAT to outbound traffic.' + type: str + choices: + - enable + - disable + ntlm: + description: + - Enable/disable NTLM authentication. + type: str + choices: + - enable + - disable + ntlm_enabled_browsers: + description: + - HTTP-User-Agent value of supported browsers. + type: list + suboptions: + user_agent_string: + description: + - User agent string. + type: str + ntlm_guest: + description: + - Enable/disable NTLM guest user access. + type: str + choices: + - enable + - disable + outbound: + description: + - 'Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.' + type: str + choices: + - enable + - disable + per_ip_shaper: + description: + - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. + type: str + permit_any_host: + description: + - Accept UDP packets from any host. + type: str + choices: + - enable + - disable + permit_stun_host: + description: + - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. + type: str + choices: + - enable + - disable + policyid: + description: + - Policy ID. + required: true + type: int + poolname: + description: + - IP Pool names. + type: list + suboptions: + name: + description: + - IP pool name. Source firewall.ippool.name. + required: true + type: str + profile_group: + description: + - Name of profile group. Source firewall.profile-group.name. + type: str + profile_protocol_options: + description: + - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. + type: str + profile_type: + description: + - Determine whether the firewall policy allows security profile groups or single profiles only. + type: str + choices: + - single + - group + radius_mac_auth_bypass: + description: + - Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server. + type: str + choices: + - enable + - disable + redirect_url: + description: + - URL users are directed to after seeing and accepting the disclaimer or authenticating. + type: str + replacemsg_override_group: + description: + - Override the default replacement message group for this policy. Source system.replacemsg-group.name. + type: str + rsso: + description: + - Enable/disable RADIUS single sign-on (RSSO). + type: str + choices: + - enable + - disable + rtp_addr: + description: + - Address names if this is an RTP NAT policy. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + rtp_nat: + description: + - Enable Real Time Protocol (RTP) NAT. + type: str + choices: + - disable + - enable + scan_botnet_connections: + description: + - Block or monitor connections to Botnet servers or disable Botnet scanning. + type: str + choices: + - disable + - block + - monitor + schedule: + description: + - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. + type: str + schedule_timeout: + description: + - Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity. + type: str + choices: + - enable + - disable + send_deny_packet: + description: + - Enable to send a reply when a session is denied or blocked by a firewall policy. + type: str + choices: + - disable + - enable + service: + description: + - Service and service group names. + type: list + suboptions: + name: + description: + - Service and service group names. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + service_negate: + description: + - When enabled service specifies what the service must NOT be. + type: str + choices: + - enable + - disable + session_ttl: + description: + - TTL in seconds for sessions accepted by this policy (0 means use the system ). + type: int + spamfilter_profile: + description: + - Name of an existing Spam filter profile. Source spamfilter.profile.name. + type: str + srcaddr: + description: + - Source address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + srcaddr_negate: + description: + - When enabled srcaddr specifies what the source address must NOT be. + type: str + choices: + - enable + - disable + srcintf: + description: + - Incoming (ingress) interface. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + ssh_filter_profile: + description: + - Name of an existing SSH filter profile. Source ssh-filter.profile.name. + type: str + ssl_mirror: + description: + - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). + type: str + choices: + - enable + - disable + ssl_mirror_intf: + description: + - SSL mirror interface name. + type: list + suboptions: + name: + description: + - Mirror Interface name. Source system.interface.name system.zone.name. + required: true + type: str + ssl_ssh_profile: + description: + - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. + type: str + status: + description: + - Enable or disable this policy. + type: str + choices: + - enable + - disable + tcp_mss_receiver: + description: + - Receiver TCP maximum segment size (MSS). + type: int + tcp_mss_sender: + description: + - Sender TCP maximum segment size (MSS). + type: int + tcp_session_without_syn: + description: + - Enable/disable creation of TCP session without SYN flag. + type: str + choices: + - all + - data-only + - disable + timeout_send_rst: + description: + - Enable/disable sending RST packets when TCP sessions expire. + type: str + choices: + - enable + - disable + traffic_shaper: + description: + - Traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + traffic_shaper_reverse: + description: + - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + url_category: + description: + - URL category ID list. + type: list + suboptions: + id: + description: + - URL category ID. + required: true + type: int + users: + description: + - Names of individual users that can authenticate with this policy. + type: list + suboptions: + name: + description: + - Names of individual users that can authenticate with this policy. Source user.local.name. + required: true + type: str + utm_status: + description: + - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. + type: str + choices: + - enable + - disable + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + vlan_cos_fwd: + description: + - 'VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.' + type: int + vlan_cos_rev: + description: + - 'VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest..' + type: int + vlan_filter: + description: + - Set VLAN filters. + type: str + voip_profile: + description: + - Name of an existing VoIP profile. Source voip.profile.name. + type: str + vpntunnel: + description: + - 'Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name.' + type: str + waf_profile: + description: + - Name of an existing Web application firewall profile. Source waf.profile.name. + type: str + wanopt: + description: + - Enable/disable WAN optimization. + type: str + choices: + - enable + - disable + wanopt_detection: + description: + - WAN optimization auto-detection mode. + type: str + choices: + - active + - passive + - off + wanopt_passive_opt: + description: + - WAN optimization passive mode options. This option decides what IP address will be used to connect server. + type: str + choices: + - default + - transparent + - non-transparent + wanopt_peer: + description: + - WAN optimization peer. Source wanopt.peer.peer-host-id. + type: str + wanopt_profile: + description: + - WAN optimization profile. Source wanopt.profile.name. + type: str + wccp: + description: + - Enable/disable forwarding traffic matching this policy to a configured WCCP server. + type: str + choices: + - enable + - disable + webcache: + description: + - Enable/disable web cache. + type: str + choices: + - enable + - disable + webcache_https: + description: + - Enable/disable web cache for HTTPS. + type: str + choices: + - disable + - enable + webfilter_profile: + description: + - Name of an existing Web filter profile. Source webfilter.profile.name. + type: str + wsso: + description: + - Enable/disable WiFi Single Sign On (WSSO). + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 policies. + fortios_firewall_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy: + action: "accept" + app_category: + - + id: "5" + app_group: + - + name: "default_name_7 (source application.group.name)" + application: + - + id: "9" + application_list: " (source application.list.name)" + auth_cert: " (source vpn.certificate.local.name)" + auth_path: "enable" + auth_redirect_addr: "" + av_profile: " (source antivirus.profile.name)" + block_notification: "enable" + captive_portal_exempt: "enable" + capture_packet: "enable" + comments: "" + custom_log_fields: + - + field_id: " (source log.custom-field.id)" + delay_tcp_npu_session: "enable" + devices: + - + name: "default_name_23 (source user.device.alias user.device-group.name user.device-category.name)" + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + disclaimer: "enable" + dlp_sensor: " (source dlp.sensor.name)" + dnsfilter_profile: " (source dnsfilter.profile.name)" + dscp_match: "enable" + dscp_negate: "enable" + dscp_value: "" + dsri: "enable" + dstaddr: + - + name: "default_name_36 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name)" + dstaddr_negate: "enable" + dstintf: + - + name: "default_name_39 (source system.interface.name system.zone.name)" + firewall_session_dirty: "check-all" + fixedport: "enable" + fsso: "enable" + fsso_agent_for_ntlm: " (source user.fsso.name)" + global_label: "" + groups: + - + name: "default_name_46 (source user.group.name)" + icap_profile: " (source icap.profile.name)" + identity_based_route: " (source firewall.identity-based-route.name)" + inbound: "enable" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_52 (source firewall.internet-service-custom.name)" + internet_service_id: + - + id: "54 (source firewall.internet-service.id)" + internet_service_negate: "enable" + internet_service_src: "enable" + internet_service_src_custom: + - + name: "default_name_58 (source firewall.internet-service-custom.name)" + internet_service_src_id: + - + id: "60 (source firewall.internet-service.id)" + internet_service_src_negate: "enable" + ippool: "enable" + ips_sensor: " (source ips.sensor.name)" + label: "" + learning_mode: "enable" + logtraffic: "all" + logtraffic_start: "enable" + match_vip: "enable" + name: "default_name_69" + nat: "enable" + natinbound: "enable" + natip: "" + natoutbound: "enable" + ntlm: "enable" + ntlm_enabled_browsers: + - + user_agent_string: "" + ntlm_guest: "enable" + outbound: "enable" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + permit_any_host: "enable" + permit_stun_host: "enable" + policyid: "82" + poolname: + - + name: "default_name_84 (source firewall.ippool.name)" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + radius_mac_auth_bypass: "enable" + redirect_url: "" + replacemsg_override_group: " (source system.replacemsg-group.name)" + rsso: "enable" + rtp_addr: + - + name: "default_name_93 (source firewall.address.name firewall.addrgrp.name)" + rtp_nat: "disable" + scan_botnet_connections: "disable" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + schedule_timeout: "enable" + send_deny_packet: "disable" + service: + - + name: "default_name_100 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + session_ttl: "102" + spamfilter_profile: " (source spamfilter.profile.name)" + srcaddr: + - + name: "default_name_105 (source firewall.address.name firewall.addrgrp.name)" + srcaddr_negate: "enable" + srcintf: + - + name: "default_name_108 (source system.interface.name system.zone.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssl_mirror: "enable" + ssl_mirror_intf: + - + name: "default_name_112 (source system.interface.name system.zone.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + tcp_mss_receiver: "115" + tcp_mss_sender: "116" + tcp_session_without_syn: "all" + timeout_send_rst: "enable" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + url_category: + - + id: "122" + users: + - + name: "default_name_124 (source user.local.name)" + utm_status: "enable" + uuid: "" + vlan_cos_fwd: "127" + vlan_cos_rev: "128" + vlan_filter: "" + voip_profile: " (source voip.profile.name)" + vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" + waf_profile: " (source waf.profile.name)" + wanopt: "enable" + wanopt_detection: "active" + wanopt_passive_opt: "default" + wanopt_peer: " (source wanopt.peer.peer-host-id)" + wanopt_profile: " (source wanopt.profile.name)" + wccp: "enable" + webcache: "enable" + webcache_https: "disable" + webfilter_profile: " (source webfilter.profile.name)" + wsso: "enable" + + - name: move firewall.policy + fortios_firewall_policy: + vdom: "root" + action: "move" + self: "" + after: "" + #before: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_policy_data(json): + option_list = ['action', 'app_category', 'app_group', + 'application', 'application_list', 'auth_cert', + 'auth_path', 'auth_redirect_addr', 'av_profile', + 'block_notification', 'captive_portal_exempt', 'capture_packet', + 'comments', 'custom_log_fields', 'delay_tcp_npu_session', + 'devices', 'diffserv_forward', 'diffserv_reverse', + 'diffservcode_forward', 'diffservcode_rev', 'disclaimer', + 'dlp_sensor', 'dnsfilter_profile', 'dscp_match', + 'dscp_negate', 'dscp_value', 'dsri', + 'dstaddr', 'dstaddr_negate', 'dstintf', + 'firewall_session_dirty', 'fixedport', 'fsso', + 'fsso_agent_for_ntlm', 'global_label', 'groups', + 'icap_profile', 'identity_based_route', 'inbound', + 'internet_service', 'internet_service_custom', 'internet_service_id', + 'internet_service_negate', 'internet_service_src', 'internet_service_src_custom', + 'internet_service_src_id', 'internet_service_src_negate', 'ippool', + 'ips_sensor', 'label', 'learning_mode', + 'logtraffic', 'logtraffic_start', 'match_vip', + 'name', 'nat', 'natinbound', + 'natip', 'natoutbound', 'ntlm', + 'ntlm_enabled_browsers', 'ntlm_guest', 'outbound', + 'per_ip_shaper', 'permit_any_host', 'permit_stun_host', + 'policyid', 'poolname', 'profile_group', + 'profile_protocol_options', 'profile_type', 'radius_mac_auth_bypass', + 'redirect_url', 'replacemsg_override_group', 'rsso', + 'rtp_addr', 'rtp_nat', 'scan_botnet_connections', + 'schedule', 'schedule_timeout', 'send_deny_packet', + 'service', 'service_negate', 'session_ttl', + 'spamfilter_profile', 'srcaddr', 'srcaddr_negate', + 'srcintf', 'ssh_filter_profile', 'ssl_mirror', + 'ssl_mirror_intf', 'ssl_ssh_profile', 'status', + 'tcp_mss_receiver', 'tcp_mss_sender', 'tcp_session_without_syn', + 'timeout_send_rst', 'traffic_shaper', 'traffic_shaper_reverse', + 'url_category', 'users', 'utm_status', + 'uuid', 'vlan_cos_fwd', 'vlan_cos_rev', + 'vlan_filter', 'voip_profile', 'vpntunnel', + 'waf_profile', 'wanopt', 'wanopt_detection', + 'wanopt_passive_opt', 'wanopt_peer', 'wanopt_profile', + 'wccp', 'webcache', 'webcache_https', + 'webfilter_profile', 'wsso'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_policy'] and data['firewall_policy']['state']: + state = data['firewall_policy']['state'] + else: + state = True + firewall_policy_data = data['firewall_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_policy_data(firewall_policy_data)) + + if state == "present": + return fos.set('firewall', + 'policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'policy', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def move_fortios_firewall(data, fos): + if not data['self'] or (not data['after'] and not data['before']): + fos._module.fail_json(msg='self, after(or before) must not be empty') + vdom = data['vdom'] + params_set = dict() + params_set['action'] = 'move' + if data['after']: + params_set['after'] = data['after'] + if data['before']: + params_set['before'] = data['before'] + return fos.set('firewall', + 'policy', + data=None, + mkey=data['self'], + vdom=vdom, + parameters=params_set) + + +def fortios_firewall(data, fos): + + if data['action'] == 'move': + resp = move_fortios_firewall(data, fos) + elif data['firewall_policy']: + resp = firewall_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "action": {"type": "str", "required": False, "choices": ["move"]}, + "self": {"type": "str", "required": False}, + "before": {"type": "str", "required": False}, + "after": {"type": "str", "required": False}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny", + "ipsec"]}, + "app_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "app_group": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "application": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "application_list": {"required": False, "type": "str"}, + "auth_cert": {"required": False, "type": "str"}, + "auth_path": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_redirect_addr": {"required": False, "type": "str"}, + "av_profile": {"required": False, "type": "str"}, + "block_notification": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "captive_portal_exempt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capture_packet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comments": {"required": False, "type": "str"}, + "custom_log_fields": {"required": False, "type": "list", + "options": { + "field_id": {"required": False, "type": "str"} + }}, + "delay_tcp_npu_session": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "devices": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "diffserv_forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "diffserv_reverse": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "diffservcode_forward": {"required": False, "type": "str"}, + "diffservcode_rev": {"required": False, "type": "str"}, + "disclaimer": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_sensor": {"required": False, "type": "str"}, + "dnsfilter_profile": {"required": False, "type": "str"}, + "dscp_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dscp_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dscp_value": {"required": False, "type": "str"}, + "dsri": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstaddr_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "firewall_session_dirty": {"required": False, "type": "str", + "choices": ["check-all", + "check-new"]}, + "fixedport": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fsso": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fsso_agent_for_ntlm": {"required": False, "type": "str"}, + "global_label": {"required": False, "type": "str"}, + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "icap_profile": {"required": False, "type": "str"}, + "identity_based_route": {"required": False, "type": "str"}, + "inbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service_custom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_id": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "internet_service_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service_src": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service_src_custom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_src_id": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "internet_service_src_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ippool": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ips_sensor": {"required": False, "type": "str"}, + "label": {"required": False, "type": "str"}, + "learning_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "logtraffic": {"required": False, "type": "str", + "choices": ["all", + "utm", + "disable"]}, + "logtraffic_start": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "match_vip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": False, "type": "str"}, + "nat": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "natinbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "natip": {"required": False, "type": "str"}, + "natoutbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ntlm": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ntlm_enabled_browsers": {"required": False, "type": "list", + "options": { + "user_agent_string": {"required": False, "type": "str"} + }}, + "ntlm_guest": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "outbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "per_ip_shaper": {"required": False, "type": "str"}, + "permit_any_host": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "permit_stun_host": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "policyid": {"required": True, "type": "int"}, + "poolname": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "profile_group": {"required": False, "type": "str"}, + "profile_protocol_options": {"required": False, "type": "str"}, + "profile_type": {"required": False, "type": "str", + "choices": ["single", + "group"]}, + "radius_mac_auth_bypass": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "redirect_url": {"required": False, "type": "str"}, + "replacemsg_override_group": {"required": False, "type": "str"}, + "rsso": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rtp_addr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "rtp_nat": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "scan_botnet_connections": {"required": False, "type": "str", + "choices": ["disable", + "block", + "monitor"]}, + "schedule": {"required": False, "type": "str"}, + "schedule_timeout": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "send_deny_packet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "service_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_ttl": {"required": False, "type": "int"}, + "spamfilter_profile": {"required": False, "type": "str"}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "srcintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ssh_filter_profile": {"required": False, "type": "str"}, + "ssl_mirror": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_mirror_intf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ssl_ssh_profile": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tcp_mss_receiver": {"required": False, "type": "int"}, + "tcp_mss_sender": {"required": False, "type": "int"}, + "tcp_session_without_syn": {"required": False, "type": "str", + "choices": ["all", + "data-only", + "disable"]}, + "timeout_send_rst": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "traffic_shaper": {"required": False, "type": "str"}, + "traffic_shaper_reverse": {"required": False, "type": "str"}, + "url_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "users": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "utm_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uuid": {"required": False, "type": "str"}, + "vlan_cos_fwd": {"required": False, "type": "int"}, + "vlan_cos_rev": {"required": False, "type": "int"}, + "vlan_filter": {"required": False, "type": "str"}, + "voip_profile": {"required": False, "type": "str"}, + "vpntunnel": {"required": False, "type": "str"}, + "waf_profile": {"required": False, "type": "str"}, + "wanopt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wanopt_detection": {"required": False, "type": "str", + "choices": ["active", + "passive", + "off"]}, + "wanopt_passive_opt": {"required": False, "type": "str", + "choices": ["default", + "transparent", + "non-transparent"]}, + "wanopt_peer": {"required": False, "type": "str"}, + "wanopt_profile": {"required": False, "type": "str"}, + "wccp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webcache": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webcache_https": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "webfilter_profile": {"required": False, "type": "str"}, + "wsso": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy46.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy46.py new file mode 100644 index 00000000..c8489e15 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy46.py @@ -0,0 +1,502 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_policy46 +short_description: Configure IPv4 to IPv6 policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and policy46 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_policy46: + description: + - Configure IPv4 to IPv6 policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Accept or deny traffic matching the policy. + type: str + choices: + - accept + - deny + comments: + description: + - Comment. + type: str + dstaddr: + description: + - Destination address objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.vip46.name firewall.vipgrp46.name. + required: true + type: str + dstintf: + description: + - Destination interface name. Source system.interface.name system.zone.name. + type: str + fixedport: + description: + - Enable/disable fixed port for this policy. + type: str + choices: + - enable + - disable + ippool: + description: + - Enable/disable use of IP Pools for source NAT. + type: str + choices: + - enable + - disable + logtraffic: + description: + - Enable/disable traffic logging for this policy. + type: str + choices: + - enable + - disable + per_ip_shaper: + description: + - Per IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. + type: str + permit_any_host: + description: + - Enable/disable allowing any host. + type: str + choices: + - enable + - disable + policyid: + description: + - Policy ID. + required: true + type: int + poolname: + description: + - IP Pool names. + type: list + suboptions: + name: + description: + - IP pool name. Source firewall.ippool6.name. + required: true + type: str + schedule: + description: + - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. + type: str + service: + description: + - Service name. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source address objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + srcintf: + description: + - Source interface name. Source system.zone.name system.interface.name. + type: str + status: + description: + - Enable/disable this policy. + type: str + choices: + - enable + - disable + tcp_mss_receiver: + description: + - TCP Maximum Segment Size value of receiver (0 - 65535) + type: int + tcp_mss_sender: + description: + - TCP Maximum Segment Size value of sender (0 - 65535). + type: int + traffic_shaper: + description: + - Traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + traffic_shaper_reverse: + description: + - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 to IPv6 policies. + fortios_firewall_policy46: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy46: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.vip46.name firewall.vipgrp46.name)" + dstintf: " (source system.interface.name system.zone.name)" + fixedport: "enable" + ippool: "enable" + logtraffic: "enable" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + permit_any_host: "enable" + policyid: "13" + poolname: + - + name: "default_name_15 (source firewall.ippool6.name)" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_18 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_20 (source firewall.address.name firewall.addrgrp.name)" + srcintf: " (source system.zone.name system.interface.name)" + status: "enable" + tcp_mss_receiver: "23" + tcp_mss_sender: "24" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_policy46_data(json): + option_list = ['action', 'comments', 'dstaddr', + 'dstintf', 'fixedport', 'ippool', + 'logtraffic', 'per_ip_shaper', 'permit_any_host', + 'policyid', 'poolname', 'schedule', + 'service', 'srcaddr', 'srcintf', + 'status', 'tcp_mss_receiver', 'tcp_mss_sender', + 'traffic_shaper', 'traffic_shaper_reverse', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_policy46(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_policy46'] and data['firewall_policy46']['state']: + state = data['firewall_policy46']['state'] + else: + state = True + firewall_policy46_data = data['firewall_policy46'] + filtered_data = underscore_to_hyphen(filter_firewall_policy46_data(firewall_policy46_data)) + + if state == "present": + return fos.set('firewall', + 'policy46', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'policy46', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_policy46']: + resp = firewall_policy46(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_policy46')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_policy46": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "comments": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstintf": {"required": False, "type": "str"}, + "fixedport": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ippool": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "logtraffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "per_ip_shaper": {"required": False, "type": "str"}, + "permit_any_host": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "policyid": {"required": True, "type": "int"}, + "poolname": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "schedule": {"required": False, "type": "str"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcintf": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tcp_mss_receiver": {"required": False, "type": "int"}, + "tcp_mss_sender": {"required": False, "type": "int"}, + "traffic_shaper": {"required": False, "type": "str"}, + "traffic_shaper_reverse": {"required": False, "type": "str"}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy6.py new file mode 100644 index 00000000..0292c2ae --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy6.py @@ -0,0 +1,1075 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_policy6 +short_description: Configure IPv6 policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and policy6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_policy6: + description: + - Configure IPv6 policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Policy action (allow/deny/ipsec). + type: str + choices: + - accept + - deny + - ipsec + app_category: + description: + - Application category ID list. + type: list + suboptions: + id: + description: + - Category IDs. + required: true + type: int + app_group: + description: + - Application group names. + type: list + suboptions: + name: + description: + - Application group names. Source application.group.name. + required: true + type: str + application: + description: + - Application ID list. + type: list + suboptions: + id: + description: + - Application IDs. + required: true + type: int + application_list: + description: + - Name of an existing Application list. Source application.list.name. + type: str + av_profile: + description: + - Name of an existing Antivirus profile. Source antivirus.profile.name. + type: str + comments: + description: + - Comment. + type: str + custom_log_fields: + description: + - Log field index numbers to append custom log fields to log messages for this policy. + type: list + suboptions: + field_id: + description: + - Custom log field. Source log.custom-field.id. + type: str + devices: + description: + - Names of devices or device groups that can be matched by the policy. + type: list + suboptions: + name: + description: + - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. + required: true + type: str + diffserv_forward: + description: + - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. + type: str + choices: + - enable + - disable + diffserv_reverse: + description: + - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. + type: str + choices: + - enable + - disable + diffservcode_forward: + description: + - Change packet"s DiffServ to this value. + type: str + diffservcode_rev: + description: + - Change packet"s reverse (reply) DiffServ to this value. + type: str + dlp_sensor: + description: + - Name of an existing DLP sensor. Source dlp.sensor.name. + type: str + dscp_match: + description: + - Enable DSCP check. + type: str + choices: + - enable + - disable + dscp_negate: + description: + - Enable negated DSCP match. + type: str + choices: + - enable + - disable + dscp_value: + description: + - DSCP value. + type: str + dsri: + description: + - Enable DSRI to ignore HTTP server responses. + type: str + choices: + - enable + - disable + dstaddr: + description: + - Destination address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name. + required: true + type: str + dstaddr_negate: + description: + - When enabled dstaddr specifies what the destination address must NOT be. + type: str + choices: + - enable + - disable + dstintf: + description: + - Outgoing (egress) interface. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + firewall_session_dirty: + description: + - How to handle sessions if the configuration of this firewall policy changes. + type: str + choices: + - check-all + - check-new + fixedport: + description: + - Enable to prevent source NAT from changing a session"s source port. + type: str + choices: + - enable + - disable + global_label: + description: + - Label for the policy that appears when the GUI is in Global View mode. + type: str + groups: + description: + - Names of user groups that can authenticate with this policy. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + icap_profile: + description: + - Name of an existing ICAP profile. Source icap.profile.name. + type: str + inbound: + description: + - 'Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.' + type: str + choices: + - enable + - disable + ippool: + description: + - Enable to use IP Pools for source NAT. + type: str + choices: + - enable + - disable + ips_sensor: + description: + - Name of an existing IPS sensor. Source ips.sensor.name. + type: str + label: + description: + - Label for the policy that appears when the GUI is in Section View mode. + type: str + logtraffic: + description: + - Enable or disable logging. Log all sessions or security profile sessions. + type: str + choices: + - all + - utm + - disable + logtraffic_start: + description: + - Record logs when a session starts and ends. + type: str + choices: + - enable + - disable + name: + description: + - Policy name. + type: str + nat: + description: + - Enable/disable source NAT. + type: str + choices: + - enable + - disable + natinbound: + description: + - 'Policy-based IPsec VPN: apply destination NAT to inbound traffic.' + type: str + choices: + - enable + - disable + natoutbound: + description: + - 'Policy-based IPsec VPN: apply source NAT to outbound traffic.' + type: str + choices: + - enable + - disable + outbound: + description: + - 'Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.' + type: str + choices: + - enable + - disable + per_ip_shaper: + description: + - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. + type: str + policyid: + description: + - Policy ID. + required: true + type: int + poolname: + description: + - IP Pool names. + type: list + suboptions: + name: + description: + - IP pool name. Source firewall.ippool6.name. + required: true + type: str + profile_group: + description: + - Name of profile group. Source firewall.profile-group.name. + type: str + profile_protocol_options: + description: + - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. + type: str + profile_type: + description: + - Determine whether the firewall policy allows security profile groups or single profiles only. + type: str + choices: + - single + - group + replacemsg_override_group: + description: + - Override the default replacement message group for this policy. Source system.replacemsg-group.name. + type: str + rsso: + description: + - Enable/disable RADIUS single sign-on (RSSO). + type: str + choices: + - enable + - disable + schedule: + description: + - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. + type: str + send_deny_packet: + description: + - Enable/disable return of deny-packet. + type: str + choices: + - enable + - disable + service: + description: + - Service and service group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + service_negate: + description: + - When enabled service specifies what the service must NOT be. + type: str + choices: + - enable + - disable + session_ttl: + description: + - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL. + type: int + spamfilter_profile: + description: + - Name of an existing Spam filter profile. Source spamfilter.profile.name. + type: str + srcaddr: + description: + - Source address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + srcaddr_negate: + description: + - When enabled srcaddr specifies what the source address must NOT be. + type: str + choices: + - enable + - disable + srcintf: + description: + - Incoming (ingress) interface. + type: list + suboptions: + name: + description: + - Interface name. Source system.zone.name system.interface.name. + required: true + type: str + ssh_filter_profile: + description: + - Name of an existing SSH filter profile. Source ssh-filter.profile.name. + type: str + ssl_mirror: + description: + - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). + type: str + choices: + - enable + - disable + ssl_mirror_intf: + description: + - SSL mirror interface name. + type: list + suboptions: + name: + description: + - Interface name. Source system.zone.name system.interface.name. + required: true + type: str + ssl_ssh_profile: + description: + - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. + type: str + status: + description: + - Enable or disable this policy. + type: str + choices: + - enable + - disable + tcp_mss_receiver: + description: + - Receiver TCP maximum segment size (MSS). + type: int + tcp_mss_sender: + description: + - Sender TCP maximum segment size (MSS). + type: int + tcp_session_without_syn: + description: + - Enable/disable creation of TCP session without SYN flag. + type: str + choices: + - all + - data-only + - disable + timeout_send_rst: + description: + - Enable/disable sending RST packets when TCP sessions expire. + type: str + choices: + - enable + - disable + traffic_shaper: + description: + - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + traffic_shaper_reverse: + description: + - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + url_category: + description: + - URL category ID list. + type: list + suboptions: + id: + description: + - URL category ID. + required: true + type: int + users: + description: + - Names of individual users that can authenticate with this policy. + type: list + suboptions: + name: + description: + - Names of individual users that can authenticate with this policy. Source user.local.name. + required: true + type: str + utm_status: + description: + - Enable AV/web/ips protection profile. + type: str + choices: + - enable + - disable + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + vlan_cos_fwd: + description: + - 'VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest' + type: int + vlan_cos_rev: + description: + - 'VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest' + type: int + vlan_filter: + description: + - Set VLAN filters. + type: str + voip_profile: + description: + - Name of an existing VoIP profile. Source voip.profile.name. + type: str + vpntunnel: + description: + - 'Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name.' + type: str + webfilter_profile: + description: + - Name of an existing Web filter profile. Source webfilter.profile.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 policies. + fortios_firewall_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy6: + action: "accept" + app_category: + - + id: "5" + app_group: + - + name: "default_name_7 (source application.group.name)" + application: + - + id: "9" + application_list: " (source application.list.name)" + av_profile: " (source antivirus.profile.name)" + comments: "" + custom_log_fields: + - + field_id: " (source log.custom-field.id)" + devices: + - + name: "default_name_16 (source user.device.alias user.device-group.name user.device-category.name)" + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + dlp_sensor: " (source dlp.sensor.name)" + dscp_match: "enable" + dscp_negate: "enable" + dscp_value: "" + dsri: "enable" + dstaddr: + - + name: "default_name_27 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name)" + dstaddr_negate: "enable" + dstintf: + - + name: "default_name_30 (source system.interface.name system.zone.name)" + firewall_session_dirty: "check-all" + fixedport: "enable" + global_label: "" + groups: + - + name: "default_name_35 (source user.group.name)" + icap_profile: " (source icap.profile.name)" + inbound: "enable" + ippool: "enable" + ips_sensor: " (source ips.sensor.name)" + label: "" + logtraffic: "all" + logtraffic_start: "enable" + name: "default_name_43" + nat: "enable" + natinbound: "enable" + natoutbound: "enable" + outbound: "enable" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + policyid: "49" + poolname: + - + name: "default_name_51 (source firewall.ippool6.name)" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + replacemsg_override_group: " (source system.replacemsg-group.name)" + rsso: "enable" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + send_deny_packet: "enable" + service: + - + name: "default_name_60 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + session_ttl: "62" + spamfilter_profile: " (source spamfilter.profile.name)" + srcaddr: + - + name: "default_name_65 (source firewall.address6.name firewall.addrgrp6.name)" + srcaddr_negate: "enable" + srcintf: + - + name: "default_name_68 (source system.zone.name system.interface.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssl_mirror: "enable" + ssl_mirror_intf: + - + name: "default_name_72 (source system.zone.name system.interface.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + tcp_mss_receiver: "75" + tcp_mss_sender: "76" + tcp_session_without_syn: "all" + timeout_send_rst: "enable" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + url_category: + - + id: "82" + users: + - + name: "default_name_84 (source user.local.name)" + utm_status: "enable" + uuid: "" + vlan_cos_fwd: "87" + vlan_cos_rev: "88" + vlan_filter: "" + voip_profile: " (source voip.profile.name)" + vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" + webfilter_profile: " (source webfilter.profile.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_policy6_data(json): + option_list = ['action', 'app_category', 'app_group', + 'application', 'application_list', 'av_profile', + 'comments', 'custom_log_fields', 'devices', + 'diffserv_forward', 'diffserv_reverse', 'diffservcode_forward', + 'diffservcode_rev', 'dlp_sensor', 'dscp_match', + 'dscp_negate', 'dscp_value', 'dsri', + 'dstaddr', 'dstaddr_negate', 'dstintf', + 'firewall_session_dirty', 'fixedport', 'global_label', + 'groups', 'icap_profile', 'inbound', + 'ippool', 'ips_sensor', 'label', + 'logtraffic', 'logtraffic_start', 'name', + 'nat', 'natinbound', 'natoutbound', + 'outbound', 'per_ip_shaper', 'policyid', + 'poolname', 'profile_group', 'profile_protocol_options', + 'profile_type', 'replacemsg_override_group', 'rsso', + 'schedule', 'send_deny_packet', 'service', + 'service_negate', 'session_ttl', 'spamfilter_profile', + 'srcaddr', 'srcaddr_negate', 'srcintf', + 'ssh_filter_profile', 'ssl_mirror', 'ssl_mirror_intf', + 'ssl_ssh_profile', 'status', 'tcp_mss_receiver', + 'tcp_mss_sender', 'tcp_session_without_syn', 'timeout_send_rst', + 'traffic_shaper', 'traffic_shaper_reverse', 'url_category', + 'users', 'utm_status', 'uuid', + 'vlan_cos_fwd', 'vlan_cos_rev', 'vlan_filter', + 'voip_profile', 'vpntunnel', 'webfilter_profile'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_policy6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_policy6'] and data['firewall_policy6']['state']: + state = data['firewall_policy6']['state'] + else: + state = True + firewall_policy6_data = data['firewall_policy6'] + filtered_data = underscore_to_hyphen(filter_firewall_policy6_data(firewall_policy6_data)) + + if state == "present": + return fos.set('firewall', + 'policy6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'policy6', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_policy6']: + resp = firewall_policy6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_policy6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_policy6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny", + "ipsec"]}, + "app_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "app_group": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "application": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "application_list": {"required": False, "type": "str"}, + "av_profile": {"required": False, "type": "str"}, + "comments": {"required": False, "type": "str"}, + "custom_log_fields": {"required": False, "type": "list", + "options": { + "field_id": {"required": False, "type": "str"} + }}, + "devices": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "diffserv_forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "diffserv_reverse": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "diffservcode_forward": {"required": False, "type": "str"}, + "diffservcode_rev": {"required": False, "type": "str"}, + "dlp_sensor": {"required": False, "type": "str"}, + "dscp_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dscp_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dscp_value": {"required": False, "type": "str"}, + "dsri": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstaddr_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "firewall_session_dirty": {"required": False, "type": "str", + "choices": ["check-all", + "check-new"]}, + "fixedport": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "global_label": {"required": False, "type": "str"}, + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "icap_profile": {"required": False, "type": "str"}, + "inbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ippool": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ips_sensor": {"required": False, "type": "str"}, + "label": {"required": False, "type": "str"}, + "logtraffic": {"required": False, "type": "str", + "choices": ["all", + "utm", + "disable"]}, + "logtraffic_start": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": False, "type": "str"}, + "nat": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "natinbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "natoutbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "outbound": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "per_ip_shaper": {"required": False, "type": "str"}, + "policyid": {"required": True, "type": "int"}, + "poolname": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "profile_group": {"required": False, "type": "str"}, + "profile_protocol_options": {"required": False, "type": "str"}, + "profile_type": {"required": False, "type": "str", + "choices": ["single", + "group"]}, + "replacemsg_override_group": {"required": False, "type": "str"}, + "rsso": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "schedule": {"required": False, "type": "str"}, + "send_deny_packet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "service_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_ttl": {"required": False, "type": "int"}, + "spamfilter_profile": {"required": False, "type": "str"}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "srcintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ssh_filter_profile": {"required": False, "type": "str"}, + "ssl_mirror": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_mirror_intf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ssl_ssh_profile": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tcp_mss_receiver": {"required": False, "type": "int"}, + "tcp_mss_sender": {"required": False, "type": "int"}, + "tcp_session_without_syn": {"required": False, "type": "str", + "choices": ["all", + "data-only", + "disable"]}, + "timeout_send_rst": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "traffic_shaper": {"required": False, "type": "str"}, + "traffic_shaper_reverse": {"required": False, "type": "str"}, + "url_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "users": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "utm_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uuid": {"required": False, "type": "str"}, + "vlan_cos_fwd": {"required": False, "type": "int"}, + "vlan_cos_rev": {"required": False, "type": "int"}, + "vlan_filter": {"required": False, "type": "str"}, + "voip_profile": {"required": False, "type": "str"}, + "vpntunnel": {"required": False, "type": "str"}, + "webfilter_profile": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy64.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy64.py new file mode 100644 index 00000000..be5b824c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_policy64.py @@ -0,0 +1,502 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_policy64 +short_description: Configure IPv6 to IPv4 policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and policy64 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_policy64: + description: + - Configure IPv6 to IPv4 policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Policy action. + type: str + choices: + - accept + - deny + comments: + description: + - Comment. + type: str + dstaddr: + description: + - Destination address name. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name. + required: true + type: str + dstintf: + description: + - Destination interface name. Source system.interface.name system.zone.name. + type: str + fixedport: + description: + - Enable/disable policy fixed port. + type: str + choices: + - enable + - disable + ippool: + description: + - Enable/disable policy64 IP pool. + type: str + choices: + - enable + - disable + logtraffic: + description: + - Enable/disable policy log traffic. + type: str + choices: + - enable + - disable + per_ip_shaper: + description: + - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. + type: str + permit_any_host: + description: + - Enable/disable permit any host in. + type: str + choices: + - enable + - disable + policyid: + description: + - Policy ID. + required: true + type: int + poolname: + description: + - Policy IP pool names. + type: list + suboptions: + name: + description: + - IP pool name. Source firewall.ippool.name. + required: true + type: str + schedule: + description: + - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. + type: str + service: + description: + - Service name. + type: list + suboptions: + name: + description: + - Address name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source address name. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + srcintf: + description: + - Source interface name. Source system.zone.name system.interface.name. + type: str + status: + description: + - Enable/disable policy status. + type: str + choices: + - enable + - disable + tcp_mss_receiver: + description: + - TCP MSS value of receiver. + type: int + tcp_mss_sender: + description: + - TCP MSS value of sender. + type: int + traffic_shaper: + description: + - Traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + traffic_shaper_reverse: + description: + - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 to IPv4 policies. + fortios_firewall_policy64: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_policy64: + action: "accept" + comments: "" + dstaddr: + - + name: "default_name_6 (source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name)" + dstintf: " (source system.interface.name system.zone.name)" + fixedport: "enable" + ippool: "enable" + logtraffic: "enable" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + permit_any_host: "enable" + policyid: "13" + poolname: + - + name: "default_name_15 (source firewall.ippool.name)" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_18 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_20 (source firewall.address6.name firewall.addrgrp6.name)" + srcintf: " (source system.zone.name system.interface.name)" + status: "enable" + tcp_mss_receiver: "23" + tcp_mss_sender: "24" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_policy64_data(json): + option_list = ['action', 'comments', 'dstaddr', + 'dstintf', 'fixedport', 'ippool', + 'logtraffic', 'per_ip_shaper', 'permit_any_host', + 'policyid', 'poolname', 'schedule', + 'service', 'srcaddr', 'srcintf', + 'status', 'tcp_mss_receiver', 'tcp_mss_sender', + 'traffic_shaper', 'traffic_shaper_reverse', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_policy64(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_policy64'] and data['firewall_policy64']['state']: + state = data['firewall_policy64']['state'] + else: + state = True + firewall_policy64_data = data['firewall_policy64'] + filtered_data = underscore_to_hyphen(filter_firewall_policy64_data(firewall_policy64_data)) + + if state == "present": + return fos.set('firewall', + 'policy64', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'policy64', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_policy64']: + resp = firewall_policy64(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_policy64')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_policy64": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "comments": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstintf": {"required": False, "type": "str"}, + "fixedport": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ippool": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "logtraffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "per_ip_shaper": {"required": False, "type": "str"}, + "permit_any_host": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "policyid": {"required": True, "type": "int"}, + "poolname": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "schedule": {"required": False, "type": "str"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcintf": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tcp_mss_receiver": {"required": False, "type": "int"}, + "tcp_mss_sender": {"required": False, "type": "int"}, + "traffic_shaper": {"required": False, "type": "str"}, + "traffic_shaper_reverse": {"required": False, "type": "str"}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_group.py new file mode 100644 index 00000000..31ea1b06 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_group.py @@ -0,0 +1,384 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_profile_group +short_description: Configure profile groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and profile_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_profile_group: + description: + - Configure profile groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + application_list: + description: + - Name of an existing Application list. Source application.list.name. + type: str + av_profile: + description: + - Name of an existing Antivirus profile. Source antivirus.profile.name. + type: str + dlp_sensor: + description: + - Name of an existing DLP sensor. Source dlp.sensor.name. + type: str + dnsfilter_profile: + description: + - Name of an existing DNS filter profile. Source dnsfilter.profile.name. + type: str + icap_profile: + description: + - Name of an existing ICAP profile. Source icap.profile.name. + type: str + ips_sensor: + description: + - Name of an existing IPS sensor. Source ips.sensor.name. + type: str + name: + description: + - Profile group name. + required: true + type: str + profile_protocol_options: + description: + - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. + type: str + spamfilter_profile: + description: + - Name of an existing Spam filter profile. Source spamfilter.profile.name. + type: str + ssh_filter_profile: + description: + - Name of an existing SSH filter profile. Source ssh-filter.profile.name. + type: str + ssl_ssh_profile: + description: + - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. + type: str + voip_profile: + description: + - Name of an existing VoIP profile. Source voip.profile.name. + type: str + waf_profile: + description: + - Name of an existing Web application firewall profile. Source waf.profile.name. + type: str + webfilter_profile: + description: + - Name of an existing Web filter profile. Source webfilter.profile.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure profile groups. + fortios_firewall_profile_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_profile_group: + application_list: " (source application.list.name)" + av_profile: " (source antivirus.profile.name)" + dlp_sensor: " (source dlp.sensor.name)" + dnsfilter_profile: " (source dnsfilter.profile.name)" + icap_profile: " (source icap.profile.name)" + ips_sensor: " (source ips.sensor.name)" + name: "default_name_9" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + spamfilter_profile: " (source spamfilter.profile.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + voip_profile: " (source voip.profile.name)" + waf_profile: " (source waf.profile.name)" + webfilter_profile: " (source webfilter.profile.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_profile_group_data(json): + option_list = ['application_list', 'av_profile', 'dlp_sensor', + 'dnsfilter_profile', 'icap_profile', 'ips_sensor', + 'name', 'profile_protocol_options', 'spamfilter_profile', + 'ssh_filter_profile', 'ssl_ssh_profile', 'voip_profile', + 'waf_profile', 'webfilter_profile'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_profile_group(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_profile_group'] and data['firewall_profile_group']['state']: + state = data['firewall_profile_group']['state'] + else: + state = True + firewall_profile_group_data = data['firewall_profile_group'] + filtered_data = underscore_to_hyphen(filter_firewall_profile_group_data(firewall_profile_group_data)) + + if state == "present": + return fos.set('firewall', + 'profile-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'profile-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_profile_group']: + resp = firewall_profile_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_profile_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_profile_group": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "application_list": {"required": False, "type": "str"}, + "av_profile": {"required": False, "type": "str"}, + "dlp_sensor": {"required": False, "type": "str"}, + "dnsfilter_profile": {"required": False, "type": "str"}, + "icap_profile": {"required": False, "type": "str"}, + "ips_sensor": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "profile_protocol_options": {"required": False, "type": "str"}, + "spamfilter_profile": {"required": False, "type": "str"}, + "ssh_filter_profile": {"required": False, "type": "str"}, + "ssl_ssh_profile": {"required": False, "type": "str"}, + "voip_profile": {"required": False, "type": "str"}, + "waf_profile": {"required": False, "type": "str"}, + "webfilter_profile": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_protocol_options.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_protocol_options.py new file mode 100644 index 00000000..b5ac6111 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_profile_protocol_options.py @@ -0,0 +1,1100 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_profile_protocol_options +short_description: Configure protocol options in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and profile_protocol_options category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_profile_protocol_options: + description: + - Configure protocol options. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Optional comments. + type: str + dns: + description: + - Configure DNS protocol options. + type: dict + suboptions: + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + ftp: + description: + - Configure FTP protocol options. + type: dict + suboptions: + comfort_amount: + description: + - Amount of data to send in a transmission for client comforting (1 - 10240 bytes). + type: int + comfort_interval: + description: + - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). + type: int + inspect_all: + description: + - Enable/disable the inspection of all ports for the protocol. + type: str + choices: + - enable + - disable + options: + description: + - One or more options that can be applied to the session. + type: str + choices: + - clientcomfort + - oversize + - splice + - bypass-rest-command + - bypass-mode-command + oversize_limit: + description: + - Maximum in-memory file size that can be scanned (1 - 383 MB). + type: int + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + scan_bzip2: + description: + - Enable/disable scanning of BZip2 compressed files. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + uncompressed_nest_limit: + description: + - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). + type: int + uncompressed_oversize_limit: + description: + - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). + type: int + http: + description: + - Configure HTTP protocol options. + type: dict + suboptions: + block_page_status_code: + description: + - Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599). + type: int + comfort_amount: + description: + - Amount of data to send in a transmission for client comforting (1 - 10240 bytes). + type: int + comfort_interval: + description: + - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). + type: int + fortinet_bar: + description: + - Enable/disable Fortinet bar on HTML content. + type: str + choices: + - enable + - disable + fortinet_bar_port: + description: + - Port for use by Fortinet Bar (1 - 65535). + type: int + http_policy: + description: + - Enable/disable HTTP policy check. + type: str + choices: + - disable + - enable + inspect_all: + description: + - Enable/disable the inspection of all ports for the protocol. + type: str + choices: + - enable + - disable + options: + description: + - One or more options that can be applied to the session. + type: str + choices: + - clientcomfort + - servercomfort + - oversize + - chunkedbypass + oversize_limit: + description: + - Maximum in-memory file size that can be scanned (1 - 383 MB). + type: int + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + post_lang: + description: + - ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). + type: str + choices: + - jisx0201 + - jisx0208 + - jisx0212 + - gb2312 + - ksc5601-ex + - euc-jp + - sjis + - iso2022-jp + - iso2022-jp-1 + - iso2022-jp-2 + - euc-cn + - ces-gbk + - hz + - ces-big5 + - euc-kr + - iso2022-jp-3 + - iso8859-1 + - tis620 + - cp874 + - cp1252 + - cp1251 + range_block: + description: + - Enable/disable blocking of partial downloads. + type: str + choices: + - disable + - enable + retry_count: + description: + - Number of attempts to retry HTTP connection (0 - 100). + type: int + scan_bzip2: + description: + - Enable/disable scanning of BZip2 compressed files. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + streaming_content_bypass: + description: + - Enable/disable bypassing of streaming content from buffering. + type: str + choices: + - enable + - disable + switching_protocols: + description: + - Bypass from scanning, or block a connection that attempts to switch protocol. + type: str + choices: + - bypass + - block + uncompressed_nest_limit: + description: + - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). + type: int + uncompressed_oversize_limit: + description: + - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). + type: int + imap: + description: + - Configure IMAP protocol options. + type: dict + suboptions: + inspect_all: + description: + - Enable/disable the inspection of all ports for the protocol. + type: str + choices: + - enable + - disable + options: + description: + - One or more options that can be applied to the session. + type: str + choices: + - fragmail + - oversize + oversize_limit: + description: + - Maximum in-memory file size that can be scanned (1 - 383 MB). + type: int + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + scan_bzip2: + description: + - Enable/disable scanning of BZip2 compressed files. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + uncompressed_nest_limit: + description: + - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). + type: int + uncompressed_oversize_limit: + description: + - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). + type: int + mail_signature: + description: + - Configure Mail signature. + type: dict + suboptions: + signature: + description: + - Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). + type: str + status: + description: + - Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. + type: str + choices: + - disable + - enable + mapi: + description: + - Configure MAPI protocol options. + type: dict + suboptions: + options: + description: + - One or more options that can be applied to the session. + type: str + choices: + - fragmail + - oversize + oversize_limit: + description: + - Maximum in-memory file size that can be scanned (1 - 383 MB). + type: int + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + scan_bzip2: + description: + - Enable/disable scanning of BZip2 compressed files. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + uncompressed_nest_limit: + description: + - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). + type: int + uncompressed_oversize_limit: + description: + - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). + type: int + name: + description: + - Name. + required: true + type: str + nntp: + description: + - Configure NNTP protocol options. + type: dict + suboptions: + inspect_all: + description: + - Enable/disable the inspection of all ports for the protocol. + type: str + choices: + - enable + - disable + options: + description: + - One or more options that can be applied to the session. + type: str + choices: + - oversize + - splice + oversize_limit: + description: + - Maximum in-memory file size that can be scanned (1 - 383 MB). + type: int + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + scan_bzip2: + description: + - Enable/disable scanning of BZip2 compressed files. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + uncompressed_nest_limit: + description: + - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). + type: int + uncompressed_oversize_limit: + description: + - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). + type: int + oversize_log: + description: + - Enable/disable logging for antivirus oversize file blocking. + type: str + choices: + - disable + - enable + pop3: + description: + - Configure POP3 protocol options. + type: dict + suboptions: + inspect_all: + description: + - Enable/disable the inspection of all ports for the protocol. + type: str + choices: + - enable + - disable + options: + description: + - One or more options that can be applied to the session. + type: str + choices: + - fragmail + - oversize + oversize_limit: + description: + - Maximum in-memory file size that can be scanned (1 - 383 MB). + type: int + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + scan_bzip2: + description: + - Enable/disable scanning of BZip2 compressed files. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + uncompressed_nest_limit: + description: + - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). + type: int + uncompressed_oversize_limit: + description: + - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). + type: int + replacemsg_group: + description: + - Name of the replacement message group to be used Source system.replacemsg-group.name. + type: str + rpc_over_http: + description: + - Enable/disable inspection of RPC over HTTP. + type: str + choices: + - enable + - disable + smtp: + description: + - Configure SMTP protocol options. + type: dict + suboptions: + inspect_all: + description: + - Enable/disable the inspection of all ports for the protocol. + type: str + choices: + - enable + - disable + options: + description: + - One or more options that can be applied to the session. + type: str + choices: + - fragmail + - oversize + - splice + oversize_limit: + description: + - Maximum in-memory file size that can be scanned (1 - 383 MB). + type: int + ports: + description: + - Ports to scan for content (1 - 65535). + type: int + scan_bzip2: + description: + - Enable/disable scanning of BZip2 compressed files. + type: str + choices: + - enable + - disable + server_busy: + description: + - Enable/disable SMTP server busy when server not available. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of scanning for this protocol. + type: str + choices: + - enable + - disable + uncompressed_nest_limit: + description: + - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). + type: int + uncompressed_oversize_limit: + description: + - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). + type: int + switching_protocols_log: + description: + - Enable/disable logging for HTTP/HTTPS switching protocols. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure protocol options. + fortios_firewall_profile_protocol_options: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_profile_protocol_options: + comment: "Optional comments." + dns: + ports: "5" + status: "enable" + ftp: + comfort_amount: "8" + comfort_interval: "9" + inspect_all: "enable" + options: "clientcomfort" + oversize_limit: "12" + ports: "13" + scan_bzip2: "enable" + status: "enable" + uncompressed_nest_limit: "16" + uncompressed_oversize_limit: "17" + http: + block_page_status_code: "19" + comfort_amount: "20" + comfort_interval: "21" + fortinet_bar: "enable" + fortinet_bar_port: "23" + http_policy: "disable" + inspect_all: "enable" + options: "clientcomfort" + oversize_limit: "27" + ports: "28" + post_lang: "jisx0201" + range_block: "disable" + retry_count: "31" + scan_bzip2: "enable" + status: "enable" + streaming_content_bypass: "enable" + switching_protocols: "bypass" + uncompressed_nest_limit: "36" + uncompressed_oversize_limit: "37" + imap: + inspect_all: "enable" + options: "fragmail" + oversize_limit: "41" + ports: "42" + scan_bzip2: "enable" + status: "enable" + uncompressed_nest_limit: "45" + uncompressed_oversize_limit: "46" + mail_signature: + signature: "" + status: "disable" + mapi: + options: "fragmail" + oversize_limit: "52" + ports: "53" + scan_bzip2: "enable" + status: "enable" + uncompressed_nest_limit: "56" + uncompressed_oversize_limit: "57" + name: "default_name_58" + nntp: + inspect_all: "enable" + options: "oversize" + oversize_limit: "62" + ports: "63" + scan_bzip2: "enable" + status: "enable" + uncompressed_nest_limit: "66" + uncompressed_oversize_limit: "67" + oversize_log: "disable" + pop3: + inspect_all: "enable" + options: "fragmail" + oversize_limit: "72" + ports: "73" + scan_bzip2: "enable" + status: "enable" + uncompressed_nest_limit: "76" + uncompressed_oversize_limit: "77" + replacemsg_group: " (source system.replacemsg-group.name)" + rpc_over_http: "enable" + smtp: + inspect_all: "enable" + options: "fragmail" + oversize_limit: "83" + ports: "84" + scan_bzip2: "enable" + server_busy: "enable" + status: "enable" + uncompressed_nest_limit: "88" + uncompressed_oversize_limit: "89" + switching_protocols_log: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_profile_protocol_options_data(json): + option_list = ['comment', 'dns', 'ftp', + 'http', 'imap', 'mail_signature', + 'mapi', 'name', 'nntp', + 'oversize_log', 'pop3', 'replacemsg_group', + 'rpc_over_http', 'smtp', 'switching_protocols_log'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_profile_protocol_options(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_profile_protocol_options'] and data['firewall_profile_protocol_options']['state']: + state = data['firewall_profile_protocol_options']['state'] + else: + state = True + firewall_profile_protocol_options_data = data['firewall_profile_protocol_options'] + filtered_data = underscore_to_hyphen(filter_firewall_profile_protocol_options_data(firewall_profile_protocol_options_data)) + + if state == "present": + return fos.set('firewall', + 'profile-protocol-options', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'profile-protocol-options', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_profile_protocol_options']: + resp = firewall_profile_protocol_options(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_profile_protocol_options')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_profile_protocol_options": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "dns": {"required": False, "type": "dict", + "options": { + "ports": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "ftp": {"required": False, "type": "dict", + "options": { + "comfort_amount": {"required": False, "type": "int"}, + "comfort_interval": {"required": False, "type": "int"}, + "inspect_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["clientcomfort", + "oversize", + "splice", + "bypass-rest-command", + "bypass-mode-command"]}, + "oversize_limit": {"required": False, "type": "int"}, + "ports": {"required": False, "type": "int"}, + "scan_bzip2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uncompressed_nest_limit": {"required": False, "type": "int"}, + "uncompressed_oversize_limit": {"required": False, "type": "int"} + }}, + "http": {"required": False, "type": "dict", + "options": { + "block_page_status_code": {"required": False, "type": "int"}, + "comfort_amount": {"required": False, "type": "int"}, + "comfort_interval": {"required": False, "type": "int"}, + "fortinet_bar": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortinet_bar_port": {"required": False, "type": "int"}, + "http_policy": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "inspect_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["clientcomfort", + "servercomfort", + "oversize", + "chunkedbypass"]}, + "oversize_limit": {"required": False, "type": "int"}, + "ports": {"required": False, "type": "int"}, + "post_lang": {"required": False, "type": "str", + "choices": ["jisx0201", + "jisx0208", + "jisx0212", + "gb2312", + "ksc5601-ex", + "euc-jp", + "sjis", + "iso2022-jp", + "iso2022-jp-1", + "iso2022-jp-2", + "euc-cn", + "ces-gbk", + "hz", + "ces-big5", + "euc-kr", + "iso2022-jp-3", + "iso8859-1", + "tis620", + "cp874", + "cp1252", + "cp1251"]}, + "range_block": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "retry_count": {"required": False, "type": "int"}, + "scan_bzip2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "streaming_content_bypass": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switching_protocols": {"required": False, "type": "str", + "choices": ["bypass", + "block"]}, + "uncompressed_nest_limit": {"required": False, "type": "int"}, + "uncompressed_oversize_limit": {"required": False, "type": "int"} + }}, + "imap": {"required": False, "type": "dict", + "options": { + "inspect_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["fragmail", + "oversize"]}, + "oversize_limit": {"required": False, "type": "int"}, + "ports": {"required": False, "type": "int"}, + "scan_bzip2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uncompressed_nest_limit": {"required": False, "type": "int"}, + "uncompressed_oversize_limit": {"required": False, "type": "int"} + }}, + "mail_signature": {"required": False, "type": "dict", + "options": { + "signature": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + }}, + "mapi": {"required": False, "type": "dict", + "options": { + "options": {"required": False, "type": "str", + "choices": ["fragmail", + "oversize"]}, + "oversize_limit": {"required": False, "type": "int"}, + "ports": {"required": False, "type": "int"}, + "scan_bzip2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uncompressed_nest_limit": {"required": False, "type": "int"}, + "uncompressed_oversize_limit": {"required": False, "type": "int"} + }}, + "name": {"required": True, "type": "str"}, + "nntp": {"required": False, "type": "dict", + "options": { + "inspect_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["oversize", + "splice"]}, + "oversize_limit": {"required": False, "type": "int"}, + "ports": {"required": False, "type": "int"}, + "scan_bzip2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uncompressed_nest_limit": {"required": False, "type": "int"}, + "uncompressed_oversize_limit": {"required": False, "type": "int"} + }}, + "oversize_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pop3": {"required": False, "type": "dict", + "options": { + "inspect_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["fragmail", + "oversize"]}, + "oversize_limit": {"required": False, "type": "int"}, + "ports": {"required": False, "type": "int"}, + "scan_bzip2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uncompressed_nest_limit": {"required": False, "type": "int"}, + "uncompressed_oversize_limit": {"required": False, "type": "int"} + }}, + "replacemsg_group": {"required": False, "type": "str"}, + "rpc_over_http": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "smtp": {"required": False, "type": "dict", + "options": { + "inspect_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "options": {"required": False, "type": "str", + "choices": ["fragmail", + "oversize", + "splice"]}, + "oversize_limit": {"required": False, "type": "int"}, + "ports": {"required": False, "type": "int"}, + "scan_bzip2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server_busy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uncompressed_nest_limit": {"required": False, "type": "int"}, + "uncompressed_oversize_limit": {"required": False, "type": "int"} + }}, + "switching_protocols_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_address.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_address.py new file mode 100644 index 00000000..69db9398 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_address.py @@ -0,0 +1,555 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_proxy_address +short_description: Web proxy address configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and proxy_address category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_proxy_address: + description: + - Web proxy address configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + case_sensitivity: + description: + - Enable to make the pattern case sensitive. + type: str + choices: + - disable + - enable + category: + description: + - FortiGuard category ID. + type: list + suboptions: + id: + description: + - Fortiguard category id. + required: true + type: int + color: + description: + - Integer value to determine the color of the icon in the GUI (1 - 32). + type: int + comment: + description: + - Optional comments. + type: str + header: + description: + - HTTP header name as a regular expression. + type: str + header_group: + description: + - HTTP header group. + type: list + suboptions: + case_sensitivity: + description: + - Case sensitivity in pattern. + type: str + choices: + - disable + - enable + header: + description: + - HTTP header regular expression. + type: str + header_name: + description: + - HTTP header. + type: str + id: + description: + - ID. + required: true + type: int + header_name: + description: + - Name of HTTP header. + type: str + host: + description: + - Address object for the host. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name. + type: str + host_regex: + description: + - Host name as a regular expression. + type: str + method: + description: + - HTTP request methods to be used. + type: str + choices: + - get + - post + - put + - head + - connect + - trace + - options + - delete + name: + description: + - Address name. + required: true + type: str + path: + description: + - URL path as a regular expression. + type: str + query: + description: + - Match the query part of the URL as a regular expression. + type: str + referrer: + description: + - Enable/disable use of referrer field in the HTTP header to match the address. + type: str + choices: + - enable + - disable + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + type: + description: + - Proxy address type. + type: str + choices: + - host-regex + - url + - category + - method + - ua + - header + - src-advanced + - dst-advanced + ua: + description: + - Names of browsers to be used as user agent. + type: str + choices: + - chrome + - ms + - firefox + - safari + - other + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable visibility of the object in the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Web proxy address configuration. + fortios_firewall_proxy_address: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_proxy_address: + case_sensitivity: "disable" + category: + - + id: "5" + color: "6" + comment: "Optional comments." + header: "" + header_group: + - + case_sensitivity: "disable" + header: "" + header_name: "" + id: "13" + header_name: "" + host: "myhostname (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name)" + host_regex: "myhostname" + method: "get" + name: "default_name_18" + path: "" + query: "" + referrer: "enable" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_24" + tags: + - + name: "default_name_26 (source system.object-tagging.tags.name)" + type: "host-regex" + ua: "chrome" + uuid: "" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_proxy_address_data(json): + option_list = ['case_sensitivity', 'category', 'color', + 'comment', 'header', 'header_group', + 'header_name', 'host', 'host_regex', + 'method', 'name', 'path', + 'query', 'referrer', 'tagging', + 'type', 'ua', 'uuid', + 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_proxy_address(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_proxy_address'] and data['firewall_proxy_address']['state']: + state = data['firewall_proxy_address']['state'] + else: + state = True + firewall_proxy_address_data = data['firewall_proxy_address'] + filtered_data = underscore_to_hyphen(filter_firewall_proxy_address_data(firewall_proxy_address_data)) + + if state == "present": + return fos.set('firewall', + 'proxy-address', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'proxy-address', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_proxy_address']: + resp = firewall_proxy_address(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_proxy_address')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_proxy_address": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "case_sensitivity": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "header": {"required": False, "type": "str"}, + "header_group": {"required": False, "type": "list", + "options": { + "case_sensitivity": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "header": {"required": False, "type": "str"}, + "header_name": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "header_name": {"required": False, "type": "str"}, + "host": {"required": False, "type": "str"}, + "host_regex": {"required": False, "type": "str"}, + "method": {"required": False, "type": "str", + "choices": ["get", + "post", + "put", + "head", + "connect", + "trace", + "options", + "delete"]}, + "name": {"required": True, "type": "str"}, + "path": {"required": False, "type": "str"}, + "query": {"required": False, "type": "str"}, + "referrer": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "type": {"required": False, "type": "str", + "choices": ["host-regex", + "url", + "category", + "method", + "ua", + "header", + "src-advanced", + "dst-advanced"]}, + "ua": {"required": False, "type": "str", + "choices": ["chrome", + "ms", + "firefox", + "safari", + "other"]}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_addrgrp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_addrgrp.py new file mode 100644 index 00000000..c6c750cb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_addrgrp.py @@ -0,0 +1,401 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_proxy_addrgrp +short_description: Web proxy address group configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and proxy_addrgrp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_proxy_addrgrp: + description: + - Web proxy address group configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Integer value to determine the color of the icon in the GUI (1 - 32). + type: int + comment: + description: + - Optional comments. + type: str + member: + description: + - Members of address group. + type: list + suboptions: + name: + description: + - Address name. Source firewall.proxy-address.name firewall.proxy-addrgrp.name. + required: true + type: str + name: + description: + - Address group name. + required: true + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + type: + description: + - Source or destination address group type. + type: str + choices: + - src + - dst + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable visibility of the object in the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Web proxy address group configuration. + fortios_firewall_proxy_addrgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_proxy_addrgrp: + color: "3" + comment: "Optional comments." + member: + - + name: "default_name_6 (source firewall.proxy-address.name firewall.proxy-addrgrp.name)" + name: "default_name_7" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_10" + tags: + - + name: "default_name_12 (source system.object-tagging.tags.name)" + type: "src" + uuid: "" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_proxy_addrgrp_data(json): + option_list = ['color', 'comment', 'member', + 'name', 'tagging', 'type', + 'uuid', 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_proxy_addrgrp(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_proxy_addrgrp'] and data['firewall_proxy_addrgrp']['state']: + state = data['firewall_proxy_addrgrp']['state'] + else: + state = True + firewall_proxy_addrgrp_data = data['firewall_proxy_addrgrp'] + filtered_data = underscore_to_hyphen(filter_firewall_proxy_addrgrp_data(firewall_proxy_addrgrp_data)) + + if state == "present": + return fos.set('firewall', + 'proxy-addrgrp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'proxy-addrgrp', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_proxy_addrgrp']: + resp = firewall_proxy_addrgrp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_proxy_addrgrp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_proxy_addrgrp": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "type": {"required": False, "type": "str", + "choices": ["src", + "dst"]}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_policy.py new file mode 100644 index 00000000..c58f1ef8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_proxy_policy.py @@ -0,0 +1,877 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_proxy_policy +short_description: Configure proxy policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and proxy_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_proxy_policy: + description: + - Configure proxy policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Accept or deny traffic matching the policy parameters. + type: str + choices: + - accept + - deny + - redirect + application_list: + description: + - Name of an existing Application list. Source application.list.name. + type: str + av_profile: + description: + - Name of an existing Antivirus profile. Source antivirus.profile.name. + type: str + comments: + description: + - Optional comments. + type: str + disclaimer: + description: + - 'Web proxy disclaimer setting: by domain, policy, or user.' + type: str + choices: + - disable + - domain + - policy + - user + dlp_sensor: + description: + - Name of an existing DLP sensor. Source dlp.sensor.name. + type: str + dstaddr: + description: + - Destination address objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name + firewall.vip.name firewall.vipgrp.name firewall.vip46.name firewall.vipgrp46.name system.external-resource.name. + required: true + type: str + dstaddr_negate: + description: + - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. + type: str + choices: + - enable + - disable + dstaddr6: + description: + - IPv6 destination address objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name firewall.vip64.name + firewall.vipgrp64.name system.external-resource.name. + required: true + type: str + dstintf: + description: + - Destination interface names. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + global_label: + description: + - Global web-based manager visible label. + type: str + groups: + description: + - Names of group objects. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + http_tunnel_auth: + description: + - Enable/disable HTTP tunnel authentication. + type: str + choices: + - enable + - disable + icap_profile: + description: + - Name of an existing ICAP profile. Source icap.profile.name. + type: str + internet_service: + description: + - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. + type: str + choices: + - enable + - disable + internet_service_custom: + description: + - Custom Internet Service name. + type: list + suboptions: + name: + description: + - Custom name. Source firewall.internet-service-custom.name. + required: true + type: str + internet_service_id: + description: + - Internet Service ID. + type: list + suboptions: + id: + description: + - Internet Service ID. Source firewall.internet-service.id. + required: true + type: int + internet_service_negate: + description: + - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. + type: str + choices: + - enable + - disable + ips_sensor: + description: + - Name of an existing IPS sensor. Source ips.sensor.name. + type: str + label: + description: + - VDOM-specific GUI visible label. + type: str + logtraffic: + description: + - Enable/disable logging traffic through the policy. + type: str + choices: + - all + - utm + - disable + logtraffic_start: + description: + - Enable/disable policy log traffic start. + type: str + choices: + - enable + - disable + policyid: + description: + - Policy ID. + required: true + type: int + poolname: + description: + - Name of IP pool object. + type: list + suboptions: + name: + description: + - IP pool name. Source firewall.ippool.name. + required: true + type: str + profile_group: + description: + - Name of profile group. Source firewall.profile-group.name. + type: str + profile_protocol_options: + description: + - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. + type: str + profile_type: + description: + - Determine whether the firewall policy allows security profile groups or single profiles only. + type: str + choices: + - single + - group + proxy: + description: + - Type of explicit proxy. + type: str + choices: + - explicit-web + - transparent-web + - ftp + - ssh + - ssh-tunnel + - wanopt + redirect_url: + description: + - Redirect URL for further explicit web proxy processing. + type: str + replacemsg_override_group: + description: + - Authentication replacement message override group. Source system.replacemsg-group.name. + type: str + scan_botnet_connections: + description: + - Enable/disable scanning of connections to Botnet servers. + type: str + choices: + - disable + - block + - monitor + schedule: + description: + - Name of schedule object. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. + type: str + service: + description: + - Name of service objects. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + service_negate: + description: + - When enabled, services match against any service EXCEPT the specified destination services. + type: str + choices: + - enable + - disable + session_ttl: + description: + - TTL in seconds for sessions accepted by this policy (0 means use the system ). + type: int + spamfilter_profile: + description: + - Name of an existing Spam filter profile. Source spamfilter.profile.name. + type: str + srcaddr: + description: + - Source address objects (must be set when using Web proxy). + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system + .external-resource.name. + required: true + type: str + srcaddr_negate: + description: + - When enabled, source addresses match against any address EXCEPT the specified source addresses. + type: str + choices: + - enable + - disable + srcaddr6: + description: + - IPv6 source address objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. + required: true + type: str + srcintf: + description: + - Source interface names. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + ssh_filter_profile: + description: + - Name of an existing SSH filter profile. Source ssh-filter.profile.name. + type: str + ssl_ssh_profile: + description: + - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. + type: str + status: + description: + - Enable/disable the active status of the policy. + type: str + choices: + - enable + - disable + transparent: + description: + - Enable to use the IP address of the client to connect to the server. + type: str + choices: + - enable + - disable + users: + description: + - Names of user objects. + type: list + suboptions: + name: + description: + - Group name. Source user.local.name. + required: true + type: str + utm_status: + description: + - Enable the use of UTM profiles/sensors/lists. + type: str + choices: + - enable + - disable + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + waf_profile: + description: + - Name of an existing Web application firewall profile. Source waf.profile.name. + type: str + webcache: + description: + - Enable/disable web caching. + type: str + choices: + - enable + - disable + webcache_https: + description: + - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). + type: str + choices: + - disable + - enable + webfilter_profile: + description: + - Name of an existing Web filter profile. Source webfilter.profile.name. + type: str + webproxy_forward_server: + description: + - Name of web proxy forward server. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. + type: str + webproxy_profile: + description: + - Name of web proxy profile. Source web-proxy.profile.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure proxy policies. + fortios_firewall_proxy_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_proxy_policy: + action: "accept" + application_list: " (source application.list.name)" + av_profile: " (source antivirus.profile.name)" + comments: "" + disclaimer: "disable" + dlp_sensor: " (source dlp.sensor.name)" + dstaddr: + - + name: "default_name_10 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name firewall.vip + .name firewall.vipgrp.name firewall.vip46.name firewall.vipgrp46.name system.external-resource.name)" + dstaddr_negate: "enable" + dstaddr6: + - + name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name firewall.vip64.name firewall + .vipgrp64.name system.external-resource.name)" + dstintf: + - + name: "default_name_15 (source system.interface.name system.zone.name)" + global_label: "" + groups: + - + name: "default_name_18 (source user.group.name)" + http_tunnel_auth: "enable" + icap_profile: " (source icap.profile.name)" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_23 (source firewall.internet-service-custom.name)" + internet_service_id: + - + id: "25 (source firewall.internet-service.id)" + internet_service_negate: "enable" + ips_sensor: " (source ips.sensor.name)" + label: "" + logtraffic: "all" + logtraffic_start: "enable" + policyid: "31" + poolname: + - + name: "default_name_33 (source firewall.ippool.name)" + profile_group: " (source firewall.profile-group.name)" + profile_protocol_options: " (source firewall.profile-protocol-options.name)" + profile_type: "single" + proxy: "explicit-web" + redirect_url: "" + replacemsg_override_group: " (source system.replacemsg-group.name)" + scan_botnet_connections: "disable" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_43 (source firewall.service.custom.name firewall.service.group.name)" + service_negate: "enable" + session_ttl: "45" + spamfilter_profile: " (source spamfilter.profile.name)" + srcaddr: + - + name: "default_name_48 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system + .external-resource.name)" + srcaddr_negate: "enable" + srcaddr6: + - + name: "default_name_51 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" + srcintf: + - + name: "default_name_53 (source system.interface.name system.zone.name)" + ssh_filter_profile: " (source ssh-filter.profile.name)" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + transparent: "enable" + users: + - + name: "default_name_59 (source user.local.name)" + utm_status: "enable" + uuid: "" + waf_profile: " (source waf.profile.name)" + webcache: "enable" + webcache_https: "disable" + webfilter_profile: " (source webfilter.profile.name)" + webproxy_forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" + webproxy_profile: " (source web-proxy.profile.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_proxy_policy_data(json): + option_list = ['action', 'application_list', 'av_profile', + 'comments', 'disclaimer', 'dlp_sensor', + 'dstaddr', 'dstaddr_negate', 'dstaddr6', + 'dstintf', 'global_label', 'groups', + 'http_tunnel_auth', 'icap_profile', 'internet_service', + 'internet_service_custom', 'internet_service_id', 'internet_service_negate', + 'ips_sensor', 'label', 'logtraffic', + 'logtraffic_start', 'policyid', 'poolname', + 'profile_group', 'profile_protocol_options', 'profile_type', + 'proxy', 'redirect_url', 'replacemsg_override_group', + 'scan_botnet_connections', 'schedule', 'service', + 'service_negate', 'session_ttl', 'spamfilter_profile', + 'srcaddr', 'srcaddr_negate', 'srcaddr6', + 'srcintf', 'ssh_filter_profile', 'ssl_ssh_profile', + 'status', 'transparent', 'users', + 'utm_status', 'uuid', 'waf_profile', + 'webcache', 'webcache_https', 'webfilter_profile', + 'webproxy_forward_server', 'webproxy_profile'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_proxy_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_proxy_policy'] and data['firewall_proxy_policy']['state']: + state = data['firewall_proxy_policy']['state'] + else: + state = True + firewall_proxy_policy_data = data['firewall_proxy_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_proxy_policy_data(firewall_proxy_policy_data)) + + if state == "present": + return fos.set('firewall', + 'proxy-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'proxy-policy', + mkey=filtered_data['policyid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_proxy_policy']: + resp = firewall_proxy_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_proxy_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'policyid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_proxy_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny", + "redirect"]}, + "application_list": {"required": False, "type": "str"}, + "av_profile": {"required": False, "type": "str"}, + "comments": {"required": False, "type": "str"}, + "disclaimer": {"required": False, "type": "str", + "choices": ["disable", + "domain", + "policy", + "user"]}, + "dlp_sensor": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstaddr_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "global_label": {"required": False, "type": "str"}, + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "http_tunnel_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "icap_profile": {"required": False, "type": "str"}, + "internet_service": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service_custom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_id": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "internet_service_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ips_sensor": {"required": False, "type": "str"}, + "label": {"required": False, "type": "str"}, + "logtraffic": {"required": False, "type": "str", + "choices": ["all", + "utm", + "disable"]}, + "logtraffic_start": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "policyid": {"required": True, "type": "int"}, + "poolname": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "profile_group": {"required": False, "type": "str"}, + "profile_protocol_options": {"required": False, "type": "str"}, + "profile_type": {"required": False, "type": "str", + "choices": ["single", + "group"]}, + "proxy": {"required": False, "type": "str", + "choices": ["explicit-web", + "transparent-web", + "ftp", + "ssh", + "ssh-tunnel", + "wanopt"]}, + "redirect_url": {"required": False, "type": "str"}, + "replacemsg_override_group": {"required": False, "type": "str"}, + "scan_botnet_connections": {"required": False, "type": "str", + "choices": ["disable", + "block", + "monitor"]}, + "schedule": {"required": False, "type": "str"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "service_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_ttl": {"required": False, "type": "int"}, + "spamfilter_profile": {"required": False, "type": "str"}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "srcaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ssh_filter_profile": {"required": False, "type": "str"}, + "ssl_ssh_profile": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "transparent": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "users": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "utm_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "uuid": {"required": False, "type": "str"}, + "waf_profile": {"required": False, "type": "str"}, + "webcache": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webcache_https": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "webfilter_profile": {"required": False, "type": "str"}, + "webproxy_forward_server": {"required": False, "type": "str"}, + "webproxy_profile": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_group.py new file mode 100644 index 00000000..40a3e23b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_group.py @@ -0,0 +1,325 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_schedule_group +short_description: Schedule group configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_schedule feature and group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_schedule_group: + description: + - Schedule group configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Color of icon on the GUI. + type: int + member: + description: + - Schedules added to the schedule group. + type: list + suboptions: + name: + description: + - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name. + required: true + type: str + name: + description: + - Schedule group name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Schedule group configuration. + fortios_firewall_schedule_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_schedule_group: + color: "3" + member: + - + name: "default_name_5 (source firewall.schedule.onetime.name firewall.schedule.recurring.name)" + name: "default_name_6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_schedule_group_data(json): + option_list = ['color', 'member', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_schedule_group(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_schedule_group'] and data['firewall_schedule_group']['state']: + state = data['firewall_schedule_group']['state'] + else: + state = True + firewall_schedule_group_data = data['firewall_schedule_group'] + filtered_data = underscore_to_hyphen(filter_firewall_schedule_group_data(firewall_schedule_group_data)) + + if state == "present": + return fos.set('firewall.schedule', + 'group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.schedule', + 'group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_schedule(data, fos): + + if data['firewall_schedule_group']: + resp = firewall_schedule_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_schedule_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_schedule_group": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_onetime.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_onetime.py new file mode 100644 index 00000000..5c2ddb56 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_onetime.py @@ -0,0 +1,327 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_schedule_onetime +short_description: Onetime schedule configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_schedule feature and onetime category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_schedule_onetime: + description: + - Onetime schedule configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Color of icon on the GUI. + type: int + end: + description: + - 'Schedule end date and time, format hh:mm yyyy/mm/dd.' + type: str + expiration_days: + description: + - Write an event log message this many days before the schedule expires. + type: int + name: + description: + - Onetime schedule name. + required: true + type: str + start: + description: + - 'Schedule start date and time, format hh:mm yyyy/mm/dd.' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Onetime schedule configuration. + fortios_firewall_schedule_onetime: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_schedule_onetime: + color: "3" + end: "" + expiration_days: "5" + name: "default_name_6" + start: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_schedule_onetime_data(json): + option_list = ['color', 'end', 'expiration_days', + 'name', 'start'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_schedule_onetime(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_schedule_onetime'] and data['firewall_schedule_onetime']['state']: + state = data['firewall_schedule_onetime']['state'] + else: + state = True + firewall_schedule_onetime_data = data['firewall_schedule_onetime'] + filtered_data = underscore_to_hyphen(filter_firewall_schedule_onetime_data(firewall_schedule_onetime_data)) + + if state == "present": + return fos.set('firewall.schedule', + 'onetime', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.schedule', + 'onetime', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_schedule(data, fos): + + if data['firewall_schedule_onetime']: + resp = firewall_schedule_onetime(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_schedule_onetime')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_schedule_onetime": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "end": {"required": False, "type": "str"}, + "expiration_days": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "start": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_recurring.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_recurring.py new file mode 100644 index 00000000..44895b82 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_schedule_recurring.py @@ -0,0 +1,360 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_schedule_recurring +short_description: Recurring schedule configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_schedule feature and recurring category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_schedule_recurring: + description: + - Recurring schedule configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Color of icon on the GUI. + type: int + day: + description: + - One or more days of the week on which the schedule is valid. Separate the names of the days with a space. + type: list + choices: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - none + end: + description: + - 'Time of day to end the schedule, format hh:mm.' + type: str + name: + description: + - Recurring schedule name. + required: true + type: str + start: + description: + - 'Time of day to start the schedule, format hh:mm.' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Recurring schedule configuration. + fortios_firewall_schedule_recurring: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_schedule_recurring: + color: "3" + day: "sunday" + end: "" + name: "default_name_6" + start: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_schedule_recurring_data(json): + option_list = ['color', 'day', 'end', + 'name', 'start'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'day']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_schedule_recurring(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_schedule_recurring'] and data['firewall_schedule_recurring']['state']: + state = data['firewall_schedule_recurring']['state'] + else: + state = True + firewall_schedule_recurring_data = data['firewall_schedule_recurring'] + firewall_schedule_recurring_data = flatten_multilists_attributes(firewall_schedule_recurring_data) + filtered_data = underscore_to_hyphen(filter_firewall_schedule_recurring_data(firewall_schedule_recurring_data)) + + if state == "present": + return fos.set('firewall.schedule', + 'recurring', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.schedule', + 'recurring', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_schedule(data, fos): + + if data['firewall_schedule_recurring']: + resp = firewall_schedule_recurring(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_schedule_recurring')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_schedule_recurring": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "day": {"required": False, "type": "list", + "choices": ["sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday", + "none"]}, + "end": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "start": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_category.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_category.py new file mode 100644 index 00000000..5a3a4bb7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_category.py @@ -0,0 +1,308 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_service_category +short_description: Configure service categories in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_service feature and category category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_service_category: + description: + - Configure service categories. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Comment. + type: str + name: + description: + - Service category name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure service categories. + fortios_firewall_service_category: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_service_category: + comment: "Comment." + name: "default_name_4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_service_category_data(json): + option_list = ['comment', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_service_category(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_service_category'] and data['firewall_service_category']['state']: + state = data['firewall_service_category']['state'] + else: + state = True + firewall_service_category_data = data['firewall_service_category'] + filtered_data = underscore_to_hyphen(filter_firewall_service_category_data(firewall_service_category_data)) + + if state == "present": + return fos.set('firewall.service', + 'category', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.service', + 'category', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_service(data, fos): + + if data['firewall_service_category']: + resp = firewall_service_category(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_service_category')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_service_category": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_service(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_custom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_custom.py new file mode 100644 index 00000000..e4aaa0bd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_custom.py @@ -0,0 +1,562 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_service_custom +short_description: Configure custom services in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_service feature and custom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_service_custom: + description: + - Configure custom services. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + app_category: + description: + - Application category ID. + type: list + suboptions: + id: + description: + - Application category id. + required: true + type: int + app_service_type: + description: + - Application service type. + type: str + choices: + - disable + - app-id + - app-category + application: + description: + - Application ID. + type: list + suboptions: + id: + description: + - Application id. + required: true + type: int + category: + description: + - Service category. Source firewall.service.category.name. + type: str + check_reset_range: + description: + - Configure the type of ICMP error message verification. + type: str + choices: + - disable + - strict + - default + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + fqdn: + description: + - Fully qualified domain name. + type: str + helper: + description: + - Helper name. + type: str + choices: + - auto + - disable + - ftp + - tftp + - ras + - h323 + - tns + - mms + - sip + - pptp + - rtsp + - dns-udp + - dns-tcp + - pmap + - rsh + - dcerpc + - mgcp + - gtp-c + - gtp-u + - gtp-b + icmpcode: + description: + - ICMP code. + type: int + icmptype: + description: + - ICMP type. + type: int + iprange: + description: + - Start and end of the IP range associated with service. + type: str + name: + description: + - Custom service name. + required: true + type: str + protocol: + description: + - Protocol type based on IANA numbers. + type: str + choices: + - TCP/UDP/SCTP + - ICMP + - ICMP6 + - IP + - HTTP + - FTP + - CONNECT + - SOCKS-TCP + - SOCKS-UDP + - ALL + protocol_number: + description: + - IP protocol number. + type: int + proxy: + description: + - Enable/disable web proxy service. + type: str + choices: + - enable + - disable + sctp_portrange: + description: + - Multiple SCTP port ranges. + type: str + session_ttl: + description: + - Session TTL (300 - 604800, 0 = default). + type: int + tcp_halfclose_timer: + description: + - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). + type: int + tcp_halfopen_timer: + description: + - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). + type: int + tcp_portrange: + description: + - Multiple TCP port ranges. + type: str + tcp_timewait_timer: + description: + - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). + type: int + udp_idle_timer: + description: + - UDP half close timeout (0 - 86400 sec, 0 = default). + type: int + udp_portrange: + description: + - Multiple UDP port ranges. + type: str + visibility: + description: + - Enable/disable the visibility of the service on the GUI. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom services. + fortios_firewall_service_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_service_custom: + app_category: + - + id: "4" + app_service_type: "disable" + application: + - + id: "7" + category: " (source firewall.service.category.name)" + check_reset_range: "disable" + color: "10" + comment: "Comment." + fqdn: "" + helper: "auto" + icmpcode: "14" + icmptype: "15" + iprange: "" + name: "default_name_17" + protocol: "TCP/UDP/SCTP" + protocol_number: "19" + proxy: "enable" + sctp_portrange: "" + session_ttl: "22" + tcp_halfclose_timer: "23" + tcp_halfopen_timer: "24" + tcp_portrange: "" + tcp_timewait_timer: "26" + udp_idle_timer: "27" + udp_portrange: "" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_service_custom_data(json): + option_list = ['app_category', 'app_service_type', 'application', + 'category', 'check_reset_range', 'color', + 'comment', 'fqdn', 'helper', + 'icmpcode', 'icmptype', 'iprange', + 'name', 'protocol', 'protocol_number', + 'proxy', 'sctp_portrange', 'session_ttl', + 'tcp_halfclose_timer', 'tcp_halfopen_timer', 'tcp_portrange', + 'tcp_timewait_timer', 'udp_idle_timer', 'udp_portrange', + 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_service_custom(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_service_custom'] and data['firewall_service_custom']['state']: + state = data['firewall_service_custom']['state'] + else: + state = True + firewall_service_custom_data = data['firewall_service_custom'] + filtered_data = underscore_to_hyphen(filter_firewall_service_custom_data(firewall_service_custom_data)) + + if state == "present": + return fos.set('firewall.service', + 'custom', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.service', + 'custom', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_service(data, fos): + + if data['firewall_service_custom']: + resp = firewall_service_custom(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_service_custom')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_service_custom": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "app_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "app_service_type": {"required": False, "type": "str", + "choices": ["disable", + "app-id", + "app-category"]}, + "application": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "category": {"required": False, "type": "str"}, + "check_reset_range": {"required": False, "type": "str", + "choices": ["disable", + "strict", + "default"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "fqdn": {"required": False, "type": "str"}, + "helper": {"required": False, "type": "str", + "choices": ["auto", + "disable", + "ftp", + "tftp", + "ras", + "h323", + "tns", + "mms", + "sip", + "pptp", + "rtsp", + "dns-udp", + "dns-tcp", + "pmap", + "rsh", + "dcerpc", + "mgcp", + "gtp-c", + "gtp-u", + "gtp-b"]}, + "icmpcode": {"required": False, "type": "int"}, + "icmptype": {"required": False, "type": "int"}, + "iprange": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "protocol": {"required": False, "type": "str", + "choices": ["TCP/UDP/SCTP", + "ICMP", + "ICMP6", + "IP", + "HTTP", + "FTP", + "CONNECT", + "SOCKS-TCP", + "SOCKS-UDP", + "ALL"]}, + "protocol_number": {"required": False, "type": "int"}, + "proxy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sctp_portrange": {"required": False, "type": "str"}, + "session_ttl": {"required": False, "type": "int"}, + "tcp_halfclose_timer": {"required": False, "type": "int"}, + "tcp_halfopen_timer": {"required": False, "type": "int"}, + "tcp_portrange": {"required": False, "type": "str"}, + "tcp_timewait_timer": {"required": False, "type": "int"}, + "udp_idle_timer": {"required": False, "type": "int"}, + "udp_portrange": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_service(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_group.py new file mode 100644 index 00000000..2122aea4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_service_group.py @@ -0,0 +1,343 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_service_group +short_description: Configure service groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_service feature and group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_service_group: + description: + - Configure service groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + member: + description: + - Service objects contained within the group. + type: list + suboptions: + name: + description: + - Address name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + name: + description: + - Address group name. + required: true + type: str + proxy: + description: + - Enable/disable web proxy service group. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure service groups. + fortios_firewall_service_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_service_group: + color: "3" + comment: "Comment." + member: + - + name: "default_name_6 (source firewall.service.custom.name firewall.service.group.name)" + name: "default_name_7" + proxy: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_service_group_data(json): + option_list = ['color', 'comment', 'member', + 'name', 'proxy'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_service_group(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_service_group'] and data['firewall_service_group']['state']: + state = data['firewall_service_group']['state'] + else: + state = True + firewall_service_group_data = data['firewall_service_group'] + filtered_data = underscore_to_hyphen(filter_firewall_service_group_data(firewall_service_group_data)) + + if state == "present": + return fos.set('firewall.service', + 'group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.service', + 'group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_service(data, fos): + + if data['firewall_service_group']: + resp = firewall_service_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_service_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_service_group": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "proxy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_service(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_per_ip_shaper.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_per_ip_shaper.py new file mode 100644 index 00000000..05e4a252 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_per_ip_shaper.py @@ -0,0 +1,363 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_shaper_per_ip_shaper +short_description: Configure per-IP traffic shaper in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_shaper feature and per_ip_shaper category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_shaper_per_ip_shaper: + description: + - Configure per-IP traffic shaper. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + bandwidth_unit: + description: + - Unit of measurement for maximum bandwidth for this shaper (Kbps, Mbps or Gbps). + type: str + choices: + - kbps + - mbps + - gbps + diffserv_forward: + description: + - Enable/disable changing the Forward (original) DiffServ setting applied to traffic accepted by this shaper. + type: str + choices: + - enable + - disable + diffserv_reverse: + description: + - Enable/disable changing the Reverse (reply) DiffServ setting applied to traffic accepted by this shaper. + type: str + choices: + - enable + - disable + diffservcode_forward: + description: + - Forward (original) DiffServ setting to be applied to traffic accepted by this shaper. + type: str + diffservcode_rev: + description: + - Reverse (reply) DiffServ setting to be applied to traffic accepted by this shaper. + type: str + max_bandwidth: + description: + - Upper bandwidth limit enforced by this shaper (0 - 16776000). 0 means no limit. Units depend on the bandwidth-unit setting. + type: int + max_concurrent_session: + description: + - Maximum number of concurrent sessions allowed by this shaper (0 - 2097000). 0 means no limit. + type: int + name: + description: + - Traffic shaper name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure per-IP traffic shaper. + fortios_firewall_shaper_per_ip_shaper: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaper_per_ip_shaper: + bandwidth_unit: "kbps" + diffserv_forward: "enable" + diffserv_reverse: "enable" + diffservcode_forward: "" + diffservcode_rev: "" + max_bandwidth: "8" + max_concurrent_session: "9" + name: "default_name_10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_shaper_per_ip_shaper_data(json): + option_list = ['bandwidth_unit', 'diffserv_forward', 'diffserv_reverse', + 'diffservcode_forward', 'diffservcode_rev', 'max_bandwidth', + 'max_concurrent_session', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_shaper_per_ip_shaper(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_shaper_per_ip_shaper'] and data['firewall_shaper_per_ip_shaper']['state']: + state = data['firewall_shaper_per_ip_shaper']['state'] + else: + state = True + firewall_shaper_per_ip_shaper_data = data['firewall_shaper_per_ip_shaper'] + filtered_data = underscore_to_hyphen(filter_firewall_shaper_per_ip_shaper_data(firewall_shaper_per_ip_shaper_data)) + + if state == "present": + return fos.set('firewall.shaper', + 'per-ip-shaper', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.shaper', + 'per-ip-shaper', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_shaper(data, fos): + + if data['firewall_shaper_per_ip_shaper']: + resp = firewall_shaper_per_ip_shaper(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_shaper_per_ip_shaper')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_shaper_per_ip_shaper": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "bandwidth_unit": {"required": False, "type": "str", + "choices": ["kbps", + "mbps", + "gbps"]}, + "diffserv_forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "diffserv_reverse": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "diffservcode_forward": {"required": False, "type": "str"}, + "diffservcode_rev": {"required": False, "type": "str"}, + "max_bandwidth": {"required": False, "type": "int"}, + "max_concurrent_session": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_shaper(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_traffic_shaper.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_traffic_shaper.py new file mode 100644 index 00000000..42106eaa --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaper_traffic_shaper.py @@ -0,0 +1,371 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_shaper_traffic_shaper +short_description: Configure shared traffic shaper in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_shaper feature and traffic_shaper category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_shaper_traffic_shaper: + description: + - Configure shared traffic shaper. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + bandwidth_unit: + description: + - Unit of measurement for guaranteed and maximum bandwidth for this shaper (Kbps, Mbps or Gbps). + type: str + choices: + - kbps + - mbps + - gbps + diffserv: + description: + - Enable/disable changing the DiffServ setting applied to traffic accepted by this shaper. + type: str + choices: + - enable + - disable + diffservcode: + description: + - DiffServ setting to be applied to traffic accepted by this shaper. + type: str + guaranteed_bandwidth: + description: + - Amount of bandwidth guaranteed for this shaper (0 - 16776000). Units depend on the bandwidth-unit setting. + type: int + maximum_bandwidth: + description: + - Upper bandwidth limit enforced by this shaper (0 - 16776000). 0 means no limit. Units depend on the bandwidth-unit setting. + type: int + name: + description: + - Traffic shaper name. + required: true + type: str + per_policy: + description: + - Enable/disable applying a separate shaper for each policy. For example, if enabled the guaranteed bandwidth is applied separately for + each policy. + type: str + choices: + - disable + - enable + priority: + description: + - Higher priority traffic is more likely to be forwarded without delays and without compromising the guaranteed bandwidth. + type: str + choices: + - low + - medium + - high +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure shared traffic shaper. + fortios_firewall_shaper_traffic_shaper: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaper_traffic_shaper: + bandwidth_unit: "kbps" + diffserv: "enable" + diffservcode: "" + guaranteed_bandwidth: "6" + maximum_bandwidth: "7" + name: "default_name_8" + per_policy: "disable" + priority: "low" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_shaper_traffic_shaper_data(json): + option_list = ['bandwidth_unit', 'diffserv', 'diffservcode', + 'guaranteed_bandwidth', 'maximum_bandwidth', 'name', + 'per_policy', 'priority'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_shaper_traffic_shaper(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_shaper_traffic_shaper'] and data['firewall_shaper_traffic_shaper']['state']: + state = data['firewall_shaper_traffic_shaper']['state'] + else: + state = True + firewall_shaper_traffic_shaper_data = data['firewall_shaper_traffic_shaper'] + filtered_data = underscore_to_hyphen(filter_firewall_shaper_traffic_shaper_data(firewall_shaper_traffic_shaper_data)) + + if state == "present": + return fos.set('firewall.shaper', + 'traffic-shaper', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.shaper', + 'traffic-shaper', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_shaper(data, fos): + + if data['firewall_shaper_traffic_shaper']: + resp = firewall_shaper_traffic_shaper(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_shaper_traffic_shaper')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_shaper_traffic_shaper": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "bandwidth_unit": {"required": False, "type": "str", + "choices": ["kbps", + "mbps", + "gbps"]}, + "diffserv": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "diffservcode": {"required": False, "type": "str"}, + "guaranteed_bandwidth": {"required": False, "type": "int"}, + "maximum_bandwidth": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "per_policy": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "priority": {"required": False, "type": "str", + "choices": ["low", + "medium", + "high"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_shaper(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_policy.py new file mode 100644 index 00000000..ef762e87 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_policy.py @@ -0,0 +1,645 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_shaping_policy +short_description: Configure shaping policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and shaping_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_shaping_policy: + description: + - Configure shaping policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + app_category: + description: + - IDs of one or more application categories that this shaper applies application control traffic shaping to. + type: list + suboptions: + id: + description: + - Category IDs. + required: true + type: int + application: + description: + - IDs of one or more applications that this shaper applies application control traffic shaping to. + type: list + suboptions: + id: + description: + - Application IDs. + required: true + type: int + class_id: + description: + - Traffic class ID. + type: int + comment: + description: + - Comments. + type: str + dstaddr: + description: + - IPv4 destination address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + dstaddr6: + description: + - IPv6 destination address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + dstintf: + description: + - One or more outgoing (egress) interfaces. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + groups: + description: + - Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + id: + description: + - Shaping policy ID. + required: true + type: int + internet_service: + description: + - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. + type: str + choices: + - enable + - disable + internet_service_custom: + description: + - Custom Internet Service name. + type: list + suboptions: + name: + description: + - Custom Internet Service name. Source firewall.internet-service-custom.name. + required: true + type: str + internet_service_id: + description: + - Internet Service ID. + type: list + suboptions: + id: + description: + - Internet Service ID. Source firewall.internet-service.id. + required: true + type: int + internet_service_src: + description: + - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. + type: str + choices: + - enable + - disable + internet_service_src_custom: + description: + - Custom Internet Service source name. + type: list + suboptions: + name: + description: + - Custom Internet Service name. Source firewall.internet-service-custom.name. + required: true + type: str + internet_service_src_id: + description: + - Internet Service source ID. + type: list + suboptions: + id: + description: + - Internet Service ID. Source firewall.internet-service.id. + required: true + type: int + ip_version: + description: + - Apply this traffic shaping policy to IPv4 or IPv6 traffic. + type: str + choices: + - 4 + - 6 + per_ip_shaper: + description: + - Per-IP traffic shaper to apply with this policy. Source firewall.shaper.per-ip-shaper.name. + type: str + schedule: + description: + - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. + type: str + service: + description: + - Service and service group names. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - IPv4 source address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + srcaddr6: + description: + - IPv6 source address and address group names. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + status: + description: + - Enable/disable this traffic shaping policy. + type: str + choices: + - enable + - disable + traffic_shaper: + description: + - Traffic shaper to apply to traffic forwarded by the firewall policy. Source firewall.shaper.traffic-shaper.name. + type: str + traffic_shaper_reverse: + description: + - Traffic shaper to apply to response traffic received by the firewall policy. Source firewall.shaper.traffic-shaper.name. + type: str + url_category: + description: + - IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. + type: list + suboptions: + id: + description: + - URL category ID. + required: true + type: int + users: + description: + - Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. + type: list + suboptions: + name: + description: + - User name. Source user.local.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure shaping policies. + fortios_firewall_shaping_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaping_policy: + app_category: + - + id: "4" + application: + - + id: "6" + class_id: "7" + comment: "Comments." + dstaddr: + - + name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)" + dstaddr6: + - + name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)" + dstintf: + - + name: "default_name_14 (source system.interface.name system.zone.name)" + groups: + - + name: "default_name_16 (source user.group.name)" + id: "17" + internet_service: "enable" + internet_service_custom: + - + name: "default_name_20 (source firewall.internet-service-custom.name)" + internet_service_id: + - + id: "22 (source firewall.internet-service.id)" + internet_service_src: "enable" + internet_service_src_custom: + - + name: "default_name_25 (source firewall.internet-service-custom.name)" + internet_service_src_id: + - + id: "27 (source firewall.internet-service.id)" + ip_version: "4" + per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_32 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_34 (source firewall.address.name firewall.addrgrp.name)" + srcaddr6: + - + name: "default_name_36 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" + traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" + url_category: + - + id: "41" + users: + - + name: "default_name_43 (source user.local.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_shaping_policy_data(json): + option_list = ['app_category', 'application', 'class_id', + 'comment', 'dstaddr', 'dstaddr6', + 'dstintf', 'groups', 'id', + 'internet_service', 'internet_service_custom', 'internet_service_id', + 'internet_service_src', 'internet_service_src_custom', 'internet_service_src_id', + 'ip_version', 'per_ip_shaper', 'schedule', + 'service', 'srcaddr', 'srcaddr6', + 'status', 'traffic_shaper', 'traffic_shaper_reverse', + 'url_category', 'users'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_shaping_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_shaping_policy'] and data['firewall_shaping_policy']['state']: + state = data['firewall_shaping_policy']['state'] + else: + state = True + firewall_shaping_policy_data = data['firewall_shaping_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_shaping_policy_data(firewall_shaping_policy_data)) + + if state == "present": + return fos.set('firewall', + 'shaping-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'shaping-policy', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_shaping_policy']: + resp = firewall_shaping_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_shaping_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_shaping_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "app_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "application": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "class_id": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstintf": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "internet_service": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service_custom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_id": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "internet_service_src": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service_src_custom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_src_id": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "ip_version": {"required": False, "type": "str", + "choices": ["4", + "6"]}, + "per_ip_shaper": {"required": False, "type": "str"}, + "schedule": {"required": False, "type": "str"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "traffic_shaper": {"required": False, "type": "str"}, + "traffic_shaper_reverse": {"required": False, "type": "str"}, + "url_category": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "users": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_profile.py new file mode 100644 index 00000000..bcef5c67 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_shaping_profile.py @@ -0,0 +1,362 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_shaping_profile +short_description: Configure shaping profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and shaping_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_shaping_profile: + description: + - Configure shaping profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Comment. + type: str + default_class_id: + description: + - Default class ID to handle unclassified packets (including all local traffic). + type: int + profile_name: + description: + - Shaping profile name. + type: str + shaping_entries: + description: + - Define shaping entries of this shaping profile. + type: list + suboptions: + class_id: + description: + - Class ID. + type: int + guaranteed_bandwidth_percentage: + description: + - Guaranteed bandwith in percentage. + type: int + id: + description: + - ID number. + required: true + type: int + maximum_bandwidth_percentage: + description: + - Maximum bandwith in percentage. + type: int + priority: + description: + - Priority. + type: str + choices: + - high + - medium + - low +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure shaping profiles. + fortios_firewall_shaping_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_shaping_profile: + comment: "Comment." + default_class_id: "4" + profile_name: "" + shaping_entries: + - + class_id: "7" + guaranteed_bandwidth_percentage: "8" + id: "9" + maximum_bandwidth_percentage: "10" + priority: "high" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_shaping_profile_data(json): + option_list = ['comment', 'default_class_id', 'profile_name', + 'shaping_entries'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_shaping_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_shaping_profile'] and data['firewall_shaping_profile']['state']: + state = data['firewall_shaping_profile']['state'] + else: + state = True + firewall_shaping_profile_data = data['firewall_shaping_profile'] + filtered_data = underscore_to_hyphen(filter_firewall_shaping_profile_data(firewall_shaping_profile_data)) + + if state == "present": + return fos.set('firewall', + 'shaping-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'shaping-profile', + mkey=filtered_data['profile-name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_shaping_profile']: + resp = firewall_shaping_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_shaping_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'profile-name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_shaping_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "default_class_id": {"required": False, "type": "int"}, + "profile_name": {"required": False, "type": "str"}, + "shaping_entries": {"required": False, "type": "list", + "options": { + "class_id": {"required": False, "type": "int"}, + "guaranteed_bandwidth_percentage": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "maximum_bandwidth_percentage": {"required": False, "type": "int"}, + "priority": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_sniffer.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_sniffer.py new file mode 100644 index 00000000..5566a768 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_sniffer.py @@ -0,0 +1,620 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_sniffer +short_description: Configure sniffer in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and sniffer category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_sniffer: + description: + - Configure sniffer. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + anomaly: + description: + - Configuration method to edit Denial of Service (DoS) anomaly settings. + type: list + suboptions: + action: + description: + - Action taken when the threshold is reached. + type: str + choices: + - pass + - block + log: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + name: + description: + - Anomaly name. + required: true + type: str + quarantine: + description: + - Quarantine method. + type: str + choices: + - none + - attacker + quarantine_expiry: + description: + - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. + type: str + quarantine_log: + description: + - Enable/disable quarantine logging. + type: str + choices: + - disable + - enable + status: + description: + - Enable/disable this anomaly. + type: str + choices: + - disable + - enable + threshold: + description: + - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. + type: int + threshold(default): + description: + - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold + value assigned to it. + type: int + application_list: + description: + - Name of an existing application list. Source application.list.name. + type: str + application_list_status: + description: + - Enable/disable application control profile. + type: str + choices: + - enable + - disable + av_profile: + description: + - Name of an existing antivirus profile. Source antivirus.profile.name. + type: str + av_profile_status: + description: + - Enable/disable antivirus profile. + type: str + choices: + - enable + - disable + dlp_sensor: + description: + - Name of an existing DLP sensor. Source dlp.sensor.name. + type: str + dlp_sensor_status: + description: + - Enable/disable DLP sensor. + type: str + choices: + - enable + - disable + dsri: + description: + - Enable/disable DSRI. + type: str + choices: + - enable + - disable + host: + description: + - 'Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240).' + type: str + id: + description: + - Sniffer ID. + required: true + type: int + interface: + description: + - Interface name that traffic sniffing will take place on. Source system.interface.name. + type: str + ips_dos_status: + description: + - Enable/disable IPS DoS anomaly detection. + type: str + choices: + - enable + - disable + ips_sensor: + description: + - Name of an existing IPS sensor. Source ips.sensor.name. + type: str + ips_sensor_status: + description: + - Enable/disable IPS sensor. + type: str + choices: + - enable + - disable + ipv6: + description: + - Enable/disable sniffing IPv6 packets. + type: str + choices: + - enable + - disable + logtraffic: + description: + - Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. + type: str + choices: + - all + - utm + - disable + max_packet_count: + description: + - Maximum packet count (1 - 1000000). + type: int + non_ip: + description: + - Enable/disable sniffing non-IP packets. + type: str + choices: + - enable + - disable + port: + description: + - 'Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200).' + type: str + protocol: + description: + - Integer value for the protocol type as defined by IANA (0 - 255). + type: str + scan_botnet_connections: + description: + - Enable/disable scanning of connections to Botnet servers. + type: str + choices: + - disable + - block + - monitor + spamfilter_profile: + description: + - Name of an existing spam filter profile. Source spamfilter.profile.name. + type: str + spamfilter_profile_status: + description: + - Enable/disable spam filter. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable the active status of the sniffer. + type: str + choices: + - enable + - disable + vlan: + description: + - List of VLANs to sniff. + type: str + webfilter_profile: + description: + - Name of an existing web filter profile. Source webfilter.profile.name. + type: str + webfilter_profile_status: + description: + - Enable/disable web filter profile. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure sniffer. + fortios_firewall_sniffer: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_sniffer: + anomaly: + - + action: "pass" + log: "enable" + name: "default_name_6" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + status: "disable" + threshold: "11" + threshold(default): "12" + application_list: " (source application.list.name)" + application_list_status: "enable" + av_profile: " (source antivirus.profile.name)" + av_profile_status: "enable" + dlp_sensor: " (source dlp.sensor.name)" + dlp_sensor_status: "enable" + dsri: "enable" + host: "myhostname" + id: "21" + interface: " (source system.interface.name)" + ips_dos_status: "enable" + ips_sensor: " (source ips.sensor.name)" + ips_sensor_status: "enable" + ipv6: "enable" + logtraffic: "all" + max_packet_count: "28" + non_ip: "enable" + port: "" + protocol: "" + scan_botnet_connections: "disable" + spamfilter_profile: " (source spamfilter.profile.name)" + spamfilter_profile_status: "enable" + status: "enable" + vlan: "" + webfilter_profile: " (source webfilter.profile.name)" + webfilter_profile_status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_sniffer_data(json): + option_list = ['anomaly', 'application_list', 'application_list_status', + 'av_profile', 'av_profile_status', 'dlp_sensor', + 'dlp_sensor_status', 'dsri', 'host', + 'id', 'interface', 'ips_dos_status', + 'ips_sensor', 'ips_sensor_status', 'ipv6', + 'logtraffic', 'max_packet_count', 'non_ip', + 'port', 'protocol', 'scan_botnet_connections', + 'spamfilter_profile', 'spamfilter_profile_status', 'status', + 'vlan', 'webfilter_profile', 'webfilter_profile_status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_sniffer(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_sniffer'] and data['firewall_sniffer']['state']: + state = data['firewall_sniffer']['state'] + else: + state = True + firewall_sniffer_data = data['firewall_sniffer'] + filtered_data = underscore_to_hyphen(filter_firewall_sniffer_data(firewall_sniffer_data)) + + if state == "present": + return fos.set('firewall', + 'sniffer', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'sniffer', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_sniffer']: + resp = firewall_sniffer(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_sniffer')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_sniffer": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "anomaly": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "quarantine": {"required": False, "type": "str", + "choices": ["none", + "attacker"]}, + "quarantine_expiry": {"required": False, "type": "str"}, + "quarantine_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "threshold": {"required": False, "type": "int"}, + "threshold(default)": {"required": False, "type": "int"} + }}, + "application_list": {"required": False, "type": "str"}, + "application_list_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "av_profile": {"required": False, "type": "str"}, + "av_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_sensor": {"required": False, "type": "str"}, + "dlp_sensor_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dsri": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "host": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ips_dos_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ips_sensor": {"required": False, "type": "str"}, + "ips_sensor_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipv6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "logtraffic": {"required": False, "type": "str", + "choices": ["all", + "utm", + "disable"]}, + "max_packet_count": {"required": False, "type": "int"}, + "non_ip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "str"}, + "protocol": {"required": False, "type": "str"}, + "scan_botnet_connections": {"required": False, "type": "str", + "choices": ["disable", + "block", + "monitor"]}, + "spamfilter_profile": {"required": False, "type": "str"}, + "spamfilter_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vlan": {"required": False, "type": "str"}, + "webfilter_profile": {"required": False, "type": "str"}, + "webfilter_profile_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_host_key.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_host_key.py new file mode 100644 index 00000000..54ff7dda --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_host_key.py @@ -0,0 +1,375 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ssh_host_key +short_description: SSH proxy host public keys in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_ssh feature and host_key category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ssh_host_key: + description: + - SSH proxy host public keys. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + hostname: + description: + - Hostname of the SSH server. + type: str + ip: + description: + - IP address of the SSH server. + type: str + name: + description: + - SSH public key name. + required: true + type: str + nid: + description: + - Set the nid of the ECDSA key. + type: str + choices: + - 256 + - 384 + - 521 + port: + description: + - Port of the SSH server. + type: int + public_key: + description: + - SSH public key. + type: str + status: + description: + - Set the trust status of the public key. + type: str + choices: + - trusted + - revoked + type: + description: + - Set the type of the public key. + type: str + choices: + - RSA + - DSA + - ECDSA + - ED25519 + - RSA-CA + - DSA-CA + - ECDSA-CA + - ED25519-CA +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy host public keys. + fortios_firewall_ssh_host_key: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssh_host_key: + hostname: "myhostname" + ip: "" + name: "default_name_5" + nid: "256" + port: "7" + public_key: "" + status: "trusted" + type: "RSA" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ssh_host_key_data(json): + option_list = ['hostname', 'ip', 'name', + 'nid', 'port', 'public_key', + 'status', 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ssh_host_key(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ssh_host_key'] and data['firewall_ssh_host_key']['state']: + state = data['firewall_ssh_host_key']['state'] + else: + state = True + firewall_ssh_host_key_data = data['firewall_ssh_host_key'] + filtered_data = underscore_to_hyphen(filter_firewall_ssh_host_key_data(firewall_ssh_host_key_data)) + + if state == "present": + return fos.set('firewall.ssh', + 'host-key', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.ssh', + 'host-key', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_ssh(data, fos): + + if data['firewall_ssh_host_key']: + resp = firewall_ssh_host_key(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ssh_host_key')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ssh_host_key": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "hostname": {"required": False, "type": "str"}, + "ip": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "nid": {"required": False, "type": "str", + "choices": ["256", + "384", + "521"]}, + "port": {"required": False, "type": "int"}, + "public_key": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["trusted", + "revoked"]}, + "type": {"required": False, "type": "str", + "choices": ["RSA", + "DSA", + "ECDSA", + "ED25519", + "RSA-CA", + "DSA-CA", + "ECDSA-CA", + "ED25519-CA"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_ca.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_ca.py new file mode 100644 index 00000000..54e50551 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_ca.py @@ -0,0 +1,332 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ssh_local_ca +short_description: SSH proxy local CA in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_ssh feature and local_ca category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ssh_local_ca: + description: + - SSH proxy local CA. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + name: + description: + - SSH proxy local CA name. + required: true + type: str + password: + description: + - Password for SSH private key. + type: str + private_key: + description: + - SSH proxy private key, encrypted with a password. + type: str + public_key: + description: + - SSH proxy public key. + type: str + source: + description: + - SSH proxy local CA source type. + type: str + choices: + - built-in + - user +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy local CA. + fortios_firewall_ssh_local_ca: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssh_local_ca: + name: "default_name_3" + password: "" + private_key: "" + public_key: "" + source: "built-in" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ssh_local_ca_data(json): + option_list = ['name', 'password', 'private_key', + 'public_key', 'source'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ssh_local_ca(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ssh_local_ca'] and data['firewall_ssh_local_ca']['state']: + state = data['firewall_ssh_local_ca']['state'] + else: + state = True + firewall_ssh_local_ca_data = data['firewall_ssh_local_ca'] + filtered_data = underscore_to_hyphen(filter_firewall_ssh_local_ca_data(firewall_ssh_local_ca_data)) + + if state == "present": + return fos.set('firewall.ssh', + 'local-ca', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.ssh', + 'local-ca', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_ssh(data, fos): + + if data['firewall_ssh_local_ca']: + resp = firewall_ssh_local_ca(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ssh_local_ca')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ssh_local_ca": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str"}, + "private_key": {"required": False, "type": "str"}, + "public_key": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["built-in", + "user"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_key.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_key.py new file mode 100644 index 00000000..d3a6654b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_local_key.py @@ -0,0 +1,332 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ssh_local_key +short_description: SSH proxy local keys in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_ssh feature and local_key category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ssh_local_key: + description: + - SSH proxy local keys. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + name: + description: + - SSH proxy local key name. + required: true + type: str + password: + description: + - Password for SSH private key. + type: str + private_key: + description: + - SSH proxy private key, encrypted with a password. + type: str + public_key: + description: + - SSH proxy public key. + type: str + source: + description: + - SSH proxy local key source type. + type: str + choices: + - built-in + - user +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy local keys. + fortios_firewall_ssh_local_key: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssh_local_key: + name: "default_name_3" + password: "" + private_key: "" + public_key: "" + source: "built-in" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ssh_local_key_data(json): + option_list = ['name', 'password', 'private_key', + 'public_key', 'source'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ssh_local_key(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ssh_local_key'] and data['firewall_ssh_local_key']['state']: + state = data['firewall_ssh_local_key']['state'] + else: + state = True + firewall_ssh_local_key_data = data['firewall_ssh_local_key'] + filtered_data = underscore_to_hyphen(filter_firewall_ssh_local_key_data(firewall_ssh_local_key_data)) + + if state == "present": + return fos.set('firewall.ssh', + 'local-key', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.ssh', + 'local-key', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_ssh(data, fos): + + if data['firewall_ssh_local_key']: + resp = firewall_ssh_local_key(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ssh_local_key')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ssh_local_key": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str"}, + "private_key": {"required": False, "type": "str"}, + "public_key": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["built-in", + "user"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_setting.py new file mode 100644 index 00000000..568cad42 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssh_setting.py @@ -0,0 +1,313 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ssh_setting +short_description: SSH proxy settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_ssh feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + firewall_ssh_setting: + description: + - SSH proxy settings. + default: null + type: dict + suboptions: + caname: + description: + - CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. + type: str + host_trusted_checking: + description: + - Enable/disable host trusted checking. + type: str + choices: + - enable + - disable + hostkey_dsa1024: + description: + - DSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. + type: str + hostkey_ecdsa256: + description: + - ECDSA nid256 certificate used by SSH proxy. Source firewall.ssh.local-key.name. + type: str + hostkey_ecdsa384: + description: + - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. + type: str + hostkey_ecdsa521: + description: + - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. + type: str + hostkey_ed25519: + description: + - ED25519 hostkey used by SSH proxy. Source firewall.ssh.local-key.name. + type: str + hostkey_rsa2048: + description: + - RSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. + type: str + untrusted_caname: + description: + - Untrusted CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH proxy settings. + fortios_firewall_ssh_setting: + vdom: "{{ vdom }}" + firewall_ssh_setting: + caname: " (source firewall.ssh.local-ca.name)" + host_trusted_checking: "enable" + hostkey_dsa1024: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ecdsa256: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ecdsa384: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ecdsa521: "myhostname (source firewall.ssh.local-key.name)" + hostkey_ed25519: "myhostname (source firewall.ssh.local-key.name)" + hostkey_rsa2048: "myhostname (source firewall.ssh.local-key.name)" + untrusted_caname: " (source firewall.ssh.local-ca.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ssh_setting_data(json): + option_list = ['caname', 'host_trusted_checking', 'hostkey_dsa1024', + 'hostkey_ecdsa256', 'hostkey_ecdsa384', 'hostkey_ecdsa521', + 'hostkey_ed25519', 'hostkey_rsa2048', 'untrusted_caname'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ssh_setting(data, fos): + vdom = data['vdom'] + firewall_ssh_setting_data = data['firewall_ssh_setting'] + filtered_data = underscore_to_hyphen(filter_firewall_ssh_setting_data(firewall_ssh_setting_data)) + + return fos.set('firewall.ssh', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_ssh(data, fos): + + if data['firewall_ssh_setting']: + resp = firewall_ssh_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ssh_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "firewall_ssh_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "caname": {"required": False, "type": "str"}, + "host_trusted_checking": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "hostkey_dsa1024": {"required": False, "type": "str"}, + "hostkey_ecdsa256": {"required": False, "type": "str"}, + "hostkey_ecdsa384": {"required": False, "type": "str"}, + "hostkey_ecdsa521": {"required": False, "type": "str"}, + "hostkey_ed25519": {"required": False, "type": "str"}, + "hostkey_rsa2048": {"required": False, "type": "str"}, + "untrusted_caname": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_server.py new file mode 100644 index 00000000..ff35ba0c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_server.py @@ -0,0 +1,441 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ssl_server +short_description: Configure SSL servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ssl_server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ssl_server: + description: + - Configure SSL servers. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + add_header_x_forwarded_proto: + description: + - Enable/disable adding an X-Forwarded-Proto header to forwarded requests. + type: str + choices: + - enable + - disable + ip: + description: + - IPv4 address of the SSL server. + type: str + mapped_port: + description: + - Mapped server service port (1 - 65535). + type: int + name: + description: + - Server name. + required: true + type: str + port: + description: + - Server service port (1 - 65535). + type: int + ssl_algorithm: + description: + - Relative strength of encryption algorithms accepted in negotiation. + type: str + choices: + - high + - medium + - low + ssl_cert: + description: + - Name of certificate for SSL connections to this server . Source vpn.certificate.local.name. + type: str + ssl_client_renegotiation: + description: + - Allow or block client renegotiation by server. + type: str + choices: + - allow + - deny + - secure + ssl_dh_bits: + description: + - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . + type: str + choices: + - 768 + - 1024 + - 1536 + - 2048 + ssl_max_version: + description: + - Highest SSL/TLS version to negotiate. + type: str + choices: + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_min_version: + description: + - Lowest SSL/TLS version to negotiate. + type: str + choices: + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_mode: + description: + - SSL/TLS mode for encryption and decryption of traffic. + type: str + choices: + - half + - full + ssl_send_empty_frags: + description: + - Enable/disable sending empty fragments to avoid attack on CBC IV. + type: str + choices: + - enable + - disable + url_rewrite: + description: + - Enable/disable rewriting the URL. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL servers. + fortios_firewall_ssl_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssl_server: + add_header_x_forwarded_proto: "enable" + ip: "" + mapped_port: "5" + name: "default_name_6" + port: "7" + ssl_algorithm: "high" + ssl_cert: " (source vpn.certificate.local.name)" + ssl_client_renegotiation: "allow" + ssl_dh_bits: "768" + ssl_max_version: "tls-1.0" + ssl_min_version: "tls-1.0" + ssl_mode: "half" + ssl_send_empty_frags: "enable" + url_rewrite: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ssl_server_data(json): + option_list = ['add_header_x_forwarded_proto', 'ip', 'mapped_port', + 'name', 'port', 'ssl_algorithm', + 'ssl_cert', 'ssl_client_renegotiation', 'ssl_dh_bits', + 'ssl_max_version', 'ssl_min_version', 'ssl_mode', + 'ssl_send_empty_frags', 'url_rewrite'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ssl_server(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ssl_server'] and data['firewall_ssl_server']['state']: + state = data['firewall_ssl_server']['state'] + else: + state = True + firewall_ssl_server_data = data['firewall_ssl_server'] + filtered_data = underscore_to_hyphen(filter_firewall_ssl_server_data(firewall_ssl_server_data)) + + if state == "present": + return fos.set('firewall', + 'ssl-server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'ssl-server', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ssl_server']: + resp = firewall_ssl_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ssl_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ssl_server": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "add_header_x_forwarded_proto": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ip": {"required": False, "type": "str"}, + "mapped_port": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "ssl_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "ssl_cert": {"required": False, "type": "str"}, + "ssl_client_renegotiation": {"required": False, "type": "str", + "choices": ["allow", + "deny", + "secure"]}, + "ssl_dh_bits": {"required": False, "type": "str", + "choices": ["768", + "1024", + "1536", + "2048"]}, + "ssl_max_version": {"required": False, "type": "str", + "choices": ["tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_min_version": {"required": False, "type": "str", + "choices": ["tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_mode": {"required": False, "type": "str", + "choices": ["half", + "full"]}, + "ssl_send_empty_frags": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "url_rewrite": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_setting.py new file mode 100644 index 00000000..88df7429 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_setting.py @@ -0,0 +1,345 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ssl_setting +short_description: SSL proxy settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_ssl feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + firewall_ssl_setting: + description: + - SSL proxy settings. + default: null + type: dict + suboptions: + abbreviate_handshake: + description: + - Enable/disable use of SSL abbreviated handshake. + type: str + choices: + - enable + - disable + cert_cache_capacity: + description: + - Maximum capacity of the host certificate cache (0 - 500). + type: int + cert_cache_timeout: + description: + - Time limit to keep certificate cache (1 - 120 min). + type: int + kxp_queue_threshold: + description: + - Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). + type: int + no_matching_cipher_action: + description: + - Bypass or drop the connection when no matching cipher is found. + type: str + choices: + - bypass + - drop + proxy_connect_timeout: + description: + - Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec). + type: int + session_cache_capacity: + description: + - Capacity of the SSL session cache (--Obsolete--) (1 - 1000). + type: int + session_cache_timeout: + description: + - Time limit to keep SSL session state (1 - 60 min). + type: int + ssl_dh_bits: + description: + - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . + type: str + choices: + - 768 + - 1024 + - 1536 + - 2048 + ssl_queue_threshold: + description: + - Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). + type: int + ssl_send_empty_frags: + description: + - Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSL proxy settings. + fortios_firewall_ssl_setting: + vdom: "{{ vdom }}" + firewall_ssl_setting: + abbreviate_handshake: "enable" + cert_cache_capacity: "4" + cert_cache_timeout: "5" + kxp_queue_threshold: "6" + no_matching_cipher_action: "bypass" + proxy_connect_timeout: "8" + session_cache_capacity: "9" + session_cache_timeout: "10" + ssl_dh_bits: "768" + ssl_queue_threshold: "12" + ssl_send_empty_frags: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ssl_setting_data(json): + option_list = ['abbreviate_handshake', 'cert_cache_capacity', 'cert_cache_timeout', + 'kxp_queue_threshold', 'no_matching_cipher_action', 'proxy_connect_timeout', + 'session_cache_capacity', 'session_cache_timeout', 'ssl_dh_bits', + 'ssl_queue_threshold', 'ssl_send_empty_frags'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ssl_setting(data, fos): + vdom = data['vdom'] + firewall_ssl_setting_data = data['firewall_ssl_setting'] + filtered_data = underscore_to_hyphen(filter_firewall_ssl_setting_data(firewall_ssl_setting_data)) + + return fos.set('firewall.ssl', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_ssl(data, fos): + + if data['firewall_ssl_setting']: + resp = firewall_ssl_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ssl_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "firewall_ssl_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "abbreviate_handshake": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cert_cache_capacity": {"required": False, "type": "int"}, + "cert_cache_timeout": {"required": False, "type": "int"}, + "kxp_queue_threshold": {"required": False, "type": "int"}, + "no_matching_cipher_action": {"required": False, "type": "str", + "choices": ["bypass", + "drop"]}, + "proxy_connect_timeout": {"required": False, "type": "int"}, + "session_cache_capacity": {"required": False, "type": "int"}, + "session_cache_timeout": {"required": False, "type": "int"}, + "ssl_dh_bits": {"required": False, "type": "str", + "choices": ["768", + "1024", + "1536", + "2048"]}, + "ssl_queue_threshold": {"required": False, "type": "int"}, + "ssl_send_empty_frags": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_ssl(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_ssh_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_ssh_profile.py new file mode 100644 index 00000000..f3b73ec7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ssl_ssh_profile.py @@ -0,0 +1,1109 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ssl_ssh_profile +short_description: Configure SSL/SSH protocol options in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ssl_ssh_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ssl_ssh_profile: + description: + - Configure SSL/SSH protocol options. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + caname: + description: + - CA certificate used by SSL Inspection. Source vpn.certificate.local.name. + type: str + comment: + description: + - Optional comments. + type: str + ftps: + description: + - Configure FTPS options. + type: dict + suboptions: + allow_invalid_server_cert: + description: + - When enabled, allows SSL sessions whose server certificate validation failed. + type: str + choices: + - enable + - disable + client_cert_request: + description: + - Action based on client certificate request failure. + type: str + choices: + - bypass + - inspect + - block + ports: + description: + - Ports to use for scanning (1 - 65535). + type: int + status: + description: + - Configure protocol inspection status. + type: str + choices: + - disable + - deep-inspection + unsupported_ssl: + description: + - Action based on the SSL encryption used being unsupported. + type: str + choices: + - bypass + - inspect + - block + untrusted_cert: + description: + - Allow, ignore, or block the untrusted SSL session server certificate. + type: str + choices: + - allow + - block + - ignore + https: + description: + - Configure HTTPS options. + type: dict + suboptions: + allow_invalid_server_cert: + description: + - When enabled, allows SSL sessions whose server certificate validation failed. + type: str + choices: + - enable + - disable + client_cert_request: + description: + - Action based on client certificate request failure. + type: str + choices: + - bypass + - inspect + - block + ports: + description: + - Ports to use for scanning (1 - 65535). + type: int + status: + description: + - Configure protocol inspection status. + type: str + choices: + - disable + - certificate-inspection + - deep-inspection + unsupported_ssl: + description: + - Action based on the SSL encryption used being unsupported. + type: str + choices: + - bypass + - inspect + - block + untrusted_cert: + description: + - Allow, ignore, or block the untrusted SSL session server certificate. + type: str + choices: + - allow + - block + - ignore + imaps: + description: + - Configure IMAPS options. + type: dict + suboptions: + allow_invalid_server_cert: + description: + - When enabled, allows SSL sessions whose server certificate validation failed. + type: str + choices: + - enable + - disable + client_cert_request: + description: + - Action based on client certificate request failure. + type: str + choices: + - bypass + - inspect + - block + ports: + description: + - Ports to use for scanning (1 - 65535). + type: int + status: + description: + - Configure protocol inspection status. + type: str + choices: + - disable + - deep-inspection + unsupported_ssl: + description: + - Action based on the SSL encryption used being unsupported. + type: str + choices: + - bypass + - inspect + - block + untrusted_cert: + description: + - Allow, ignore, or block the untrusted SSL session server certificate. + type: str + choices: + - allow + - block + - ignore + mapi_over_https: + description: + - Enable/disable inspection of MAPI over HTTPS. + type: str + choices: + - enable + - disable + name: + description: + - Name. + required: true + type: str + pop3s: + description: + - Configure POP3S options. + type: dict + suboptions: + allow_invalid_server_cert: + description: + - When enabled, allows SSL sessions whose server certificate validation failed. + type: str + choices: + - enable + - disable + client_cert_request: + description: + - Action based on client certificate request failure. + type: str + choices: + - bypass + - inspect + - block + ports: + description: + - Ports to use for scanning (1 - 65535). + type: int + status: + description: + - Configure protocol inspection status. + type: str + choices: + - disable + - deep-inspection + unsupported_ssl: + description: + - Action based on the SSL encryption used being unsupported. + type: str + choices: + - bypass + - inspect + - block + untrusted_cert: + description: + - Allow, ignore, or block the untrusted SSL session server certificate. + type: str + choices: + - allow + - block + - ignore + rpc_over_https: + description: + - Enable/disable inspection of RPC over HTTPS. + type: str + choices: + - enable + - disable + server_cert: + description: + - Certificate used by SSL Inspection to replace server certificate. Source vpn.certificate.local.name. + type: str + server_cert_mode: + description: + - Re-sign or replace the server"s certificate. + type: str + choices: + - re-sign + - replace + smtps: + description: + - Configure SMTPS options. + type: dict + suboptions: + allow_invalid_server_cert: + description: + - When enabled, allows SSL sessions whose server certificate validation failed. + type: str + choices: + - enable + - disable + client_cert_request: + description: + - Action based on client certificate request failure. + type: str + choices: + - bypass + - inspect + - block + ports: + description: + - Ports to use for scanning (1 - 65535). + type: int + status: + description: + - Configure protocol inspection status. + type: str + choices: + - disable + - deep-inspection + unsupported_ssl: + description: + - Action based on the SSL encryption used being unsupported. + type: str + choices: + - bypass + - inspect + - block + untrusted_cert: + description: + - Allow, ignore, or block the untrusted SSL session server certificate. + type: str + choices: + - allow + - block + - ignore + ssh: + description: + - Configure SSH options. + type: dict + suboptions: + inspect_all: + description: + - Level of SSL inspection. + type: str + choices: + - disable + - deep-inspection + ports: + description: + - Ports to use for scanning (1 - 65535). + type: int + ssh_algorithm: + description: + - Relative strength of encryption algorithms accepted during negotiation. + type: str + choices: + - compatible + - high-encryption + ssh_policy_check: + description: + - Enable/disable SSH policy check. + type: str + choices: + - disable + - enable + ssh_tun_policy_check: + description: + - Enable/disable SSH tunnel policy check. + type: str + choices: + - disable + - enable + status: + description: + - Configure protocol inspection status. + type: str + choices: + - disable + - deep-inspection + unsupported_version: + description: + - Action based on SSH version being unsupported. + type: str + choices: + - bypass + - block + ssl: + description: + - Configure SSL options. + type: dict + suboptions: + allow_invalid_server_cert: + description: + - When enabled, allows SSL sessions whose server certificate validation failed. + type: str + choices: + - enable + - disable + client_cert_request: + description: + - Action based on client certificate request failure. + type: str + choices: + - bypass + - inspect + - block + inspect_all: + description: + - Level of SSL inspection. + type: str + choices: + - disable + - certificate-inspection + - deep-inspection + unsupported_ssl: + description: + - Action based on the SSL encryption used being unsupported. + type: str + choices: + - bypass + - inspect + - block + untrusted_cert: + description: + - Allow, ignore, or block the untrusted SSL session server certificate. + type: str + choices: + - allow + - block + - ignore + ssl_anomalies_log: + description: + - Enable/disable logging SSL anomalies. + type: str + choices: + - disable + - enable + ssl_exempt: + description: + - Servers to exempt from SSL inspection. + type: list + suboptions: + address: + description: + - IPv4 address object. Source firewall.address.name firewall.addrgrp.name. + type: str + address6: + description: + - IPv6 address object. Source firewall.address6.name firewall.addrgrp6.name. + type: str + fortiguard_category: + description: + - FortiGuard category ID. + type: int + id: + description: + - ID number. + required: true + type: int + regex: + description: + - Exempt servers by regular expression. + type: str + type: + description: + - Type of address object (IPv4 or IPv6) or FortiGuard category. + type: str + choices: + - fortiguard-category + - address + - address6 + - wildcard-fqdn + - regex + wildcard_fqdn: + description: + - Exempt servers by wildcard FQDN. Source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name. + type: str + ssl_exemptions_log: + description: + - Enable/disable logging SSL exemptions. + type: str + choices: + - disable + - enable + ssl_server: + description: + - SSL servers. + type: list + suboptions: + ftps_client_cert_request: + description: + - Action based on client certificate request failure during the FTPS handshake. + type: str + choices: + - bypass + - inspect + - block + https_client_cert_request: + description: + - Action based on client certificate request failure during the HTTPS handshake. + type: str + choices: + - bypass + - inspect + - block + id: + description: + - SSL server ID. + required: true + type: int + imaps_client_cert_request: + description: + - Action based on client certificate request failure during the IMAPS handshake. + type: str + choices: + - bypass + - inspect + - block + ip: + description: + - IPv4 address of the SSL server. + type: str + pop3s_client_cert_request: + description: + - Action based on client certificate request failure during the POP3S handshake. + type: str + choices: + - bypass + - inspect + - block + smtps_client_cert_request: + description: + - Action based on client certificate request failure during the SMTPS handshake. + type: str + choices: + - bypass + - inspect + - block + ssl_other_client_cert_request: + description: + - Action based on client certificate request failure during an SSL protocol handshake. + type: str + choices: + - bypass + - inspect + - block + untrusted_caname: + description: + - Untrusted CA certificate used by SSL Inspection. Source vpn.certificate.local.name. + type: str + use_ssl_server: + description: + - Enable/disable the use of SSL server table for SSL offloading. + type: str + choices: + - disable + - enable + whitelist: + description: + - Enable/disable exempting servers by FortiGuard whitelist. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL/SSH protocol options. + fortios_firewall_ssl_ssh_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ssl_ssh_profile: + caname: " (source vpn.certificate.local.name)" + comment: "Optional comments." + ftps: + allow_invalid_server_cert: "enable" + client_cert_request: "bypass" + ports: "8" + status: "disable" + unsupported_ssl: "bypass" + untrusted_cert: "allow" + https: + allow_invalid_server_cert: "enable" + client_cert_request: "bypass" + ports: "15" + status: "disable" + unsupported_ssl: "bypass" + untrusted_cert: "allow" + imaps: + allow_invalid_server_cert: "enable" + client_cert_request: "bypass" + ports: "22" + status: "disable" + unsupported_ssl: "bypass" + untrusted_cert: "allow" + mapi_over_https: "enable" + name: "default_name_27" + pop3s: + allow_invalid_server_cert: "enable" + client_cert_request: "bypass" + ports: "31" + status: "disable" + unsupported_ssl: "bypass" + untrusted_cert: "allow" + rpc_over_https: "enable" + server_cert: " (source vpn.certificate.local.name)" + server_cert_mode: "re-sign" + smtps: + allow_invalid_server_cert: "enable" + client_cert_request: "bypass" + ports: "41" + status: "disable" + unsupported_ssl: "bypass" + untrusted_cert: "allow" + ssh: + inspect_all: "disable" + ports: "47" + ssh_algorithm: "compatible" + ssh_policy_check: "disable" + ssh_tun_policy_check: "disable" + status: "disable" + unsupported_version: "bypass" + ssl: + allow_invalid_server_cert: "enable" + client_cert_request: "bypass" + inspect_all: "disable" + unsupported_ssl: "bypass" + untrusted_cert: "allow" + ssl_anomalies_log: "disable" + ssl_exempt: + - + address: " (source firewall.address.name firewall.addrgrp.name)" + address6: " (source firewall.address6.name firewall.addrgrp6.name)" + fortiguard_category: "63" + id: "64" + regex: "" + type: "fortiguard-category" + wildcard_fqdn: " (source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name)" + ssl_exemptions_log: "disable" + ssl_server: + - + ftps_client_cert_request: "bypass" + https_client_cert_request: "bypass" + id: "72" + imaps_client_cert_request: "bypass" + ip: "" + pop3s_client_cert_request: "bypass" + smtps_client_cert_request: "bypass" + ssl_other_client_cert_request: "bypass" + untrusted_caname: " (source vpn.certificate.local.name)" + use_ssl_server: "disable" + whitelist: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ssl_ssh_profile_data(json): + option_list = ['caname', 'comment', 'ftps', + 'https', 'imaps', 'mapi_over_https', + 'name', 'pop3s', 'rpc_over_https', + 'server_cert', 'server_cert_mode', 'smtps', + 'ssh', 'ssl', 'ssl_anomalies_log', + 'ssl_exempt', 'ssl_exemptions_log', 'ssl_server', + 'untrusted_caname', 'use_ssl_server', 'whitelist'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ssl_ssh_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ssl_ssh_profile'] and data['firewall_ssl_ssh_profile']['state']: + state = data['firewall_ssl_ssh_profile']['state'] + else: + state = True + firewall_ssl_ssh_profile_data = data['firewall_ssl_ssh_profile'] + filtered_data = underscore_to_hyphen(filter_firewall_ssl_ssh_profile_data(firewall_ssl_ssh_profile_data)) + + if state == "present": + return fos.set('firewall', + 'ssl-ssh-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'ssl-ssh-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ssl_ssh_profile']: + resp = firewall_ssl_ssh_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ssl_ssh_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ssl_ssh_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "caname": {"required": False, "type": "str"}, + "comment": {"required": False, "type": "str"}, + "ftps": {"required": False, "type": "dict", + "options": { + "allow_invalid_server_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "ports": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "deep-inspection"]}, + "unsupported_ssl": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "untrusted_cert": {"required": False, "type": "str", + "choices": ["allow", + "block", + "ignore"]} + }}, + "https": {"required": False, "type": "dict", + "options": { + "allow_invalid_server_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "ports": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "certificate-inspection", + "deep-inspection"]}, + "unsupported_ssl": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "untrusted_cert": {"required": False, "type": "str", + "choices": ["allow", + "block", + "ignore"]} + }}, + "imaps": {"required": False, "type": "dict", + "options": { + "allow_invalid_server_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "ports": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "deep-inspection"]}, + "unsupported_ssl": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "untrusted_cert": {"required": False, "type": "str", + "choices": ["allow", + "block", + "ignore"]} + }}, + "mapi_over_https": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "pop3s": {"required": False, "type": "dict", + "options": { + "allow_invalid_server_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "ports": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "deep-inspection"]}, + "unsupported_ssl": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "untrusted_cert": {"required": False, "type": "str", + "choices": ["allow", + "block", + "ignore"]} + }}, + "rpc_over_https": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server_cert": {"required": False, "type": "str"}, + "server_cert_mode": {"required": False, "type": "str", + "choices": ["re-sign", + "replace"]}, + "smtps": {"required": False, "type": "dict", + "options": { + "allow_invalid_server_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "ports": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "deep-inspection"]}, + "unsupported_ssl": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "untrusted_cert": {"required": False, "type": "str", + "choices": ["allow", + "block", + "ignore"]} + }}, + "ssh": {"required": False, "type": "dict", + "options": { + "inspect_all": {"required": False, "type": "str", + "choices": ["disable", + "deep-inspection"]}, + "ports": {"required": False, "type": "int"}, + "ssh_algorithm": {"required": False, "type": "str", + "choices": ["compatible", + "high-encryption"]}, + "ssh_policy_check": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssh_tun_policy_check": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "deep-inspection"]}, + "unsupported_version": {"required": False, "type": "str", + "choices": ["bypass", + "block"]} + }}, + "ssl": {"required": False, "type": "dict", + "options": { + "allow_invalid_server_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "inspect_all": {"required": False, "type": "str", + "choices": ["disable", + "certificate-inspection", + "deep-inspection"]}, + "unsupported_ssl": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "untrusted_cert": {"required": False, "type": "str", + "choices": ["allow", + "block", + "ignore"]} + }}, + "ssl_anomalies_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_exempt": {"required": False, "type": "list", + "options": { + "address": {"required": False, "type": "str"}, + "address6": {"required": False, "type": "str"}, + "fortiguard_category": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "regex": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["fortiguard-category", + "address", + "address6", + "wildcard-fqdn", + "regex"]}, + "wildcard_fqdn": {"required": False, "type": "str"} + }}, + "ssl_exemptions_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_server": {"required": False, "type": "list", + "options": { + "ftps_client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "https_client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "id": {"required": True, "type": "int"}, + "imaps_client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "ip": {"required": False, "type": "str"}, + "pop3s_client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "smtps_client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]}, + "ssl_other_client_cert_request": {"required": False, "type": "str", + "choices": ["bypass", + "inspect", + "block"]} + }}, + "untrusted_caname": {"required": False, "type": "str"}, + "use_ssl_server": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "whitelist": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ttl_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ttl_policy.py new file mode 100644 index 00000000..6843166e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_ttl_policy.py @@ -0,0 +1,379 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_ttl_policy +short_description: Configure TTL policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and ttl_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_ttl_policy: + description: + - Configure TTL policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Action to be performed on traffic matching this policy . + type: str + choices: + - accept + - deny + id: + description: + - ID. + required: true + type: int + schedule: + description: + - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group + .name. + type: str + service: + description: + - Service object(s) from available options. Separate multiple names with a space. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source address object(s) from available options. Separate multiple names with a space. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + srcintf: + description: + - Source interface name from available interfaces. Source system.zone.name system.interface.name. + type: str + status: + description: + - Enable/disable this TTL policy. + type: str + choices: + - enable + - disable + ttl: + description: + - 'Value/range to match against the packet"s Time to Live value (format: ttl[ - ttl_high], 1 - 255).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure TTL policies. + fortios_firewall_ttl_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_ttl_policy: + action: "accept" + id: "4" + schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" + service: + - + name: "default_name_7 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + srcintf: " (source system.zone.name system.interface.name)" + status: "enable" + ttl: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_ttl_policy_data(json): + option_list = ['action', 'id', 'schedule', + 'service', 'srcaddr', 'srcintf', + 'status', 'ttl'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_ttl_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_ttl_policy'] and data['firewall_ttl_policy']['state']: + state = data['firewall_ttl_policy']['state'] + else: + state = True + firewall_ttl_policy_data = data['firewall_ttl_policy'] + filtered_data = underscore_to_hyphen(filter_firewall_ttl_policy_data(firewall_ttl_policy_data)) + + if state == "present": + return fos.set('firewall', + 'ttl-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'ttl-policy', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_ttl_policy']: + resp = firewall_ttl_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_ttl_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_ttl_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "id": {"required": True, "type": "int"}, + "schedule": {"required": False, "type": "str"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcintf": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ttl": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip.py new file mode 100644 index 00000000..ebbf6d5d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip.py @@ -0,0 +1,1527 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vip +short_description: Configure virtual IP for IPv4 in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vip category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vip: + description: + - Configure virtual IP for IPv4. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + arp_reply: + description: + - Enable to respond to ARP requests for this virtual IP address. Enabled by default. + type: str + choices: + - disable + - enable + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + dns_mapping_ttl: + description: + - DNS mapping TTL (Set to zero to use TTL in DNS response). + type: int + extaddr: + description: + - External FQDN address name. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + extintf: + description: + - Interface connected to the source network that receives the packets that will be forwarded to the destination network. Source system + .interface.name. + type: str + extip: + description: + - IP address or address range on the external interface that you want to map to an address or address range on the destination network. + type: str + extport: + description: + - Incoming port number range that you want to map to a port number range on the destination network. + type: str + gratuitous_arp_interval: + description: + - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable. + type: int + http_cookie_age: + description: + - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit. + type: int + http_cookie_domain: + description: + - Domain that HTTP cookie persistence should apply to. + type: str + http_cookie_domain_from_host: + description: + - Enable/disable use of HTTP cookie domain from host field in HTTP. + type: str + choices: + - disable + - enable + http_cookie_generation: + description: + - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. + type: int + http_cookie_path: + description: + - Limit HTTP cookie persistence to the specified path. + type: str + http_cookie_share: + description: + - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops + cookie sharing. + type: str + choices: + - disable + - same-ip + http_ip_header: + description: + - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. + type: str + choices: + - enable + - disable + http_ip_header_name: + description: + - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, + X-Forwarded-For is used. + type: str + http_multiplex: + description: + - Enable/disable HTTP multiplexing. + type: str + choices: + - enable + - disable + https_cookie_secure: + description: + - Enable/disable verification that inserted HTTPS cookies are secure. + type: str + choices: + - disable + - enable + id: + description: + - Custom defined ID. + type: int + ldb_method: + description: + - Method used to distribute sessions to real servers. + type: str + choices: + - static + - round-robin + - weighted + - least-session + - least-rtt + - first-alive + - http-host + mapped_addr: + description: + - Mapped FQDN address name. Source firewall.address.name. + type: str + mappedip: + description: + - IP address or address range on the destination network to which the external IP address is mapped. + type: list + suboptions: + range: + description: + - Mapped IP range. + required: true + type: str + mappedport: + description: + - Port number range on the destination network to which the external port number range is mapped. + type: str + max_embryonic_connections: + description: + - Maximum number of incomplete connections. + type: int + monitor: + description: + - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. + type: list + suboptions: + name: + description: + - Health monitor name. Source firewall.ldb-monitor.name. + required: true + type: str + name: + description: + - Virtual IP name. + required: true + type: str + nat_source_vip: + description: + - Enable to prevent unintended servers from using a virtual IP. Disable to use the actual IP address of the server as the source address. + type: str + choices: + - disable + - enable + outlook_web_access: + description: + - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. + type: str + choices: + - disable + - enable + persistence: + description: + - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. + type: str + choices: + - none + - http-cookie + - ssl-session-id + portforward: + description: + - Enable/disable port forwarding. + type: str + choices: + - disable + - enable + portmapping_type: + description: + - Port mapping type. + type: str + choices: + - 1-to-1 + - m-to-n + protocol: + description: + - Protocol to use when forwarding packets. + type: str + choices: + - tcp + - udp + - sctp + - icmp + realservers: + description: + - Select the real servers that this server load balancing VIP will distribute traffic to. + type: list + suboptions: + client_ip: + description: + - Only clients in this IP range can connect to this real server. + type: str + healthcheck: + description: + - Enable to check the responsiveness of the real server before forwarding traffic. + type: str + choices: + - disable + - enable + - vip + holddown_interval: + description: + - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. + type: int + http_host: + description: + - HTTP server domain name in HTTP header. + type: str + id: + description: + - Real server ID. + required: true + type: int + ip: + description: + - IP address of the real server. + type: str + max_connections: + description: + - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers. + type: int + monitor: + description: + - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall + .ldb-monitor.name. + type: str + port: + description: + - Port for communicating with the real server. Required if port forwarding is enabled. + type: int + status: + description: + - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. + type: str + choices: + - active + - standby + - disable + weight: + description: + - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. + type: int + server_type: + description: + - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). + type: str + choices: + - http + - https + - imaps + - pop3s + - smtps + - ssl + - tcp + - udp + - ip + service: + description: + - Service name. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + src_filter: + description: + - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. + type: list + suboptions: + range: + description: + - Source-filter range. + required: true + type: str + srcintf_filter: + description: + - Interfaces to which the VIP applies. Separate the names with spaces. + type: list + suboptions: + interface_name: + description: + - Interface name. Source system.interface.name. + type: str + ssl_algorithm: + description: + - Permitted encryption algorithms for SSL sessions according to encryption strength. + type: str + choices: + - high + - medium + - low + - custom + ssl_certificate: + description: + - The name of the SSL certificate to use for SSL acceleration. Source vpn.certificate.local.name. + type: str + ssl_cipher_suites: + description: + - SSL/TLS cipher suites acceptable from a client, ordered by priority. + type: list + suboptions: + cipher: + description: + - Cipher suite name. + type: str + choices: + - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-AES-128-CBC-SHA + - TLS-RSA-WITH-AES-256-CBC-SHA + - TLS-RSA-WITH-AES-128-CBC-SHA256 + - TLS-RSA-WITH-AES-128-GCM-SHA256 + - TLS-RSA-WITH-AES-256-CBC-SHA256 + - TLS-RSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-SEED-CBC-SHA + - TLS-DHE-DSS-WITH-SEED-CBC-SHA + - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 + - TLS-RSA-WITH-SEED-CBC-SHA + - TLS-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-RC4-128-SHA + - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-RC4-128-MD5 + - TLS-RSA-WITH-RC4-128-SHA + - TLS-DHE-RSA-WITH-DES-CBC-SHA + - TLS-DHE-DSS-WITH-DES-CBC-SHA + - TLS-RSA-WITH-DES-CBC-SHA + priority: + description: + - SSL/TLS cipher suites priority. + required: true + type: int + versions: + description: + - SSL/TLS versions that the cipher suite can be used with. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_client_fallback: + description: + - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). + type: str + choices: + - disable + - enable + ssl_client_renegotiation: + description: + - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. + type: str + choices: + - allow + - deny + - secure + ssl_client_session_state_max: + description: + - Maximum number of client to FortiGate SSL session states to keep. + type: int + ssl_client_session_state_timeout: + description: + - Number of minutes to keep client to FortiGate SSL session state. + type: int + ssl_client_session_state_type: + description: + - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. + type: str + choices: + - disable + - time + - count + - both + ssl_dh_bits: + description: + - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. + type: str + choices: + - 768 + - 1024 + - 1536 + - 2048 + - 3072 + - 4096 + ssl_hpkp: + description: + - Enable/disable including HPKP header in response. + type: str + choices: + - disable + - enable + - report-only + ssl_hpkp_age: + description: + - Number of seconds the client should honour the HPKP setting. + type: int + ssl_hpkp_backup: + description: + - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. + type: str + ssl_hpkp_include_subdomains: + description: + - Indicate that HPKP header applies to all subdomains. + type: str + choices: + - disable + - enable + ssl_hpkp_primary: + description: + - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. + type: str + ssl_hpkp_report_uri: + description: + - URL to report HPKP violations to. + type: str + ssl_hsts: + description: + - Enable/disable including HSTS header in response. + type: str + choices: + - disable + - enable + ssl_hsts_age: + description: + - Number of seconds the client should honour the HSTS setting. + type: int + ssl_hsts_include_subdomains: + description: + - Indicate that HSTS header applies to all subdomains. + type: str + choices: + - disable + - enable + ssl_http_location_conversion: + description: + - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. + type: str + choices: + - enable + - disable + ssl_http_match_host: + description: + - Enable/disable HTTP host matching for location conversion. + type: str + choices: + - enable + - disable + ssl_max_version: + description: + - Highest SSL/TLS version acceptable from a client. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_min_version: + description: + - Lowest SSL/TLS version acceptable from a client. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_mode: + description: + - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the + server (full). + type: str + choices: + - half + - full + ssl_pfs: + description: + - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. + type: str + choices: + - require + - deny + - allow + ssl_send_empty_frags: + description: + - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with + older systems. + type: str + choices: + - enable + - disable + ssl_server_algorithm: + description: + - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. + type: str + choices: + - high + - medium + - low + - custom + - client + ssl_server_cipher_suites: + description: + - SSL/TLS cipher suites to offer to a server, ordered by priority. + type: list + suboptions: + cipher: + description: + - Cipher suite name. + type: str + choices: + - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-AES-128-CBC-SHA + - TLS-RSA-WITH-AES-256-CBC-SHA + - TLS-RSA-WITH-AES-128-CBC-SHA256 + - TLS-RSA-WITH-AES-128-GCM-SHA256 + - TLS-RSA-WITH-AES-256-CBC-SHA256 + - TLS-RSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-SEED-CBC-SHA + - TLS-DHE-DSS-WITH-SEED-CBC-SHA + - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 + - TLS-RSA-WITH-SEED-CBC-SHA + - TLS-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-RC4-128-SHA + - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-RC4-128-MD5 + - TLS-RSA-WITH-RC4-128-SHA + - TLS-DHE-RSA-WITH-DES-CBC-SHA + - TLS-DHE-DSS-WITH-DES-CBC-SHA + - TLS-RSA-WITH-DES-CBC-SHA + priority: + description: + - SSL/TLS cipher suites priority. + required: true + type: int + versions: + description: + - SSL/TLS versions that the cipher suite can be used with. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_server_max_version: + description: + - Highest SSL/TLS version acceptable from a server. Use the client setting by default. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + - client + ssl_server_min_version: + description: + - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + - client + ssl_server_session_state_max: + description: + - Maximum number of FortiGate to Server SSL session states to keep. + type: int + ssl_server_session_state_timeout: + description: + - Number of minutes to keep FortiGate to Server SSL session state. + type: int + ssl_server_session_state_type: + description: + - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. + type: str + choices: + - disable + - time + - count + - both + type: + description: + - Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. + type: str + choices: + - static-nat + - load-balance + - server-load-balance + - dns-translation + - fqdn + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + weblogic_server: + description: + - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. + type: str + choices: + - disable + - enable + websphere_server: + description: + - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual IP for IPv4. + fortios_firewall_vip: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip: + arp_reply: "disable" + color: "4" + comment: "Comment." + dns_mapping_ttl: "6" + extaddr: + - + name: "default_name_8 (source firewall.address.name firewall.addrgrp.name)" + extintf: " (source system.interface.name)" + extip: "" + extport: "" + gratuitous_arp_interval: "12" + http_cookie_age: "13" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "16" + http_cookie_path: "" + http_cookie_share: "disable" + http_ip_header: "enable" + http_ip_header_name: "" + http_multiplex: "enable" + https_cookie_secure: "disable" + id: "23" + ldb_method: "static" + mapped_addr: " (source firewall.address.name)" + mappedip: + - + range: "" + mappedport: "" + max_embryonic_connections: "29" + monitor: + - + name: "default_name_31 (source firewall.ldb-monitor.name)" + name: "default_name_32" + nat_source_vip: "disable" + outlook_web_access: "disable" + persistence: "none" + portforward: "disable" + portmapping_type: "1-to-1" + protocol: "tcp" + realservers: + - + client_ip: "" + healthcheck: "disable" + holddown_interval: "42" + http_host: "myhostname" + id: "44" + ip: "" + max_connections: "46" + monitor: " (source firewall.ldb-monitor.name)" + port: "48" + status: "active" + weight: "50" + server_type: "http" + service: + - + name: "default_name_53 (source firewall.service.custom.name firewall.service.group.name)" + src_filter: + - + range: "" + srcintf_filter: + - + interface_name: " (source system.interface.name)" + ssl_algorithm: "high" + ssl_certificate: " (source vpn.certificate.local.name)" + ssl_cipher_suites: + - + cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" + priority: "62" + versions: "ssl-3.0" + ssl_client_fallback: "disable" + ssl_client_renegotiation: "allow" + ssl_client_session_state_max: "66" + ssl_client_session_state_timeout: "67" + ssl_client_session_state_type: "disable" + ssl_dh_bits: "768" + ssl_hpkp: "disable" + ssl_hpkp_age: "71" + ssl_hpkp_backup: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_include_subdomains: "disable" + ssl_hpkp_primary: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_report_uri: "" + ssl_hsts: "disable" + ssl_hsts_age: "77" + ssl_hsts_include_subdomains: "disable" + ssl_http_location_conversion: "enable" + ssl_http_match_host: "enable" + ssl_max_version: "ssl-3.0" + ssl_min_version: "ssl-3.0" + ssl_mode: "half" + ssl_pfs: "require" + ssl_send_empty_frags: "enable" + ssl_server_algorithm: "high" + ssl_server_cipher_suites: + - + cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" + priority: "89" + versions: "ssl-3.0" + ssl_server_max_version: "ssl-3.0" + ssl_server_min_version: "ssl-3.0" + ssl_server_session_state_max: "93" + ssl_server_session_state_timeout: "94" + ssl_server_session_state_type: "disable" + type: "static-nat" + uuid: "" + weblogic_server: "disable" + websphere_server: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vip_data(json): + option_list = ['arp_reply', 'color', 'comment', + 'dns_mapping_ttl', 'extaddr', 'extintf', + 'extip', 'extport', 'gratuitous_arp_interval', + 'http_cookie_age', 'http_cookie_domain', 'http_cookie_domain_from_host', + 'http_cookie_generation', 'http_cookie_path', 'http_cookie_share', + 'http_ip_header', 'http_ip_header_name', 'http_multiplex', + 'https_cookie_secure', 'id', 'ldb_method', + 'mapped_addr', 'mappedip', 'mappedport', + 'max_embryonic_connections', 'monitor', 'name', + 'nat_source_vip', 'outlook_web_access', 'persistence', + 'portforward', 'portmapping_type', 'protocol', + 'realservers', 'server_type', 'service', + 'src_filter', 'srcintf_filter', 'ssl_algorithm', + 'ssl_certificate', 'ssl_cipher_suites', 'ssl_client_fallback', + 'ssl_client_renegotiation', 'ssl_client_session_state_max', 'ssl_client_session_state_timeout', + 'ssl_client_session_state_type', 'ssl_dh_bits', 'ssl_hpkp', + 'ssl_hpkp_age', 'ssl_hpkp_backup', 'ssl_hpkp_include_subdomains', + 'ssl_hpkp_primary', 'ssl_hpkp_report_uri', 'ssl_hsts', + 'ssl_hsts_age', 'ssl_hsts_include_subdomains', 'ssl_http_location_conversion', + 'ssl_http_match_host', 'ssl_max_version', 'ssl_min_version', + 'ssl_mode', 'ssl_pfs', 'ssl_send_empty_frags', + 'ssl_server_algorithm', 'ssl_server_cipher_suites', 'ssl_server_max_version', + 'ssl_server_min_version', 'ssl_server_session_state_max', 'ssl_server_session_state_timeout', + 'ssl_server_session_state_type', 'type', 'uuid', + 'weblogic_server', 'websphere_server'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vip(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vip'] and data['firewall_vip']['state']: + state = data['firewall_vip']['state'] + else: + state = True + firewall_vip_data = data['firewall_vip'] + filtered_data = underscore_to_hyphen(filter_firewall_vip_data(firewall_vip_data)) + + if state == "present": + return fos.set('firewall', + 'vip', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vip', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vip']: + resp = firewall_vip(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vip')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vip": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "arp_reply": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "dns_mapping_ttl": {"required": False, "type": "int"}, + "extaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "extintf": {"required": False, "type": "str"}, + "extip": {"required": False, "type": "str"}, + "extport": {"required": False, "type": "str"}, + "gratuitous_arp_interval": {"required": False, "type": "int"}, + "http_cookie_age": {"required": False, "type": "int"}, + "http_cookie_domain": {"required": False, "type": "str"}, + "http_cookie_domain_from_host": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "http_cookie_generation": {"required": False, "type": "int"}, + "http_cookie_path": {"required": False, "type": "str"}, + "http_cookie_share": {"required": False, "type": "str", + "choices": ["disable", + "same-ip"]}, + "http_ip_header": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "http_ip_header_name": {"required": False, "type": "str"}, + "http_multiplex": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "https_cookie_secure": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "id": {"required": False, "type": "int"}, + "ldb_method": {"required": False, "type": "str", + "choices": ["static", + "round-robin", + "weighted", + "least-session", + "least-rtt", + "first-alive", + "http-host"]}, + "mapped_addr": {"required": False, "type": "str"}, + "mappedip": {"required": False, "type": "list", + "options": { + "range": {"required": True, "type": "str"} + }}, + "mappedport": {"required": False, "type": "str"}, + "max_embryonic_connections": {"required": False, "type": "int"}, + "monitor": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "nat_source_vip": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "outlook_web_access": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "persistence": {"required": False, "type": "str", + "choices": ["none", + "http-cookie", + "ssl-session-id"]}, + "portforward": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "portmapping_type": {"required": False, "type": "str", + "choices": ["1-to-1", + "m-to-n"]}, + "protocol": {"required": False, "type": "str", + "choices": ["tcp", + "udp", + "sctp", + "icmp"]}, + "realservers": {"required": False, "type": "list", + "options": { + "client_ip": {"required": False, "type": "str"}, + "healthcheck": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "vip"]}, + "holddown_interval": {"required": False, "type": "int"}, + "http_host": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "max_connections": {"required": False, "type": "int"}, + "monitor": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["active", + "standby", + "disable"]}, + "weight": {"required": False, "type": "int"} + }}, + "server_type": {"required": False, "type": "str", + "choices": ["http", + "https", + "imaps", + "pop3s", + "smtps", + "ssl", + "tcp", + "udp", + "ip"]}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "src_filter": {"required": False, "type": "list", + "options": { + "range": {"required": True, "type": "str"} + }}, + "srcintf_filter": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "ssl_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low", + "custom"]}, + "ssl_certificate": {"required": False, "type": "str"}, + "ssl_cipher_suites": {"required": False, "type": "list", + "options": { + "cipher": {"required": False, "type": "str", + "choices": ["TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-AES-128-CBC-SHA", + "TLS-RSA-WITH-AES-256-CBC-SHA", + "TLS-RSA-WITH-AES-128-CBC-SHA256", + "TLS-RSA-WITH-AES-128-GCM-SHA256", + "TLS-RSA-WITH-AES-256-CBC-SHA256", + "TLS-RSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-SEED-CBC-SHA", + "TLS-DHE-DSS-WITH-SEED-CBC-SHA", + "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", + "TLS-RSA-WITH-SEED-CBC-SHA", + "TLS-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-RC4-128-SHA", + "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-RC4-128-MD5", + "TLS-RSA-WITH-RC4-128-SHA", + "TLS-DHE-RSA-WITH-DES-CBC-SHA", + "TLS-DHE-DSS-WITH-DES-CBC-SHA", + "TLS-RSA-WITH-DES-CBC-SHA"]}, + "priority": {"required": True, "type": "int"}, + "versions": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]} + }}, + "ssl_client_fallback": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_client_renegotiation": {"required": False, "type": "str", + "choices": ["allow", + "deny", + "secure"]}, + "ssl_client_session_state_max": {"required": False, "type": "int"}, + "ssl_client_session_state_timeout": {"required": False, "type": "int"}, + "ssl_client_session_state_type": {"required": False, "type": "str", + "choices": ["disable", + "time", + "count", + "both"]}, + "ssl_dh_bits": {"required": False, "type": "str", + "choices": ["768", + "1024", + "1536", + "2048", + "3072", + "4096"]}, + "ssl_hpkp": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "report-only"]}, + "ssl_hpkp_age": {"required": False, "type": "int"}, + "ssl_hpkp_backup": {"required": False, "type": "str"}, + "ssl_hpkp_include_subdomains": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_hpkp_primary": {"required": False, "type": "str"}, + "ssl_hpkp_report_uri": {"required": False, "type": "str"}, + "ssl_hsts": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_hsts_age": {"required": False, "type": "int"}, + "ssl_hsts_include_subdomains": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_http_location_conversion": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_http_match_host": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_max_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_min_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_mode": {"required": False, "type": "str", + "choices": ["half", + "full"]}, + "ssl_pfs": {"required": False, "type": "str", + "choices": ["require", + "deny", + "allow"]}, + "ssl_send_empty_frags": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_server_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low", + "custom", + "client"]}, + "ssl_server_cipher_suites": {"required": False, "type": "list", + "options": { + "cipher": {"required": False, "type": "str", + "choices": ["TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-AES-128-CBC-SHA", + "TLS-RSA-WITH-AES-256-CBC-SHA", + "TLS-RSA-WITH-AES-128-CBC-SHA256", + "TLS-RSA-WITH-AES-128-GCM-SHA256", + "TLS-RSA-WITH-AES-256-CBC-SHA256", + "TLS-RSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-SEED-CBC-SHA", + "TLS-DHE-DSS-WITH-SEED-CBC-SHA", + "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", + "TLS-RSA-WITH-SEED-CBC-SHA", + "TLS-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-RC4-128-SHA", + "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-RC4-128-MD5", + "TLS-RSA-WITH-RC4-128-SHA", + "TLS-DHE-RSA-WITH-DES-CBC-SHA", + "TLS-DHE-DSS-WITH-DES-CBC-SHA", + "TLS-RSA-WITH-DES-CBC-SHA"]}, + "priority": {"required": True, "type": "int"}, + "versions": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]} + }}, + "ssl_server_max_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2", + "client"]}, + "ssl_server_min_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2", + "client"]}, + "ssl_server_session_state_max": {"required": False, "type": "int"}, + "ssl_server_session_state_timeout": {"required": False, "type": "int"}, + "ssl_server_session_state_type": {"required": False, "type": "str", + "choices": ["disable", + "time", + "count", + "both"]}, + "type": {"required": False, "type": "str", + "choices": ["static-nat", + "load-balance", + "server-load-balance", + "dns-translation", + "fqdn"]}, + "uuid": {"required": False, "type": "str"}, + "weblogic_server": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "websphere_server": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip46.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip46.py new file mode 100644 index 00000000..eb92aab5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip46.py @@ -0,0 +1,552 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vip46 +short_description: Configure IPv4 to IPv6 virtual IPs in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vip46 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vip46: + description: + - Configure IPv4 to IPv6 virtual IPs. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + arp_reply: + description: + - Enable ARP reply. + type: str + choices: + - disable + - enable + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + extip: + description: + - Start-external-IP [-end-external-IP]. + type: str + extport: + description: + - External service port. + type: str + id: + description: + - Custom defined id. + type: int + ldb_method: + description: + - Load balance method. + type: str + choices: + - static + - round-robin + - weighted + - least-session + - least-rtt + - first-alive + mappedip: + description: + - Start-mapped-IP [-end mapped-IP]. + type: str + mappedport: + description: + - Mapped service port. + type: str + monitor: + description: + - Health monitors. + type: list + suboptions: + name: + description: + - Health monitor name. Source firewall.ldb-monitor.name. + required: true + type: str + name: + description: + - VIP46 name. + required: true + type: str + portforward: + description: + - Enable port forwarding. + type: str + choices: + - disable + - enable + protocol: + description: + - Mapped port protocol. + type: str + choices: + - tcp + - udp + realservers: + description: + - Real servers. + type: list + suboptions: + client_ip: + description: + - Restrict server to a client IP in this range. + type: str + healthcheck: + description: + - Per server health check. + type: str + choices: + - disable + - enable + - vip + holddown_interval: + description: + - Hold down interval. + type: int + id: + description: + - Real server ID. + required: true + type: int + ip: + description: + - Mapped server IPv6. + type: str + max_connections: + description: + - Maximum number of connections allowed to server. + type: int + monitor: + description: + - Health monitors. Source firewall.ldb-monitor.name. + type: str + port: + description: + - Mapped server port. + type: int + status: + description: + - Server administrative status. + type: str + choices: + - active + - standby + - disable + weight: + description: + - weight + type: int + server_type: + description: + - Server type. + type: str + choices: + - http + - tcp + - udp + - ip + src_filter: + description: + - Source IP filter (x.x.x.x/x). + type: list + suboptions: + range: + description: + - Src-filter range. + required: true + type: str + type: + description: + - 'VIP type: static NAT or server load balance.' + type: str + choices: + - static-nat + - server-load-balance + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 to IPv6 virtual IPs. + fortios_firewall_vip46: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip46: + arp_reply: "disable" + color: "4" + comment: "Comment." + extip: "" + extport: "" + id: "8" + ldb_method: "static" + mappedip: "" + mappedport: "" + monitor: + - + name: "default_name_13 (source firewall.ldb-monitor.name)" + name: "default_name_14" + portforward: "disable" + protocol: "tcp" + realservers: + - + client_ip: "" + healthcheck: "disable" + holddown_interval: "20" + id: "21" + ip: "" + max_connections: "23" + monitor: " (source firewall.ldb-monitor.name)" + port: "25" + status: "active" + weight: "27" + server_type: "http" + src_filter: + - + range: "" + type: "static-nat" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vip46_data(json): + option_list = ['arp_reply', 'color', 'comment', + 'extip', 'extport', 'id', + 'ldb_method', 'mappedip', 'mappedport', + 'monitor', 'name', 'portforward', + 'protocol', 'realservers', 'server_type', + 'src_filter', 'type', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vip46(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vip46'] and data['firewall_vip46']['state']: + state = data['firewall_vip46']['state'] + else: + state = True + firewall_vip46_data = data['firewall_vip46'] + filtered_data = underscore_to_hyphen(filter_firewall_vip46_data(firewall_vip46_data)) + + if state == "present": + return fos.set('firewall', + 'vip46', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vip46', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vip46']: + resp = firewall_vip46(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vip46')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vip46": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "arp_reply": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "extip": {"required": False, "type": "str"}, + "extport": {"required": False, "type": "str"}, + "id": {"required": False, "type": "int"}, + "ldb_method": {"required": False, "type": "str", + "choices": ["static", + "round-robin", + "weighted", + "least-session", + "least-rtt", + "first-alive"]}, + "mappedip": {"required": False, "type": "str"}, + "mappedport": {"required": False, "type": "str"}, + "monitor": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "portforward": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "protocol": {"required": False, "type": "str", + "choices": ["tcp", + "udp"]}, + "realservers": {"required": False, "type": "list", + "options": { + "client_ip": {"required": False, "type": "str"}, + "healthcheck": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "vip"]}, + "holddown_interval": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "max_connections": {"required": False, "type": "int"}, + "monitor": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["active", + "standby", + "disable"]}, + "weight": {"required": False, "type": "int"} + }}, + "server_type": {"required": False, "type": "str", + "choices": ["http", + "tcp", + "udp", + "ip"]}, + "src_filter": {"required": False, "type": "list", + "options": { + "range": {"required": True, "type": "str"} + }}, + "type": {"required": False, "type": "str", + "choices": ["static-nat", + "server-load-balance"]}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip6.py new file mode 100644 index 00000000..8f33eb96 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip6.py @@ -0,0 +1,1408 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vip6 +short_description: Configure virtual IP for IPv6 in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vip6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vip6: + description: + - Configure virtual IP for IPv6. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + arp_reply: + description: + - Enable to respond to ARP requests for this virtual IP address. Enabled by default. + type: str + choices: + - disable + - enable + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + extip: + description: + - IP address or address range on the external interface that you want to map to an address or address range on the destination network. + type: str + extport: + description: + - Incoming port number range that you want to map to a port number range on the destination network. + type: str + http_cookie_age: + description: + - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit. + type: int + http_cookie_domain: + description: + - Domain that HTTP cookie persistence should apply to. + type: str + http_cookie_domain_from_host: + description: + - Enable/disable use of HTTP cookie domain from host field in HTTP. + type: str + choices: + - disable + - enable + http_cookie_generation: + description: + - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. + type: int + http_cookie_path: + description: + - Limit HTTP cookie persistence to the specified path. + type: str + http_cookie_share: + description: + - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops + cookie sharing. + type: str + choices: + - disable + - same-ip + http_ip_header: + description: + - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. + type: str + choices: + - enable + - disable + http_ip_header_name: + description: + - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, + X-Forwarded-For is used. + type: str + http_multiplex: + description: + - Enable/disable HTTP multiplexing. + type: str + choices: + - enable + - disable + https_cookie_secure: + description: + - Enable/disable verification that inserted HTTPS cookies are secure. + type: str + choices: + - disable + - enable + id: + description: + - Custom defined ID. + type: int + ldb_method: + description: + - Method used to distribute sessions to real servers. + type: str + choices: + - static + - round-robin + - weighted + - least-session + - least-rtt + - first-alive + - http-host + mappedip: + description: + - Mapped IP address range in the format startIP-endIP. + type: str + mappedport: + description: + - Port number range on the destination network to which the external port number range is mapped. + type: str + max_embryonic_connections: + description: + - Maximum number of incomplete connections. + type: int + monitor: + description: + - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. + type: list + suboptions: + name: + description: + - Health monitor name. Source firewall.ldb-monitor.name. + required: true + type: str + name: + description: + - Virtual ip6 name. + required: true + type: str + outlook_web_access: + description: + - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. + type: str + choices: + - disable + - enable + persistence: + description: + - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. + type: str + choices: + - none + - http-cookie + - ssl-session-id + portforward: + description: + - Enable port forwarding. + type: str + choices: + - disable + - enable + protocol: + description: + - Protocol to use when forwarding packets. + type: str + choices: + - tcp + - udp + - sctp + realservers: + description: + - Select the real servers that this server load balancing VIP will distribute traffic to. + type: list + suboptions: + client_ip: + description: + - Only clients in this IP range can connect to this real server. + type: str + healthcheck: + description: + - Enable to check the responsiveness of the real server before forwarding traffic. + type: str + choices: + - disable + - enable + - vip + holddown_interval: + description: + - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. + type: int + http_host: + description: + - HTTP server domain name in HTTP header. + type: str + id: + description: + - Real server ID. + required: true + type: int + ip: + description: + - IPv6 address of the real server. + type: str + max_connections: + description: + - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers. + type: int + monitor: + description: + - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall + .ldb-monitor.name. + type: str + port: + description: + - Port for communicating with the real server. Required if port forwarding is enabled. + type: int + status: + description: + - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. + type: str + choices: + - active + - standby + - disable + weight: + description: + - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. + type: int + server_type: + description: + - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). + type: str + choices: + - http + - https + - imaps + - pop3s + - smtps + - ssl + - tcp + - udp + - ip + src_filter: + description: + - 'Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.' + type: list + suboptions: + range: + description: + - Source-filter range. + required: true + type: str + ssl_algorithm: + description: + - Permitted encryption algorithms for SSL sessions according to encryption strength. + type: str + choices: + - high + - medium + - low + - custom + ssl_certificate: + description: + - The name of the SSL certificate to use for SSL acceleration. Source vpn.certificate.local.name. + type: str + ssl_cipher_suites: + description: + - SSL/TLS cipher suites acceptable from a client, ordered by priority. + type: list + suboptions: + cipher: + description: + - Cipher suite name. + type: str + choices: + - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-AES-128-CBC-SHA + - TLS-RSA-WITH-AES-256-CBC-SHA + - TLS-RSA-WITH-AES-128-CBC-SHA256 + - TLS-RSA-WITH-AES-128-GCM-SHA256 + - TLS-RSA-WITH-AES-256-CBC-SHA256 + - TLS-RSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-SEED-CBC-SHA + - TLS-DHE-DSS-WITH-SEED-CBC-SHA + - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 + - TLS-RSA-WITH-SEED-CBC-SHA + - TLS-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-RC4-128-SHA + - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-RC4-128-MD5 + - TLS-RSA-WITH-RC4-128-SHA + - TLS-DHE-RSA-WITH-DES-CBC-SHA + - TLS-DHE-DSS-WITH-DES-CBC-SHA + - TLS-RSA-WITH-DES-CBC-SHA + priority: + description: + - SSL/TLS cipher suites priority. + required: true + type: int + versions: + description: + - SSL/TLS versions that the cipher suite can be used with. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_client_fallback: + description: + - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). + type: str + choices: + - disable + - enable + ssl_client_renegotiation: + description: + - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. + type: str + choices: + - allow + - deny + - secure + ssl_client_session_state_max: + description: + - Maximum number of client to FortiGate SSL session states to keep. + type: int + ssl_client_session_state_timeout: + description: + - Number of minutes to keep client to FortiGate SSL session state. + type: int + ssl_client_session_state_type: + description: + - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. + type: str + choices: + - disable + - time + - count + - both + ssl_dh_bits: + description: + - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. + type: str + choices: + - 768 + - 1024 + - 1536 + - 2048 + - 3072 + - 4096 + ssl_hpkp: + description: + - Enable/disable including HPKP header in response. + type: str + choices: + - disable + - enable + - report-only + ssl_hpkp_age: + description: + - Number of minutes the web browser should keep HPKP. + type: int + ssl_hpkp_backup: + description: + - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. + type: str + ssl_hpkp_include_subdomains: + description: + - Indicate that HPKP header applies to all subdomains. + type: str + choices: + - disable + - enable + ssl_hpkp_primary: + description: + - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. + type: str + ssl_hpkp_report_uri: + description: + - URL to report HPKP violations to. + type: str + ssl_hsts: + description: + - Enable/disable including HSTS header in response. + type: str + choices: + - disable + - enable + ssl_hsts_age: + description: + - Number of seconds the client should honour the HSTS setting. + type: int + ssl_hsts_include_subdomains: + description: + - Indicate that HSTS header applies to all subdomains. + type: str + choices: + - disable + - enable + ssl_http_location_conversion: + description: + - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. + type: str + choices: + - enable + - disable + ssl_http_match_host: + description: + - Enable/disable HTTP host matching for location conversion. + type: str + choices: + - enable + - disable + ssl_max_version: + description: + - Highest SSL/TLS version acceptable from a client. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_min_version: + description: + - Lowest SSL/TLS version acceptable from a client. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_mode: + description: + - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the + server (full). + type: str + choices: + - half + - full + ssl_pfs: + description: + - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. + type: str + choices: + - require + - deny + - allow + ssl_send_empty_frags: + description: + - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with + older systems. + type: str + choices: + - enable + - disable + ssl_server_algorithm: + description: + - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. + type: str + choices: + - high + - medium + - low + - custom + - client + ssl_server_cipher_suites: + description: + - SSL/TLS cipher suites to offer to a server, ordered by priority. + type: list + suboptions: + cipher: + description: + - Cipher suite name. + type: str + choices: + - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA + - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA + - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 + - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA + - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA + - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 + - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-AES-128-CBC-SHA + - TLS-RSA-WITH-AES-256-CBC-SHA + - TLS-RSA-WITH-AES-128-CBC-SHA256 + - TLS-RSA-WITH-AES-128-GCM-SHA256 + - TLS-RSA-WITH-AES-256-CBC-SHA256 + - TLS-RSA-WITH-AES-256-GCM-SHA384 + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA + - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 + - TLS-DHE-RSA-WITH-SEED-CBC-SHA + - TLS-DHE-DSS-WITH-SEED-CBC-SHA + - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 + - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 + - TLS-RSA-WITH-SEED-CBC-SHA + - TLS-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 + - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 + - TLS-ECDHE-RSA-WITH-RC4-128-SHA + - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-3DES-EDE-CBC-SHA + - TLS-RSA-WITH-RC4-128-MD5 + - TLS-RSA-WITH-RC4-128-SHA + - TLS-DHE-RSA-WITH-DES-CBC-SHA + - TLS-DHE-DSS-WITH-DES-CBC-SHA + - TLS-RSA-WITH-DES-CBC-SHA + priority: + description: + - SSL/TLS cipher suites priority. + required: true + type: int + versions: + description: + - SSL/TLS versions that the cipher suite can be used with. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_server_max_version: + description: + - Highest SSL/TLS version acceptable from a server. Use the client setting by default. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + - client + ssl_server_min_version: + description: + - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + - client + ssl_server_session_state_max: + description: + - Maximum number of FortiGate to Server SSL session states to keep. + type: int + ssl_server_session_state_timeout: + description: + - Number of minutes to keep FortiGate to Server SSL session state. + type: int + ssl_server_session_state_type: + description: + - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. + type: str + choices: + - disable + - time + - count + - both + type: + description: + - Configure a static NAT or server load balance VIP. + type: str + choices: + - static-nat + - server-load-balance + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + weblogic_server: + description: + - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. + type: str + choices: + - disable + - enable + websphere_server: + description: + - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual IP for IPv6. + fortios_firewall_vip6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip6: + arp_reply: "disable" + color: "4" + comment: "Comment." + extip: "" + extport: "" + http_cookie_age: "8" + http_cookie_domain: "" + http_cookie_domain_from_host: "disable" + http_cookie_generation: "11" + http_cookie_path: "" + http_cookie_share: "disable" + http_ip_header: "enable" + http_ip_header_name: "" + http_multiplex: "enable" + https_cookie_secure: "disable" + id: "18" + ldb_method: "static" + mappedip: "" + mappedport: "" + max_embryonic_connections: "22" + monitor: + - + name: "default_name_24 (source firewall.ldb-monitor.name)" + name: "default_name_25" + outlook_web_access: "disable" + persistence: "none" + portforward: "disable" + protocol: "tcp" + realservers: + - + client_ip: "" + healthcheck: "disable" + holddown_interval: "33" + http_host: "myhostname" + id: "35" + ip: "" + max_connections: "37" + monitor: " (source firewall.ldb-monitor.name)" + port: "39" + status: "active" + weight: "41" + server_type: "http" + src_filter: + - + range: "" + ssl_algorithm: "high" + ssl_certificate: " (source vpn.certificate.local.name)" + ssl_cipher_suites: + - + cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" + priority: "49" + versions: "ssl-3.0" + ssl_client_fallback: "disable" + ssl_client_renegotiation: "allow" + ssl_client_session_state_max: "53" + ssl_client_session_state_timeout: "54" + ssl_client_session_state_type: "disable" + ssl_dh_bits: "768" + ssl_hpkp: "disable" + ssl_hpkp_age: "58" + ssl_hpkp_backup: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_include_subdomains: "disable" + ssl_hpkp_primary: " (source vpn.certificate.local.name vpn.certificate.ca.name)" + ssl_hpkp_report_uri: "" + ssl_hsts: "disable" + ssl_hsts_age: "64" + ssl_hsts_include_subdomains: "disable" + ssl_http_location_conversion: "enable" + ssl_http_match_host: "enable" + ssl_max_version: "ssl-3.0" + ssl_min_version: "ssl-3.0" + ssl_mode: "half" + ssl_pfs: "require" + ssl_send_empty_frags: "enable" + ssl_server_algorithm: "high" + ssl_server_cipher_suites: + - + cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" + priority: "76" + versions: "ssl-3.0" + ssl_server_max_version: "ssl-3.0" + ssl_server_min_version: "ssl-3.0" + ssl_server_session_state_max: "80" + ssl_server_session_state_timeout: "81" + ssl_server_session_state_type: "disable" + type: "static-nat" + uuid: "" + weblogic_server: "disable" + websphere_server: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vip6_data(json): + option_list = ['arp_reply', 'color', 'comment', + 'extip', 'extport', 'http_cookie_age', + 'http_cookie_domain', 'http_cookie_domain_from_host', 'http_cookie_generation', + 'http_cookie_path', 'http_cookie_share', 'http_ip_header', + 'http_ip_header_name', 'http_multiplex', 'https_cookie_secure', + 'id', 'ldb_method', 'mappedip', + 'mappedport', 'max_embryonic_connections', 'monitor', + 'name', 'outlook_web_access', 'persistence', + 'portforward', 'protocol', 'realservers', + 'server_type', 'src_filter', 'ssl_algorithm', + 'ssl_certificate', 'ssl_cipher_suites', 'ssl_client_fallback', + 'ssl_client_renegotiation', 'ssl_client_session_state_max', 'ssl_client_session_state_timeout', + 'ssl_client_session_state_type', 'ssl_dh_bits', 'ssl_hpkp', + 'ssl_hpkp_age', 'ssl_hpkp_backup', 'ssl_hpkp_include_subdomains', + 'ssl_hpkp_primary', 'ssl_hpkp_report_uri', 'ssl_hsts', + 'ssl_hsts_age', 'ssl_hsts_include_subdomains', 'ssl_http_location_conversion', + 'ssl_http_match_host', 'ssl_max_version', 'ssl_min_version', + 'ssl_mode', 'ssl_pfs', 'ssl_send_empty_frags', + 'ssl_server_algorithm', 'ssl_server_cipher_suites', 'ssl_server_max_version', + 'ssl_server_min_version', 'ssl_server_session_state_max', 'ssl_server_session_state_timeout', + 'ssl_server_session_state_type', 'type', 'uuid', + 'weblogic_server', 'websphere_server'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vip6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vip6'] and data['firewall_vip6']['state']: + state = data['firewall_vip6']['state'] + else: + state = True + firewall_vip6_data = data['firewall_vip6'] + filtered_data = underscore_to_hyphen(filter_firewall_vip6_data(firewall_vip6_data)) + + if state == "present": + return fos.set('firewall', + 'vip6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vip6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vip6']: + resp = firewall_vip6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vip6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vip6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "arp_reply": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "extip": {"required": False, "type": "str"}, + "extport": {"required": False, "type": "str"}, + "http_cookie_age": {"required": False, "type": "int"}, + "http_cookie_domain": {"required": False, "type": "str"}, + "http_cookie_domain_from_host": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "http_cookie_generation": {"required": False, "type": "int"}, + "http_cookie_path": {"required": False, "type": "str"}, + "http_cookie_share": {"required": False, "type": "str", + "choices": ["disable", + "same-ip"]}, + "http_ip_header": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "http_ip_header_name": {"required": False, "type": "str"}, + "http_multiplex": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "https_cookie_secure": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "id": {"required": False, "type": "int"}, + "ldb_method": {"required": False, "type": "str", + "choices": ["static", + "round-robin", + "weighted", + "least-session", + "least-rtt", + "first-alive", + "http-host"]}, + "mappedip": {"required": False, "type": "str"}, + "mappedport": {"required": False, "type": "str"}, + "max_embryonic_connections": {"required": False, "type": "int"}, + "monitor": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "outlook_web_access": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "persistence": {"required": False, "type": "str", + "choices": ["none", + "http-cookie", + "ssl-session-id"]}, + "portforward": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "protocol": {"required": False, "type": "str", + "choices": ["tcp", + "udp", + "sctp"]}, + "realservers": {"required": False, "type": "list", + "options": { + "client_ip": {"required": False, "type": "str"}, + "healthcheck": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "vip"]}, + "holddown_interval": {"required": False, "type": "int"}, + "http_host": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "max_connections": {"required": False, "type": "int"}, + "monitor": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["active", + "standby", + "disable"]}, + "weight": {"required": False, "type": "int"} + }}, + "server_type": {"required": False, "type": "str", + "choices": ["http", + "https", + "imaps", + "pop3s", + "smtps", + "ssl", + "tcp", + "udp", + "ip"]}, + "src_filter": {"required": False, "type": "list", + "options": { + "range": {"required": True, "type": "str"} + }}, + "ssl_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low", + "custom"]}, + "ssl_certificate": {"required": False, "type": "str"}, + "ssl_cipher_suites": {"required": False, "type": "list", + "options": { + "cipher": {"required": False, "type": "str", + "choices": ["TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-AES-128-CBC-SHA", + "TLS-RSA-WITH-AES-256-CBC-SHA", + "TLS-RSA-WITH-AES-128-CBC-SHA256", + "TLS-RSA-WITH-AES-128-GCM-SHA256", + "TLS-RSA-WITH-AES-256-CBC-SHA256", + "TLS-RSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-SEED-CBC-SHA", + "TLS-DHE-DSS-WITH-SEED-CBC-SHA", + "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", + "TLS-RSA-WITH-SEED-CBC-SHA", + "TLS-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-RC4-128-SHA", + "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-RC4-128-MD5", + "TLS-RSA-WITH-RC4-128-SHA", + "TLS-DHE-RSA-WITH-DES-CBC-SHA", + "TLS-DHE-DSS-WITH-DES-CBC-SHA", + "TLS-RSA-WITH-DES-CBC-SHA"]}, + "priority": {"required": True, "type": "int"}, + "versions": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]} + }}, + "ssl_client_fallback": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_client_renegotiation": {"required": False, "type": "str", + "choices": ["allow", + "deny", + "secure"]}, + "ssl_client_session_state_max": {"required": False, "type": "int"}, + "ssl_client_session_state_timeout": {"required": False, "type": "int"}, + "ssl_client_session_state_type": {"required": False, "type": "str", + "choices": ["disable", + "time", + "count", + "both"]}, + "ssl_dh_bits": {"required": False, "type": "str", + "choices": ["768", + "1024", + "1536", + "2048", + "3072", + "4096"]}, + "ssl_hpkp": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "report-only"]}, + "ssl_hpkp_age": {"required": False, "type": "int"}, + "ssl_hpkp_backup": {"required": False, "type": "str"}, + "ssl_hpkp_include_subdomains": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_hpkp_primary": {"required": False, "type": "str"}, + "ssl_hpkp_report_uri": {"required": False, "type": "str"}, + "ssl_hsts": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_hsts_age": {"required": False, "type": "int"}, + "ssl_hsts_include_subdomains": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_http_location_conversion": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_http_match_host": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_max_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_min_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_mode": {"required": False, "type": "str", + "choices": ["half", + "full"]}, + "ssl_pfs": {"required": False, "type": "str", + "choices": ["require", + "deny", + "allow"]}, + "ssl_send_empty_frags": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_server_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low", + "custom", + "client"]}, + "ssl_server_cipher_suites": {"required": False, "type": "list", + "options": { + "cipher": {"required": False, "type": "str", + "choices": ["TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", + "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", + "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-AES-128-CBC-SHA", + "TLS-RSA-WITH-AES-256-CBC-SHA", + "TLS-RSA-WITH-AES-128-CBC-SHA256", + "TLS-RSA-WITH-AES-128-GCM-SHA256", + "TLS-RSA-WITH-AES-256-CBC-SHA256", + "TLS-RSA-WITH-AES-256-GCM-SHA384", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", + "TLS-DHE-RSA-WITH-SEED-CBC-SHA", + "TLS-DHE-DSS-WITH-SEED-CBC-SHA", + "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", + "TLS-RSA-WITH-SEED-CBC-SHA", + "TLS-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-RC4-128-SHA", + "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + "TLS-RSA-WITH-RC4-128-MD5", + "TLS-RSA-WITH-RC4-128-SHA", + "TLS-DHE-RSA-WITH-DES-CBC-SHA", + "TLS-DHE-DSS-WITH-DES-CBC-SHA", + "TLS-RSA-WITH-DES-CBC-SHA"]}, + "priority": {"required": True, "type": "int"}, + "versions": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]} + }}, + "ssl_server_max_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2", + "client"]}, + "ssl_server_min_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2", + "client"]}, + "ssl_server_session_state_max": {"required": False, "type": "int"}, + "ssl_server_session_state_timeout": {"required": False, "type": "int"}, + "ssl_server_session_state_type": {"required": False, "type": "str", + "choices": ["disable", + "time", + "count", + "both"]}, + "type": {"required": False, "type": "str", + "choices": ["static-nat", + "server-load-balance"]}, + "uuid": {"required": False, "type": "str"}, + "weblogic_server": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "websphere_server": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip64.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip64.py new file mode 100644 index 00000000..76571b53 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vip64.py @@ -0,0 +1,552 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vip64 +short_description: Configure IPv6 to IPv4 virtual IPs in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vip64 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vip64: + description: + - Configure IPv6 to IPv4 virtual IPs. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + arp_reply: + description: + - Enable ARP reply. + type: str + choices: + - disable + - enable + color: + description: + - Color of icon on the GUI. + type: int + comment: + description: + - Comment. + type: str + extip: + description: + - Start-external-IP [-end-external-IP]. + type: str + extport: + description: + - External service port. + type: str + id: + description: + - Custom defined id. + type: int + ldb_method: + description: + - Load balance method. + type: str + choices: + - static + - round-robin + - weighted + - least-session + - least-rtt + - first-alive + mappedip: + description: + - Start-mapped-IP [-end-mapped-IP]. + type: str + mappedport: + description: + - Mapped service port. + type: str + monitor: + description: + - Health monitors. + type: list + suboptions: + name: + description: + - Health monitor name. Source firewall.ldb-monitor.name. + required: true + type: str + name: + description: + - VIP64 name. + required: true + type: str + portforward: + description: + - Enable port forwarding. + type: str + choices: + - disable + - enable + protocol: + description: + - Mapped port protocol. + type: str + choices: + - tcp + - udp + realservers: + description: + - Real servers. + type: list + suboptions: + client_ip: + description: + - Restrict server to a client IP in this range. + type: str + healthcheck: + description: + - Per server health check. + type: str + choices: + - disable + - enable + - vip + holddown_interval: + description: + - Hold down interval. + type: int + id: + description: + - Real server ID. + required: true + type: int + ip: + description: + - Mapped server IP. + type: str + max_connections: + description: + - Maximum number of connections allowed to server. + type: int + monitor: + description: + - Health monitors. Source firewall.ldb-monitor.name. + type: str + port: + description: + - Mapped server port. + type: int + status: + description: + - Server administrative status. + type: str + choices: + - active + - standby + - disable + weight: + description: + - weight + type: int + server_type: + description: + - Server type. + type: str + choices: + - http + - tcp + - udp + - ip + src_filter: + description: + - 'Source IP6 filter (x:x:x:x:x:x:x:x/x).' + type: list + suboptions: + range: + description: + - Src-filter range. + required: true + type: str + type: + description: + - 'VIP type: static NAT or server load balance.' + type: str + choices: + - static-nat + - server-load-balance + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 to IPv4 virtual IPs. + fortios_firewall_vip64: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vip64: + arp_reply: "disable" + color: "4" + comment: "Comment." + extip: "" + extport: "" + id: "8" + ldb_method: "static" + mappedip: "" + mappedport: "" + monitor: + - + name: "default_name_13 (source firewall.ldb-monitor.name)" + name: "default_name_14" + portforward: "disable" + protocol: "tcp" + realservers: + - + client_ip: "" + healthcheck: "disable" + holddown_interval: "20" + id: "21" + ip: "" + max_connections: "23" + monitor: " (source firewall.ldb-monitor.name)" + port: "25" + status: "active" + weight: "27" + server_type: "http" + src_filter: + - + range: "" + type: "static-nat" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vip64_data(json): + option_list = ['arp_reply', 'color', 'comment', + 'extip', 'extport', 'id', + 'ldb_method', 'mappedip', 'mappedport', + 'monitor', 'name', 'portforward', + 'protocol', 'realservers', 'server_type', + 'src_filter', 'type', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vip64(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vip64'] and data['firewall_vip64']['state']: + state = data['firewall_vip64']['state'] + else: + state = True + firewall_vip64_data = data['firewall_vip64'] + filtered_data = underscore_to_hyphen(filter_firewall_vip64_data(firewall_vip64_data)) + + if state == "present": + return fos.set('firewall', + 'vip64', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vip64', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vip64']: + resp = firewall_vip64(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vip64')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vip64": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "arp_reply": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "extip": {"required": False, "type": "str"}, + "extport": {"required": False, "type": "str"}, + "id": {"required": False, "type": "int"}, + "ldb_method": {"required": False, "type": "str", + "choices": ["static", + "round-robin", + "weighted", + "least-session", + "least-rtt", + "first-alive"]}, + "mappedip": {"required": False, "type": "str"}, + "mappedport": {"required": False, "type": "str"}, + "monitor": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "portforward": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "protocol": {"required": False, "type": "str", + "choices": ["tcp", + "udp"]}, + "realservers": {"required": False, "type": "list", + "options": { + "client_ip": {"required": False, "type": "str"}, + "healthcheck": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "vip"]}, + "holddown_interval": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "max_connections": {"required": False, "type": "int"}, + "monitor": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["active", + "standby", + "disable"]}, + "weight": {"required": False, "type": "int"} + }}, + "server_type": {"required": False, "type": "str", + "choices": ["http", + "tcp", + "udp", + "ip"]}, + "src_filter": {"required": False, "type": "list", + "options": { + "range": {"required": True, "type": "str"} + }}, + "type": {"required": False, "type": "str", + "choices": ["static-nat", + "server-load-balance"]}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp.py new file mode 100644 index 00000000..8d0fda4d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp.py @@ -0,0 +1,344 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vipgrp +short_description: Configure IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vipgrp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vipgrp: + description: + - Configure IPv4 virtual IP groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Integer value to determine the color of the icon in the GUI (range 1 to 32). + type: int + comments: + description: + - Comment. + type: str + interface: + description: + - interface Source system.interface.name. + type: str + member: + description: + - Member VIP objects of the group (Separate multiple objects with a space). + type: list + suboptions: + name: + description: + - VIP name. Source firewall.vip.name. + required: true + type: str + name: + description: + - VIP group name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 virtual IP groups. + fortios_firewall_vipgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp: + color: "3" + comments: "" + interface: " (source system.interface.name)" + member: + - + name: "default_name_7 (source firewall.vip.name)" + name: "default_name_8" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vipgrp_data(json): + option_list = ['color', 'comments', 'interface', + 'member', 'name', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vipgrp(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vipgrp'] and data['firewall_vipgrp']['state']: + state = data['firewall_vipgrp']['state'] + else: + state = True + firewall_vipgrp_data = data['firewall_vipgrp'] + filtered_data = underscore_to_hyphen(filter_firewall_vipgrp_data(firewall_vipgrp_data)) + + if state == "present": + return fos.set('firewall', + 'vipgrp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vipgrp', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vipgrp']: + resp = firewall_vipgrp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vipgrp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vipgrp": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "interface": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp46.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp46.py new file mode 100644 index 00000000..7bdc7995 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp46.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vipgrp46 +short_description: Configure IPv4 to IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vipgrp46 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vipgrp46: + description: + - Configure IPv4 to IPv6 virtual IP groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Integer value to determine the color of the icon in the GUI (range 1 to 32). + type: int + comments: + description: + - Comment. + type: str + member: + description: + - Member VIP objects of the group (Separate multiple objects with a space). + type: list + suboptions: + name: + description: + - VIP46 name. Source firewall.vip46.name. + required: true + type: str + name: + description: + - VIP46 group name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 to IPv6 virtual IP groups. + fortios_firewall_vipgrp46: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp46: + color: "3" + comments: "" + member: + - + name: "default_name_6 (source firewall.vip46.name)" + name: "default_name_7" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vipgrp46_data(json): + option_list = ['color', 'comments', 'member', + 'name', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vipgrp46(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vipgrp46'] and data['firewall_vipgrp46']['state']: + state = data['firewall_vipgrp46']['state'] + else: + state = True + firewall_vipgrp46_data = data['firewall_vipgrp46'] + filtered_data = underscore_to_hyphen(filter_firewall_vipgrp46_data(firewall_vipgrp46_data)) + + if state == "present": + return fos.set('firewall', + 'vipgrp46', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vipgrp46', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vipgrp46']: + resp = firewall_vipgrp46(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vipgrp46')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vipgrp46": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp6.py new file mode 100644 index 00000000..4a4ab799 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp6.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vipgrp6 +short_description: Configure IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vipgrp6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vipgrp6: + description: + - Configure IPv6 virtual IP groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Integer value to determine the color of the icon in the GUI (range 1 to 32). + type: int + comments: + description: + - Comment. + type: str + member: + description: + - Member VIP objects of the group (Separate multiple objects with a space). + type: list + suboptions: + name: + description: + - IPv6 VIP name. Source firewall.vip6.name. + required: true + type: str + name: + description: + - IPv6 VIP group name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 virtual IP groups. + fortios_firewall_vipgrp6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp6: + color: "3" + comments: "" + member: + - + name: "default_name_6 (source firewall.vip6.name)" + name: "default_name_7" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vipgrp6_data(json): + option_list = ['color', 'comments', 'member', + 'name', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vipgrp6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vipgrp6'] and data['firewall_vipgrp6']['state']: + state = data['firewall_vipgrp6']['state'] + else: + state = True + firewall_vipgrp6_data = data['firewall_vipgrp6'] + filtered_data = underscore_to_hyphen(filter_firewall_vipgrp6_data(firewall_vipgrp6_data)) + + if state == "present": + return fos.set('firewall', + 'vipgrp6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vipgrp6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vipgrp6']: + resp = firewall_vipgrp6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vipgrp6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vipgrp6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp64.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp64.py new file mode 100644 index 00000000..9ecb327e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_vipgrp64.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_vipgrp64 +short_description: Configure IPv6 to IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall feature and vipgrp64 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_vipgrp64: + description: + - Configure IPv6 to IPv4 virtual IP groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - Integer value to determine the color of the icon in the GUI (range 1 to 32). + type: int + comments: + description: + - Comment. + type: str + member: + description: + - Member VIP objects of the group (Separate multiple objects with a space). + type: list + suboptions: + name: + description: + - VIP64 name. Source firewall.vip64.name. + required: true + type: str + name: + description: + - VIP64 group name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 to IPv4 virtual IP groups. + fortios_firewall_vipgrp64: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_vipgrp64: + color: "3" + comments: "" + member: + - + name: "default_name_6 (source firewall.vip64.name)" + name: "default_name_7" + uuid: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_vipgrp64_data(json): + option_list = ['color', 'comments', 'member', + 'name', 'uuid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_vipgrp64(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_vipgrp64'] and data['firewall_vipgrp64']['state']: + state = data['firewall_vipgrp64']['state'] + else: + state = True + firewall_vipgrp64_data = data['firewall_vipgrp64'] + filtered_data = underscore_to_hyphen(filter_firewall_vipgrp64_data(firewall_vipgrp64_data)) + + if state == "present": + return fos.set('firewall', + 'vipgrp64', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall', + 'vipgrp64', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall(data, fos): + + if data['firewall_vipgrp64']: + resp = firewall_vipgrp64(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_vipgrp64')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_vipgrp64": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "uuid": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_custom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_custom.py new file mode 100644 index 00000000..a75fe4fc --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_custom.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_wildcard_fqdn_custom +short_description: Config global/VDOM Wildcard FQDN address in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_wildcard_fqdn feature and custom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_wildcard_fqdn_custom: + description: + - Config global/VDOM Wildcard FQDN address. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - GUI icon color. + type: int + comment: + description: + - Comment. + type: str + name: + description: + - Address name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable address visibility. + type: str + choices: + - enable + - disable + wildcard_fqdn: + description: + - Wildcard FQDN. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Config global/VDOM Wildcard FQDN address. + fortios_firewall_wildcard_fqdn_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_wildcard_fqdn_custom: + color: "3" + comment: "Comment." + name: "default_name_5" + uuid: "" + visibility: "enable" + wildcard_fqdn: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_wildcard_fqdn_custom_data(json): + option_list = ['color', 'comment', 'name', + 'uuid', 'visibility', 'wildcard_fqdn'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_wildcard_fqdn_custom(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_wildcard_fqdn_custom'] and data['firewall_wildcard_fqdn_custom']['state']: + state = data['firewall_wildcard_fqdn_custom']['state'] + else: + state = True + firewall_wildcard_fqdn_custom_data = data['firewall_wildcard_fqdn_custom'] + filtered_data = underscore_to_hyphen(filter_firewall_wildcard_fqdn_custom_data(firewall_wildcard_fqdn_custom_data)) + + if state == "present": + return fos.set('firewall.wildcard-fqdn', + 'custom', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.wildcard-fqdn', + 'custom', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_wildcard_fqdn(data, fos): + + if data['firewall_wildcard_fqdn_custom']: + resp = firewall_wildcard_fqdn_custom(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_wildcard_fqdn_custom')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_wildcard_fqdn_custom": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wildcard_fqdn": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_wildcard_fqdn(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_group.py new file mode 100644 index 00000000..7e00a632 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_firewall_wildcard_fqdn_group.py @@ -0,0 +1,349 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_firewall_wildcard_fqdn_group +short_description: Config global Wildcard FQDN address groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify firewall_wildcard_fqdn feature and group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + firewall_wildcard_fqdn_group: + description: + - Config global Wildcard FQDN address groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + color: + description: + - GUI icon color. + type: int + comment: + description: + - Comment. + type: str + member: + description: + - Address group members. + type: list + suboptions: + name: + description: + - Address name. Source firewall.wildcard-fqdn.custom.name. + required: true + type: str + name: + description: + - Address group name. + required: true + type: str + uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + visibility: + description: + - Enable/disable address visibility. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Config global Wildcard FQDN address groups. + fortios_firewall_wildcard_fqdn_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + firewall_wildcard_fqdn_group: + color: "3" + comment: "Comment." + member: + - + name: "default_name_6 (source firewall.wildcard-fqdn.custom.name)" + name: "default_name_7" + uuid: "" + visibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_firewall_wildcard_fqdn_group_data(json): + option_list = ['color', 'comment', 'member', + 'name', 'uuid', 'visibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def firewall_wildcard_fqdn_group(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['firewall_wildcard_fqdn_group'] and data['firewall_wildcard_fqdn_group']['state']: + state = data['firewall_wildcard_fqdn_group']['state'] + else: + state = True + firewall_wildcard_fqdn_group_data = data['firewall_wildcard_fqdn_group'] + filtered_data = underscore_to_hyphen(filter_firewall_wildcard_fqdn_group_data(firewall_wildcard_fqdn_group_data)) + + if state == "present": + return fos.set('firewall.wildcard-fqdn', + 'group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('firewall.wildcard-fqdn', + 'group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_firewall_wildcard_fqdn(data, fos): + + if data['firewall_wildcard_fqdn_group']: + resp = firewall_wildcard_fqdn_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('firewall_wildcard_fqdn_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "firewall_wildcard_fqdn_group": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "color": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "uuid": {"required": False, "type": "str"}, + "visibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_firewall_wildcard_fqdn(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ftp_proxy_explicit.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ftp_proxy_explicit.py new file mode 100644 index 00000000..5ed0d155 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ftp_proxy_explicit.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ftp_proxy_explicit +short_description: Configure explicit FTP proxy settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ftp_proxy feature and explicit category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + ftp_proxy_explicit: + description: + - Configure explicit FTP proxy settings. + default: null + type: dict + suboptions: + incoming_ip: + description: + - Accept incoming FTP requests from this IP address. An interface must have this IP address. + type: str + incoming_port: + description: + - Accept incoming FTP requests on one or more ports. + type: str + outgoing_ip: + description: + - Outgoing FTP requests will leave from this IP address. An interface must have this IP address. + type: str + sec_default_action: + description: + - Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists. + type: str + choices: + - accept + - deny + status: + description: + - Enable/disable the explicit FTP proxy. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure explicit FTP proxy settings. + fortios_ftp_proxy_explicit: + vdom: "{{ vdom }}" + ftp_proxy_explicit: + incoming_ip: "" + incoming_port: "" + outgoing_ip: "" + sec_default_action: "accept" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ftp_proxy_explicit_data(json): + option_list = ['incoming_ip', 'incoming_port', 'outgoing_ip', + 'sec_default_action', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ftp_proxy_explicit(data, fos): + vdom = data['vdom'] + ftp_proxy_explicit_data = data['ftp_proxy_explicit'] + filtered_data = underscore_to_hyphen(filter_ftp_proxy_explicit_data(ftp_proxy_explicit_data)) + + return fos.set('ftp-proxy', + 'explicit', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ftp_proxy(data, fos): + + if data['ftp_proxy_explicit']: + resp = ftp_proxy_explicit(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ftp_proxy_explicit')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "ftp_proxy_explicit": { + "required": False, "type": "dict", "default": None, + "options": { + "incoming_ip": {"required": False, "type": "str"}, + "incoming_port": {"required": False, "type": "str"}, + "outgoing_ip": {"required": False, "type": "str"}, + "sec_default_action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ftp_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_profile.py new file mode 100644 index 00000000..6455f992 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_profile.py @@ -0,0 +1,413 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_icap_profile +short_description: Configure ICAP profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify icap feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + icap_profile: + description: + - Configure ICAP profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + methods: + description: + - The allowed HTTP methods that will be sent to ICAP server for further processing. + type: str + choices: + - delete + - get + - head + - options + - post + - put + - trace + - other + name: + description: + - ICAP profile name. + required: true + type: str + replacemsg_group: + description: + - Replacement message group. Source system.replacemsg-group.name. + type: str + request: + description: + - Enable/disable whether an HTTP request is passed to an ICAP server. + type: str + choices: + - disable + - enable + request_failure: + description: + - Action to take if the ICAP server cannot be contacted when processing an HTTP request. + type: str + choices: + - error + - bypass + request_path: + description: + - Path component of the ICAP URI that identifies the HTTP request processing service. + type: str + request_server: + description: + - ICAP server to use for an HTTP request. Source icap.server.name. + type: str + response: + description: + - Enable/disable whether an HTTP response is passed to an ICAP server. + type: str + choices: + - disable + - enable + response_failure: + description: + - Action to take if the ICAP server cannot be contacted when processing an HTTP response. + type: str + choices: + - error + - bypass + response_path: + description: + - Path component of the ICAP URI that identifies the HTTP response processing service. + type: str + response_server: + description: + - ICAP server to use for an HTTP response. Source icap.server.name. + type: str + streaming_content_bypass: + description: + - Enable/disable bypassing of ICAP server for streaming content. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure ICAP profiles. + fortios_icap_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + icap_profile: + methods: "delete" + name: "default_name_4" + replacemsg_group: " (source system.replacemsg-group.name)" + request: "disable" + request_failure: "error" + request_path: "" + request_server: " (source icap.server.name)" + response: "disable" + response_failure: "error" + response_path: "" + response_server: " (source icap.server.name)" + streaming_content_bypass: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_icap_profile_data(json): + option_list = ['methods', 'name', 'replacemsg_group', + 'request', 'request_failure', 'request_path', + 'request_server', 'response', 'response_failure', + 'response_path', 'response_server', 'streaming_content_bypass'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def icap_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['icap_profile'] and data['icap_profile']['state']: + state = data['icap_profile']['state'] + else: + state = True + icap_profile_data = data['icap_profile'] + filtered_data = underscore_to_hyphen(filter_icap_profile_data(icap_profile_data)) + + if state == "present": + return fos.set('icap', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('icap', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_icap(data, fos): + + if data['icap_profile']: + resp = icap_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('icap_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "icap_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "methods": {"required": False, "type": "str", + "choices": ["delete", + "get", + "head", + "options", + "post", + "put", + "trace", + "other"]}, + "name": {"required": True, "type": "str"}, + "replacemsg_group": {"required": False, "type": "str"}, + "request": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "request_failure": {"required": False, "type": "str", + "choices": ["error", + "bypass"]}, + "request_path": {"required": False, "type": "str"}, + "request_server": {"required": False, "type": "str"}, + "response": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "response_failure": {"required": False, "type": "str", + "choices": ["error", + "bypass"]}, + "response_path": {"required": False, "type": "str"}, + "response_server": {"required": False, "type": "str"}, + "streaming_content_bypass": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_icap(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_server.py new file mode 100644 index 00000000..250d3374 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_icap_server.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_icap_server +short_description: Configure ICAP servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify icap feature and server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + icap_server: + description: + - Configure ICAP servers. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + ip_address: + description: + - IPv4 address of the ICAP server. + type: str + ip_version: + description: + - IP version. + type: str + choices: + - 4 + - 6 + ip6_address: + description: + - IPv6 address of the ICAP server. + type: str + max_connections: + description: + - Maximum number of concurrent connections to ICAP server. + type: int + name: + description: + - Server name. + required: true + type: str + port: + description: + - ICAP server port. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure ICAP servers. + fortios_icap_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + icap_server: + ip_address: "" + ip_version: "4" + ip6_address: "" + max_connections: "6" + name: "default_name_7" + port: "8" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_icap_server_data(json): + option_list = ['ip_address', 'ip_version', 'ip6_address', + 'max_connections', 'name', 'port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def icap_server(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['icap_server'] and data['icap_server']['state']: + state = data['icap_server']['state'] + else: + state = True + icap_server_data = data['icap_server'] + filtered_data = underscore_to_hyphen(filter_icap_server_data(icap_server_data)) + + if state == "present": + return fos.set('icap', + 'server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('icap', + 'server', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_icap(data, fos): + + if data['icap_server']: + resp = icap_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('icap_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "icap_server": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ip_address": {"required": False, "type": "str"}, + "ip_version": {"required": False, "type": "str", + "choices": ["4", + "6"]}, + "ip6_address": {"required": False, "type": "str"}, + "max_connections": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_icap(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_custom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_custom.py new file mode 100644 index 00000000..5886dea2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_custom.py @@ -0,0 +1,404 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ips_custom +short_description: Configure IPS custom signature in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ips feature and custom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + ips_custom: + description: + - Configure IPS custom signature. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Default action (pass or block) for this signature. + type: str + choices: + - pass + - block + application: + description: + - Applications to be protected. Blank for all applications. + type: str + comment: + description: + - Comment. + type: str + location: + description: + - Protect client or server traffic. + type: str + log: + description: + - Enable/disable logging. + type: str + choices: + - disable + - enable + log_packet: + description: + - Enable/disable packet logging. + type: str + choices: + - disable + - enable + os: + description: + - Operating system(s) that the signature protects. Blank for all operating systems. + type: str + protocol: + description: + - Protocol(s) that the signature scans. Blank for all protocols. + type: str + rule_id: + description: + - Signature ID. + type: int + severity: + description: + - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. + type: str + sig_name: + description: + - Signature name. + type: str + signature: + description: + - Custom signature enclosed in single quotes. + type: str + status: + description: + - Enable/disable this signature. + type: str + choices: + - disable + - enable + tag: + description: + - Signature tag. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS custom signature. + fortios_ips_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_custom: + action: "pass" + application: "" + comment: "Comment." + location: "" + log: "disable" + log_packet: "disable" + os: "" + protocol: "" + rule_id: "11" + severity: "" + sig_name: "" + signature: "" + status: "disable" + tag: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ips_custom_data(json): + option_list = ['action', 'application', 'comment', + 'location', 'log', 'log_packet', + 'os', 'protocol', 'rule_id', + 'severity', 'sig_name', 'signature', + 'status', 'tag'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ips_custom(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['ips_custom'] and data['ips_custom']['state']: + state = data['ips_custom']['state'] + else: + state = True + ips_custom_data = data['ips_custom'] + filtered_data = underscore_to_hyphen(filter_ips_custom_data(ips_custom_data)) + + if state == "present": + return fos.set('ips', + 'custom', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('ips', + 'custom', + mkey=filtered_data['tag'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ips(data, fos): + + if data['ips_custom']: + resp = ips_custom(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ips_custom')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'tag' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ips_custom": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["pass", + "block"]}, + "application": {"required": False, "type": "str"}, + "comment": {"required": False, "type": "str"}, + "location": {"required": False, "type": "str"}, + "log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_packet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "os": {"required": False, "type": "str"}, + "protocol": {"required": False, "type": "str"}, + "rule_id": {"required": False, "type": "int"}, + "severity": {"required": False, "type": "str"}, + "sig_name": {"required": False, "type": "str"}, + "signature": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "tag": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ips(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_decoder.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_decoder.py new file mode 100644 index 00000000..446e8acc --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_decoder.py @@ -0,0 +1,325 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ips_decoder +short_description: Configure IPS decoder in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ips feature and decoder category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + ips_decoder: + description: + - Configure IPS decoder. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + name: + description: + - Decoder name. + required: true + type: str + parameter: + description: + - IPS group parameters. + type: list + suboptions: + name: + description: + - Parameter name. + required: true + type: str + value: + description: + - Parameter value. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS decoder. + fortios_ips_decoder: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_decoder: + name: "default_name_3" + parameter: + - + name: "default_name_5" + value: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ips_decoder_data(json): + option_list = ['name', 'parameter'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ips_decoder(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['ips_decoder'] and data['ips_decoder']['state']: + state = data['ips_decoder']['state'] + else: + state = True + ips_decoder_data = data['ips_decoder'] + filtered_data = underscore_to_hyphen(filter_ips_decoder_data(ips_decoder_data)) + + if state == "present": + return fos.set('ips', + 'decoder', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('ips', + 'decoder', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ips(data, fos): + + if data['ips_decoder']: + resp = ips_decoder(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ips_decoder')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ips_decoder": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "name": {"required": True, "type": "str"}, + "parameter": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "value": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ips(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_global.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_global.py new file mode 100644 index 00000000..9eeef9bb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_global.py @@ -0,0 +1,377 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ips_global +short_description: Configure IPS global parameter in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ips feature and global category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + ips_global: + description: + - Configure IPS global parameter. + default: null + type: dict + suboptions: + anomaly_mode: + description: + - Global blocking mode for rate-based anomalies. + type: str + choices: + - periodical + - continuous + database: + description: + - Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from + legacy attacks. + type: str + choices: + - regular + - extended + deep_app_insp_db_limit: + description: + - Limit on number of entries in deep application inspection database (1 - 2147483647, 0 = use recommended setting) + type: int + deep_app_insp_timeout: + description: + - Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting). + type: int + engine_count: + description: + - Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number + of CPU cores. + type: int + exclude_signatures: + description: + - Excluded signatures. + type: str + choices: + - none + - industrial + fail_open: + description: + - Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. + type: str + choices: + - enable + - disable + intelligent_mode: + description: + - Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. + type: str + choices: + - enable + - disable + session_limit_mode: + description: + - Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved + performance (heuristics). + type: str + choices: + - accurate + - heuristic + skype_client_public_ipaddr: + description: + - Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas. + type: str + socket_size: + description: + - IPS socket buffer size (0 - 256 MB). Default depends on available memory. Can be changed to tune performance. + type: int + sync_session_ttl: + description: + - Enable/disable use of kernel session TTL for IPS sessions. + type: str + choices: + - enable + - disable + traffic_submit: + description: + - Enable/disable submitting attack data found by this FortiGate to FortiGuard. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS global parameter. + fortios_ips_global: + vdom: "{{ vdom }}" + ips_global: + anomaly_mode: "periodical" + database: "regular" + deep_app_insp_db_limit: "5" + deep_app_insp_timeout: "6" + engine_count: "7" + exclude_signatures: "none" + fail_open: "enable" + intelligent_mode: "enable" + session_limit_mode: "accurate" + skype_client_public_ipaddr: "" + socket_size: "13" + sync_session_ttl: "enable" + traffic_submit: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ips_global_data(json): + option_list = ['anomaly_mode', 'database', 'deep_app_insp_db_limit', + 'deep_app_insp_timeout', 'engine_count', 'exclude_signatures', + 'fail_open', 'intelligent_mode', 'session_limit_mode', + 'skype_client_public_ipaddr', 'socket_size', 'sync_session_ttl', + 'traffic_submit'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ips_global(data, fos): + vdom = data['vdom'] + ips_global_data = data['ips_global'] + filtered_data = underscore_to_hyphen(filter_ips_global_data(ips_global_data)) + + return fos.set('ips', + 'global', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ips(data, fos): + + if data['ips_global']: + resp = ips_global(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ips_global')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "ips_global": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly_mode": {"required": False, "type": "str", + "choices": ["periodical", + "continuous"]}, + "database": {"required": False, "type": "str", + "choices": ["regular", + "extended"]}, + "deep_app_insp_db_limit": {"required": False, "type": "int"}, + "deep_app_insp_timeout": {"required": False, "type": "int"}, + "engine_count": {"required": False, "type": "int"}, + "exclude_signatures": {"required": False, "type": "str", + "choices": ["none", + "industrial"]}, + "fail_open": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "intelligent_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_limit_mode": {"required": False, "type": "str", + "choices": ["accurate", + "heuristic"]}, + "skype_client_public_ipaddr": {"required": False, "type": "str"}, + "socket_size": {"required": False, "type": "int"}, + "sync_session_ttl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "traffic_submit": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ips(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule.py new file mode 100644 index 00000000..41047167 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule.py @@ -0,0 +1,433 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ips_rule +short_description: Configure IPS rules in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ips feature and rule category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + ips_rule: + description: + - Configure IPS rules. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Action. + type: str + choices: + - pass + - block + application: + description: + - Vulnerable applications. + type: str + date: + description: + - Date. + type: int + group: + description: + - Group. + type: str + location: + description: + - Vulnerable location. + type: str + log: + description: + - Enable/disable logging. + type: str + choices: + - disable + - enable + log_packet: + description: + - Enable/disable packet logging. + type: str + choices: + - disable + - enable + metadata: + description: + - Meta data. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + metaid: + description: + - Meta ID. + type: int + valueid: + description: + - Value ID. + type: int + name: + description: + - Rule name. + required: true + type: str + os: + description: + - Vulnerable operation systems. + type: str + rev: + description: + - Revision. + type: int + rule_id: + description: + - Rule ID. + type: int + service: + description: + - Vulnerable service. + type: str + severity: + description: + - Severity. + type: str + status: + description: + - Enable/disable status. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS rules. + fortios_ips_rule: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_rule: + action: "pass" + application: "" + date: "5" + group: "" + location: "" + log: "disable" + log_packet: "disable" + metadata: + - + id: "11" + metaid: "12" + valueid: "13" + name: "default_name_14" + os: "" + rev: "16" + rule_id: "17" + service: "" + severity: "" + status: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ips_rule_data(json): + option_list = ['action', 'application', 'date', + 'group', 'location', 'log', + 'log_packet', 'metadata', 'name', + 'os', 'rev', 'rule_id', + 'service', 'severity', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ips_rule(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['ips_rule'] and data['ips_rule']['state']: + state = data['ips_rule']['state'] + else: + state = True + ips_rule_data = data['ips_rule'] + filtered_data = underscore_to_hyphen(filter_ips_rule_data(ips_rule_data)) + + if state == "present": + return fos.set('ips', + 'rule', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('ips', + 'rule', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ips(data, fos): + + if data['ips_rule']: + resp = ips_rule(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ips_rule')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ips_rule": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["pass", + "block"]}, + "application": {"required": False, "type": "str"}, + "date": {"required": False, "type": "int"}, + "group": {"required": False, "type": "str"}, + "location": {"required": False, "type": "str"}, + "log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_packet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "metadata": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "metaid": {"required": False, "type": "int"}, + "valueid": {"required": False, "type": "int"} + }}, + "name": {"required": True, "type": "str"}, + "os": {"required": False, "type": "str"}, + "rev": {"required": False, "type": "int"}, + "rule_id": {"required": False, "type": "int"}, + "service": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ips(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule_settings.py new file mode 100644 index 00000000..32a8c7eb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_rule_settings.py @@ -0,0 +1,302 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ips_rule_settings +short_description: Configure IPS rule setting in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ips feature and rule_settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + ips_rule_settings: + description: + - Configure IPS rule setting. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + id: + description: + - Rule ID. + required: true + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS rule setting. + fortios_ips_rule_settings: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_rule_settings: + id: "3" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ips_rule_settings_data(json): + option_list = ['id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ips_rule_settings(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['ips_rule_settings'] and data['ips_rule_settings']['state']: + state = data['ips_rule_settings']['state'] + else: + state = True + ips_rule_settings_data = data['ips_rule_settings'] + filtered_data = underscore_to_hyphen(filter_ips_rule_settings_data(ips_rule_settings_data)) + + if state == "present": + return fos.set('ips', + 'rule-settings', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('ips', + 'rule-settings', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ips(data, fos): + + if data['ips_rule_settings']: + resp = ips_rule_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ips_rule_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ips_rule_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "id": {"required": True, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ips(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_sensor.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_sensor.py new file mode 100644 index 00000000..e9fe557e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_sensor.py @@ -0,0 +1,808 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ips_sensor +short_description: Configure IPS sensor in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ips feature and sensor category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + ips_sensor: + description: + - Configure IPS sensor. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + block_malicious_url: + description: + - Enable/disable malicious URL blocking. + type: str + choices: + - disable + - enable + comment: + description: + - Comment. + type: str + entries: + description: + - IPS sensor filter. + type: list + suboptions: + action: + description: + - Action taken with traffic in which signatures are detected. + type: str + choices: + - pass + - block + - reset + - default + application: + description: + - Applications to be protected. set application ? lists available applications. all includes all applications. other includes all + unlisted applications. + type: str + exempt_ip: + description: + - Traffic from selected source or destination IP addresses is exempt from this signature. + type: list + suboptions: + dst_ip: + description: + - Destination IP address and netmask. + type: str + id: + description: + - Exempt IP ID. + required: true + type: int + src_ip: + description: + - Source IP address and netmask. + type: str + id: + description: + - Rule ID in IPS database (0 - 4294967295). + required: true + type: int + location: + description: + - Protect client or server traffic. + type: str + log: + description: + - Enable/disable logging of signatures included in filter. + type: str + choices: + - disable + - enable + log_attack_context: + description: + - 'Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer.' + type: str + choices: + - disable + - enable + log_packet: + description: + - Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format + for diagnostic use. + type: str + choices: + - disable + - enable + os: + description: + - Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. + type: str + protocol: + description: + - Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted + protocols. + type: str + quarantine: + description: + - Quarantine method. + type: str + choices: + - none + - attacker + quarantine_expiry: + description: + - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. + type: str + quarantine_log: + description: + - Enable/disable quarantine logging. + type: str + choices: + - disable + - enable + rate_count: + description: + - Count of the rate. + type: int + rate_duration: + description: + - Duration (sec) of the rate. + type: int + rate_mode: + description: + - Rate limit mode. + type: str + choices: + - periodical + - continuous + rate_track: + description: + - Track the packet protocol field. + type: str + choices: + - none + - src-ip + - dest-ip + - dhcp-client-mac + - dns-domain + rule: + description: + - Identifies the predefined or custom IPS signatures to add to the sensor. + type: list + suboptions: + id: + description: + - Rule IPS. + required: true + type: int + severity: + description: + - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. + type: str + status: + description: + - Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. + Filters with default status of disable will not be used. + type: str + choices: + - disable + - enable + - default + extended_log: + description: + - Enable/disable extended logging. + type: str + choices: + - enable + - disable + filter: + description: + - IPS sensor filter. + type: list + suboptions: + action: + description: + - Action of selected rules. + type: str + choices: + - pass + - block + - reset + - default + application: + description: + - Vulnerable application filter. + type: str + location: + description: + - Vulnerability location filter. + type: str + log: + description: + - Enable/disable logging of selected rules. + type: str + choices: + - disable + - enable + log_packet: + description: + - Enable/disable packet logging of selected rules. + type: str + choices: + - disable + - enable + name: + description: + - Filter name. + required: true + type: str + os: + description: + - Vulnerable OS filter. + type: str + protocol: + description: + - Vulnerable protocol filter. + type: str + quarantine: + description: + - Quarantine IP or interface. + type: str + choices: + - none + - attacker + quarantine_expiry: + description: + - Duration of quarantine in minute. + type: int + quarantine_log: + description: + - Enable/disable logging of selected quarantine. + type: str + choices: + - disable + - enable + severity: + description: + - Vulnerability severity filter. + type: str + status: + description: + - Selected rules status. + type: str + choices: + - disable + - enable + - default + name: + description: + - Sensor name. + required: true + type: str + override: + description: + - IPS override rule. + type: list + suboptions: + action: + description: + - Action of override rule. + type: str + choices: + - pass + - block + - reset + exempt_ip: + description: + - Exempted IP. + type: list + suboptions: + dst_ip: + description: + - Destination IP address and netmask. + type: str + id: + description: + - Exempt IP ID. + required: true + type: int + src_ip: + description: + - Source IP address and netmask. + type: str + log: + description: + - Enable/disable logging. + type: str + choices: + - disable + - enable + log_packet: + description: + - Enable/disable packet logging. + type: str + choices: + - disable + - enable + quarantine: + description: + - Quarantine IP or interface. + type: str + choices: + - none + - attacker + quarantine_expiry: + description: + - Duration of quarantine in minute. + type: int + quarantine_log: + description: + - Enable/disable logging of selected quarantine. + type: str + choices: + - disable + - enable + rule_id: + description: + - Override rule ID. + type: int + status: + description: + - Enable/disable status of override rule. + type: str + choices: + - disable + - enable + replacemsg_group: + description: + - Replacement message group. Source system.replacemsg-group.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS sensor. + fortios_ips_sensor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ips_sensor: + block_malicious_url: "disable" + comment: "Comment." + entries: + - + action: "pass" + application: "" + exempt_ip: + - + dst_ip: "" + id: "10" + src_ip: "" + id: "12" + location: "" + log: "disable" + log_attack_context: "disable" + log_packet: "disable" + os: "" + protocol: "" + quarantine: "none" + quarantine_expiry: "" + quarantine_log: "disable" + rate_count: "22" + rate_duration: "23" + rate_mode: "periodical" + rate_track: "none" + rule: + - + id: "27" + severity: "" + status: "disable" + extended_log: "enable" + filter: + - + action: "pass" + application: "" + location: "" + log: "disable" + log_packet: "disable" + name: "default_name_37" + os: "" + protocol: "" + quarantine: "none" + quarantine_expiry: "41" + quarantine_log: "disable" + severity: "" + status: "disable" + name: "default_name_45" + override: + - + action: "pass" + exempt_ip: + - + dst_ip: "" + id: "50" + src_ip: "" + log: "disable" + log_packet: "disable" + quarantine: "none" + quarantine_expiry: "55" + quarantine_log: "disable" + rule_id: "57" + status: "disable" + replacemsg_group: " (source system.replacemsg-group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ips_sensor_data(json): + option_list = ['block_malicious_url', 'comment', 'entries', + 'extended_log', 'filter', 'name', + 'override', 'replacemsg_group'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ips_sensor(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['ips_sensor'] and data['ips_sensor']['state']: + state = data['ips_sensor']['state'] + else: + state = True + ips_sensor_data = data['ips_sensor'] + filtered_data = underscore_to_hyphen(filter_ips_sensor_data(ips_sensor_data)) + + if state == "present": + return fos.set('ips', + 'sensor', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('ips', + 'sensor', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ips(data, fos): + + if data['ips_sensor']: + resp = ips_sensor(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ips_sensor')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ips_sensor": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "block_malicious_url": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "block", + "reset", + "default"]}, + "application": {"required": False, "type": "str"}, + "exempt_ip": {"required": False, "type": "list", + "options": { + "dst_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "src_ip": {"required": False, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "location": {"required": False, "type": "str"}, + "log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_attack_context": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_packet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "os": {"required": False, "type": "str"}, + "protocol": {"required": False, "type": "str"}, + "quarantine": {"required": False, "type": "str", + "choices": ["none", + "attacker"]}, + "quarantine_expiry": {"required": False, "type": "str"}, + "quarantine_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rate_count": {"required": False, "type": "int"}, + "rate_duration": {"required": False, "type": "int"}, + "rate_mode": {"required": False, "type": "str", + "choices": ["periodical", + "continuous"]}, + "rate_track": {"required": False, "type": "str", + "choices": ["none", + "src-ip", + "dest-ip", + "dhcp-client-mac", + "dns-domain"]}, + "rule": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "severity": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "default"]} + }}, + "extended_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "block", + "reset", + "default"]}, + "application": {"required": False, "type": "str"}, + "location": {"required": False, "type": "str"}, + "log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_packet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "name": {"required": True, "type": "str"}, + "os": {"required": False, "type": "str"}, + "protocol": {"required": False, "type": "str"}, + "quarantine": {"required": False, "type": "str", + "choices": ["none", + "attacker"]}, + "quarantine_expiry": {"required": False, "type": "int"}, + "quarantine_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "severity": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "default"]} + }}, + "name": {"required": True, "type": "str"}, + "override": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "block", + "reset"]}, + "exempt_ip": {"required": False, "type": "list", + "options": { + "dst_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "src_ip": {"required": False, "type": "str"} + }}, + "log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_packet": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "quarantine": {"required": False, "type": "str", + "choices": ["none", + "attacker"]}, + "quarantine_expiry": {"required": False, "type": "int"}, + "quarantine_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rule_id": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + }}, + "replacemsg_group": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ips(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_settings.py new file mode 100644 index 00000000..fb5e92a8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ips_settings.py @@ -0,0 +1,277 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ips_settings +short_description: Configure IPS VDOM parameter in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ips feature and settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + ips_settings: + description: + - Configure IPS VDOM parameter. + default: null + type: dict + suboptions: + ips_packet_quota: + description: + - Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size. + type: int + packet_log_history: + description: + - Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255). + type: int + packet_log_memory: + description: + - Maximum memory can be used by packet log (64 - 8192 kB). + type: int + packet_log_post_attack: + description: + - Number of packets to log after the IPS signature is detected (0 - 255). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS VDOM parameter. + fortios_ips_settings: + vdom: "{{ vdom }}" + ips_settings: + ips_packet_quota: "3" + packet_log_history: "4" + packet_log_memory: "5" + packet_log_post_attack: "6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ips_settings_data(json): + option_list = ['ips_packet_quota', 'packet_log_history', 'packet_log_memory', + 'packet_log_post_attack'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ips_settings(data, fos): + vdom = data['vdom'] + ips_settings_data = data['ips_settings'] + filtered_data = underscore_to_hyphen(filter_ips_settings_data(ips_settings_data)) + + return fos.set('ips', + 'settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ips(data, fos): + + if data['ips_settings']: + resp = ips_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ips_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "ips_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "ips_packet_quota": {"required": False, "type": "int"}, + "packet_log_history": {"required": False, "type": "int"}, + "packet_log_memory": {"required": False, "type": "int"}, + "packet_log_post_attack": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ips(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_custom_field.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_custom_field.py new file mode 100644 index 00000000..446eedba --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_custom_field.py @@ -0,0 +1,314 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_custom_field +short_description: Configure custom log fields in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log feature and custom_field category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + log_custom_field: + description: + - Configure custom log fields. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + id: + description: + - field ID . + required: true + type: str + name: + description: + - 'Field name (max: 15 characters).' + type: str + value: + description: + - 'Field value (max: 15 characters).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom log fields. + fortios_log_custom_field: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + log_custom_field: + id: "3" + name: "default_name_4" + value: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_custom_field_data(json): + option_list = ['id', 'name', 'value'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_custom_field(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['log_custom_field'] and data['log_custom_field']['state']: + state = data['log_custom_field']['state'] + else: + state = True + log_custom_field_data = data['log_custom_field'] + filtered_data = underscore_to_hyphen(filter_log_custom_field_data(log_custom_field_data)) + + if state == "present": + return fos.set('log', + 'custom-field', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('log', + 'custom-field', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log(data, fos): + + if data['log_custom_field']: + resp = log_custom_field(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_custom_field')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "log_custom_field": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "id": {"required": True, "type": "str"}, + "name": {"required": False, "type": "str"}, + "value": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_filter.py new file mode 100644 index 00000000..13224449 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_filter.py @@ -0,0 +1,623 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_disk_filter +short_description: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in + Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_disk feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_disk_filter: + description: + - Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. + default: null + type: dict + suboptions: + admin: + description: + - Enable/disable admin login/logout logging. + type: str + choices: + - enable + - disable + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + auth: + description: + - Enable/disable firewall authentication logging. + type: str + choices: + - enable + - disable + cpu_memory_usage: + description: + - Enable/disable CPU & memory usage logging every 5 minutes. + type: str + choices: + - enable + - disable + dhcp: + description: + - Enable/disable DHCP service messages logging. + type: str + choices: + - enable + - disable + dlp_archive: + description: + - Enable/disable DLP archive logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + event: + description: + - Enable/disable event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Disk log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + ha: + description: + - Enable/disable HA logging. + type: str + choices: + - enable + - disable + ipsec: + description: + - Enable/disable IPsec negotiation messages logging. + type: str + choices: + - enable + - disable + ldb_monitor: + description: + - Enable/disable VIP real server health monitoring logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + pattern: + description: + - Enable/disable pattern update logging. + type: str + choices: + - enable + - disable + ppp: + description: + - Enable/disable L2TP/PPTP/PPPoE logging. + type: str + choices: + - enable + - disable + radius: + description: + - Enable/disable RADIUS messages logging. + type: str + choices: + - enable + - disable + severity: + description: + - Log to disk every message above and including this severity level. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + sslvpn_log_adm: + description: + - Enable/disable SSL administrator login logging. + type: str + choices: + - enable + - disable + sslvpn_log_auth: + description: + - Enable/disable SSL user authentication logging. + type: str + choices: + - enable + - disable + sslvpn_log_session: + description: + - Enable/disable SSL session logging. + type: str + choices: + - enable + - disable + system: + description: + - Enable/disable system activity logging. + type: str + choices: + - enable + - disable + vip_ssl: + description: + - Enable/disable VIP SSL logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable + wan_opt: + description: + - Enable/disable WAN optimization event logging. + type: str + choices: + - enable + - disable + wireless_activity: + description: + - Enable/disable wireless activity event logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. + fortios_log_disk_filter: + vdom: "{{ vdom }}" + log_disk_filter: + admin: "enable" + anomaly: "enable" + auth: "enable" + cpu_memory_usage: "enable" + dhcp: "enable" + dlp_archive: "enable" + dns: "enable" + event: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + ha: "enable" + ipsec: "enable" + ldb_monitor: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + pattern: "enable" + ppp: "enable" + radius: "enable" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + sslvpn_log_adm: "enable" + sslvpn_log_auth: "enable" + sslvpn_log_session: "enable" + system: "enable" + vip_ssl: "enable" + voip: "enable" + wan_opt: "enable" + wireless_activity: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_disk_filter_data(json): + option_list = ['admin', 'anomaly', 'auth', + 'cpu_memory_usage', 'dhcp', 'dlp_archive', + 'dns', 'event', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'ha', 'ipsec', 'ldb_monitor', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'pattern', 'ppp', + 'radius', 'severity', 'sniffer_traffic', + 'ssh', 'sslvpn_log_adm', 'sslvpn_log_auth', + 'sslvpn_log_session', 'system', 'vip_ssl', + 'voip', 'wan_opt', 'wireless_activity'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_disk_filter(data, fos): + vdom = data['vdom'] + log_disk_filter_data = data['log_disk_filter'] + filtered_data = underscore_to_hyphen(filter_log_disk_filter_data(log_disk_filter_data)) + + return fos.set('log.disk', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_disk(data, fos): + + if data['log_disk_filter']: + resp = log_disk_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_disk_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_disk_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "admin": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cpu_memory_usage": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "event": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ldb_monitor": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "pattern": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ppp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "radius": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_log_adm": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_log_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_log_session": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "system": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vip_ssl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wan_opt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wireless_activity": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_disk(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_setting.py new file mode 100644 index 00000000..24371deb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_disk_setting.py @@ -0,0 +1,522 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_disk_setting +short_description: Settings for local disk logging in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_disk feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_disk_setting: + description: + - Settings for local disk logging. + default: null + type: dict + suboptions: + diskfull: + description: + - Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full . + type: str + choices: + - overwrite + - nolog + dlp_archive_quota: + description: + - DLP archive quota (MB). + type: int + full_final_warning_threshold: + description: + - Log full final warning threshold as a percent (3 - 100). + type: int + full_first_warning_threshold: + description: + - Log full first warning threshold as a percent (1 - 98). + type: int + full_second_warning_threshold: + description: + - Log full second warning threshold as a percent (2 - 99). + type: int + ips_archive: + description: + - Enable/disable IPS packet archiving to the local disk. + type: str + choices: + - enable + - disable + log_quota: + description: + - Disk log quota (MB). + type: int + max_log_file_size: + description: + - Maximum log file size before rolling (1 - 100 Mbytes). + type: int + max_policy_packet_capture_size: + description: + - Maximum size of policy sniffer in MB (0 means unlimited). + type: int + maximum_log_age: + description: + - Delete log files older than (days). + type: int + report_quota: + description: + - Report quota (MB). + type: int + roll_day: + description: + - Day of week on which to roll log file. + type: str + choices: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + roll_schedule: + description: + - Frequency to check log file for rolling. + type: str + choices: + - daily + - weekly + roll_time: + description: + - 'Time of day to roll the log file (hh:mm).' + type: str + source_ip: + description: + - Source IP address to use for uploading disk log files. + type: str + status: + description: + - Enable/disable local disk logging. + type: str + choices: + - enable + - disable + upload: + description: + - Enable/disable uploading log files when they are rolled. + type: str + choices: + - enable + - disable + upload_delete_files: + description: + - Delete log files after uploading . + type: str + choices: + - enable + - disable + upload_destination: + description: + - The type of server to upload log files to. Only FTP is currently supported. + type: str + choices: + - ftp-server + upload_ssl_conn: + description: + - Enable/disable encrypted FTPS communication to upload log files. + type: str + choices: + - default + - high + - low + - disable + uploaddir: + description: + - The remote directory on the FTP server to upload log files to. + type: str + uploadip: + description: + - IP address of the FTP server to upload log files to. + type: str + uploadpass: + description: + - Password required to log into the FTP server to upload disk log files. + type: str + uploadport: + description: + - TCP port to use for communicating with the FTP server . + type: int + uploadsched: + description: + - Set the schedule for uploading log files to the FTP server . + type: str + choices: + - disable + - enable + uploadtime: + description: + - 'Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh).' + type: str + uploadtype: + description: + - Types of log files to upload. Separate multiple entries with a space. + type: str + choices: + - traffic + - event + - virus + - webfilter + - IPS + - spamfilter + - dlp-archive + - anomaly + - voip + - dlp + - app-ctrl + - waf + - netscan + - gtp + - dns + uploaduser: + description: + - Username required to log into the FTP server to upload disk log files. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for local disk logging. + fortios_log_disk_setting: + vdom: "{{ vdom }}" + log_disk_setting: + diskfull: "overwrite" + dlp_archive_quota: "4" + full_final_warning_threshold: "5" + full_first_warning_threshold: "6" + full_second_warning_threshold: "7" + ips_archive: "enable" + log_quota: "9" + max_log_file_size: "10" + max_policy_packet_capture_size: "11" + maximum_log_age: "12" + report_quota: "13" + roll_day: "sunday" + roll_schedule: "daily" + roll_time: "" + source_ip: "84.230.14.43" + status: "enable" + upload: "enable" + upload_delete_files: "enable" + upload_destination: "ftp-server" + upload_ssl_conn: "default" + uploaddir: "" + uploadip: "" + uploadpass: "" + uploadport: "26" + uploadsched: "disable" + uploadtime: "" + uploadtype: "traffic" + uploaduser: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_disk_setting_data(json): + option_list = ['diskfull', 'dlp_archive_quota', 'full_final_warning_threshold', + 'full_first_warning_threshold', 'full_second_warning_threshold', 'ips_archive', + 'log_quota', 'max_log_file_size', 'max_policy_packet_capture_size', + 'maximum_log_age', 'report_quota', 'roll_day', + 'roll_schedule', 'roll_time', 'source_ip', + 'status', 'upload', 'upload_delete_files', + 'upload_destination', 'upload_ssl_conn', 'uploaddir', + 'uploadip', 'uploadpass', 'uploadport', + 'uploadsched', 'uploadtime', 'uploadtype', + 'uploaduser'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_disk_setting(data, fos): + vdom = data['vdom'] + log_disk_setting_data = data['log_disk_setting'] + filtered_data = underscore_to_hyphen(filter_log_disk_setting_data(log_disk_setting_data)) + + return fos.set('log.disk', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_disk(data, fos): + + if data['log_disk_setting']: + resp = log_disk_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_disk_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_disk_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "diskfull": {"required": False, "type": "str", + "choices": ["overwrite", + "nolog"]}, + "dlp_archive_quota": {"required": False, "type": "int"}, + "full_final_warning_threshold": {"required": False, "type": "int"}, + "full_first_warning_threshold": {"required": False, "type": "int"}, + "full_second_warning_threshold": {"required": False, "type": "int"}, + "ips_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_quota": {"required": False, "type": "int"}, + "max_log_file_size": {"required": False, "type": "int"}, + "max_policy_packet_capture_size": {"required": False, "type": "int"}, + "maximum_log_age": {"required": False, "type": "int"}, + "report_quota": {"required": False, "type": "int"}, + "roll_day": {"required": False, "type": "str", + "choices": ["sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday"]}, + "roll_schedule": {"required": False, "type": "str", + "choices": ["daily", + "weekly"]}, + "roll_time": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_delete_files": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_destination": {"required": False, "type": "str", + "choices": ["ftp-server"]}, + "upload_ssl_conn": {"required": False, "type": "str", + "choices": ["default", + "high", + "low", + "disable"]}, + "uploaddir": {"required": False, "type": "str"}, + "uploadip": {"required": False, "type": "str"}, + "uploadpass": {"required": False, "type": "str"}, + "uploadport": {"required": False, "type": "int"}, + "uploadsched": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "uploadtime": {"required": False, "type": "str"}, + "uploadtype": {"required": False, "type": "str", + "choices": ["traffic", + "event", + "virus", + "webfilter", + "IPS", + "spamfilter", + "dlp-archive", + "anomaly", + "voip", + "dlp", + "app-ctrl", + "waf", + "netscan", + "gtp", + "dns"]}, + "uploaduser": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_disk(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_eventfilter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_eventfilter.py new file mode 100644 index 00000000..4e4c9590 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_eventfilter.py @@ -0,0 +1,376 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_eventfilter +short_description: Configure log event filters in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log feature and eventfilter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_eventfilter: + description: + - Configure log event filters. + default: null + type: dict + suboptions: + compliance_check: + description: + - Enable/disable PCI DSS compliance check logging. + type: str + choices: + - enable + - disable + endpoint: + description: + - Enable/disable endpoint event logging. + type: str + choices: + - enable + - disable + event: + description: + - Enable/disable event logging. + type: str + choices: + - enable + - disable + ha: + description: + - Enable/disable ha event logging. + type: str + choices: + - enable + - disable + router: + description: + - Enable/disable router event logging. + type: str + choices: + - enable + - disable + security_rating: + description: + - Enable/disable Security Rating result logging. + type: str + choices: + - enable + - disable + system: + description: + - Enable/disable system event logging. + type: str + choices: + - enable + - disable + user: + description: + - Enable/disable user authentication event logging. + type: str + choices: + - enable + - disable + vpn: + description: + - Enable/disable VPN event logging. + type: str + choices: + - enable + - disable + wan_opt: + description: + - Enable/disable WAN optimization event logging. + type: str + choices: + - enable + - disable + wireless_activity: + description: + - Enable/disable wireless event logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure log event filters. + fortios_log_eventfilter: + vdom: "{{ vdom }}" + log_eventfilter: + compliance_check: "enable" + endpoint: "enable" + event: "enable" + ha: "enable" + router: "enable" + security_rating: "enable" + system: "enable" + user: "enable" + vpn: "enable" + wan_opt: "enable" + wireless_activity: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_eventfilter_data(json): + option_list = ['compliance_check', 'endpoint', 'event', + 'ha', 'router', 'security_rating', + 'system', 'user', 'vpn', + 'wan_opt', 'wireless_activity'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_eventfilter(data, fos): + vdom = data['vdom'] + log_eventfilter_data = data['log_eventfilter'] + filtered_data = underscore_to_hyphen(filter_log_eventfilter_data(log_eventfilter_data)) + + return fos.set('log', + 'eventfilter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log(data, fos): + + if data['log_eventfilter']: + resp = log_eventfilter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_eventfilter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_eventfilter": { + "required": False, "type": "dict", "default": None, + "options": { + "compliance_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "endpoint": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "event": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "router": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "security_rating": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "system": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "user": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vpn": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wan_opt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wireless_activity": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_filter.py new file mode 100644 index 00000000..4ed79609 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_filter.py @@ -0,0 +1,418 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer2_filter +short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer2 feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer2_filter: + description: + - Filters for FortiAnalyzer. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dlp_archive: + description: + - Enable/disable DLP archive logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - FortiAnalyzer 2 log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Log every message above and including this severity level. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiAnalyzer. + fortios_log_fortianalyzer2_filter: + vdom: "{{ vdom }}" + log_fortianalyzer2_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer2_filter_data(json): + option_list = ['anomaly', 'dlp_archive', 'dns', + 'filter', 'filter_type', 'forward_traffic', + 'gtp', 'local_traffic', 'multicast_traffic', + 'netscan_discovery', 'netscan_vulnerability', 'severity', + 'sniffer_traffic', 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer2_filter(data, fos): + vdom = data['vdom'] + log_fortianalyzer2_filter_data = data['log_fortianalyzer2_filter'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_filter_data(log_fortianalyzer2_filter_data)) + + return fos.set('log.fortianalyzer2', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer2(data, fos): + + if data['log_fortianalyzer2_filter']: + resp = log_fortianalyzer2_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer2_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer2_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_setting.py new file mode 100644 index 00000000..c0d58af6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer2_setting.py @@ -0,0 +1,410 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer2_setting +short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer2 feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer2_setting: + description: + - Global FortiAnalyzer settings. + default: null + type: dict + suboptions: + __change_ip: + description: + - Hidden attribute. + type: int + certificate: + description: + - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. + type: str + conn_timeout: + description: + - FortiAnalyzer connection time-out in seconds (for status and log buffer). + type: int + enc_algorithm: + description: + - Enable/disable sending FortiAnalyzer log data with SSL encryption. + type: str + choices: + - high-medium + - high + - low + - disable + faz_type: + description: + - Hidden setting index of FortiAnalyzer. + type: int + hmac_algorithm: + description: + - FortiAnalyzer IPsec tunnel HMAC algorithm. + type: str + choices: + - sha256 + - sha1 + ips_archive: + description: + - Enable/disable IPS packet archive logging. + type: str + choices: + - enable + - disable + mgmt_name: + description: + - Hidden management name of FortiAnalyzer. + type: str + monitor_failure_retry_period: + description: + - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). + type: int + monitor_keepalive_period: + description: + - Time between OFTP keepalives in seconds (for status and log buffer). + type: int + reliable: + description: + - Enable/disable reliable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + server: + description: + - The remote FortiAnalyzer. + type: str + source_ip: + description: + - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. + type: str + status: + description: + - Enable/disable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + upload_day: + description: + - Day of week (month) to upload logs. + type: str + upload_interval: + description: + - Frequency to upload log files to FortiAnalyzer. + type: str + choices: + - daily + - weekly + - monthly + upload_option: + description: + - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. + type: str + choices: + - store-and-upload + - realtime + - 1-minute + - 5-minute + upload_time: + description: + - 'Time to upload logs (hh:mm).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global FortiAnalyzer settings. + fortios_log_fortianalyzer2_setting: + vdom: "{{ vdom }}" + log_fortianalyzer2_setting: + __change_ip: "3" + certificate: " (source certificate.local.name)" + conn_timeout: "5" + enc_algorithm: "high-medium" + faz_type: "7" + hmac_algorithm: "sha256" + ips_archive: "enable" + mgmt_name: "" + monitor_failure_retry_period: "11" + monitor_keepalive_period: "12" + reliable: "enable" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer2_setting_data(json): + option_list = ['__change_ip', 'certificate', 'conn_timeout', + 'enc_algorithm', 'faz_type', 'hmac_algorithm', + 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', + 'monitor_keepalive_period', 'reliable', 'server', + 'source_ip', 'status', 'upload_day', + 'upload_interval', 'upload_option', 'upload_time'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer2_setting(data, fos): + vdom = data['vdom'] + log_fortianalyzer2_setting_data = data['log_fortianalyzer2_setting'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_setting_data(log_fortianalyzer2_setting_data)) + + return fos.set('log.fortianalyzer2', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer2(data, fos): + + if data['log_fortianalyzer2_setting']: + resp = log_fortianalyzer2_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer2_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer2_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "__change_ip": {"required": False, "type": "int"}, + "certificate": {"required": False, "type": "str"}, + "conn_timeout": {"required": False, "type": "int"}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "faz_type": {"required": False, "type": "int"}, + "hmac_algorithm": {"required": False, "type": "str", + "choices": ["sha256", + "sha1"]}, + "ips_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mgmt_name": {"required": False, "type": "str"}, + "monitor_failure_retry_period": {"required": False, "type": "int"}, + "monitor_keepalive_period": {"required": False, "type": "int"}, + "reliable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_day": {"required": False, "type": "str"}, + "upload_interval": {"required": False, "type": "str", + "choices": ["daily", + "weekly", + "monthly"]}, + "upload_option": {"required": False, "type": "str", + "choices": ["store-and-upload", + "realtime", + "1-minute", + "5-minute"]}, + "upload_time": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_filter.py new file mode 100644 index 00000000..306f20db --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_filter.py @@ -0,0 +1,418 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer3_filter +short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer3 feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer3_filter: + description: + - Filters for FortiAnalyzer. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dlp_archive: + description: + - Enable/disable DLP archive logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - FortiAnalyzer 3 log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiAnalyzer. + fortios_log_fortianalyzer3_filter: + vdom: "{{ vdom }}" + log_fortianalyzer3_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer3_filter_data(json): + option_list = ['anomaly', 'dlp_archive', 'dns', + 'filter', 'filter_type', 'forward_traffic', + 'gtp', 'local_traffic', 'multicast_traffic', + 'netscan_discovery', 'netscan_vulnerability', 'severity', + 'sniffer_traffic', 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer3_filter(data, fos): + vdom = data['vdom'] + log_fortianalyzer3_filter_data = data['log_fortianalyzer3_filter'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_filter_data(log_fortianalyzer3_filter_data)) + + return fos.set('log.fortianalyzer3', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer3(data, fos): + + if data['log_fortianalyzer3_filter']: + resp = log_fortianalyzer3_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer3_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer3_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_setting.py new file mode 100644 index 00000000..9edeec2d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer3_setting.py @@ -0,0 +1,410 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer3_setting +short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer3 feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer3_setting: + description: + - Global FortiAnalyzer settings. + default: null + type: dict + suboptions: + __change_ip: + description: + - Hidden attribute. + type: int + certificate: + description: + - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. + type: str + conn_timeout: + description: + - FortiAnalyzer connection time-out in seconds (for status and log buffer). + type: int + enc_algorithm: + description: + - Enable/disable sending FortiAnalyzer log data with SSL encryption. + type: str + choices: + - high-medium + - high + - low + - disable + faz_type: + description: + - Hidden setting index of FortiAnalyzer. + type: int + hmac_algorithm: + description: + - FortiAnalyzer IPsec tunnel HMAC algorithm. + type: str + choices: + - sha256 + - sha1 + ips_archive: + description: + - Enable/disable IPS packet archive logging. + type: str + choices: + - enable + - disable + mgmt_name: + description: + - Hidden management name of FortiAnalyzer. + type: str + monitor_failure_retry_period: + description: + - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). + type: int + monitor_keepalive_period: + description: + - Time between OFTP keepalives in seconds (for status and log buffer). + type: int + reliable: + description: + - Enable/disable reliable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + server: + description: + - The remote FortiAnalyzer. + type: str + source_ip: + description: + - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. + type: str + status: + description: + - Enable/disable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + upload_day: + description: + - Day of week (month) to upload logs. + type: str + upload_interval: + description: + - Frequency to upload log files to FortiAnalyzer. + type: str + choices: + - daily + - weekly + - monthly + upload_option: + description: + - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. + type: str + choices: + - store-and-upload + - realtime + - 1-minute + - 5-minute + upload_time: + description: + - 'Time to upload logs (hh:mm).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global FortiAnalyzer settings. + fortios_log_fortianalyzer3_setting: + vdom: "{{ vdom }}" + log_fortianalyzer3_setting: + __change_ip: "3" + certificate: " (source certificate.local.name)" + conn_timeout: "5" + enc_algorithm: "high-medium" + faz_type: "7" + hmac_algorithm: "sha256" + ips_archive: "enable" + mgmt_name: "" + monitor_failure_retry_period: "11" + monitor_keepalive_period: "12" + reliable: "enable" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer3_setting_data(json): + option_list = ['__change_ip', 'certificate', 'conn_timeout', + 'enc_algorithm', 'faz_type', 'hmac_algorithm', + 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', + 'monitor_keepalive_period', 'reliable', 'server', + 'source_ip', 'status', 'upload_day', + 'upload_interval', 'upload_option', 'upload_time'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer3_setting(data, fos): + vdom = data['vdom'] + log_fortianalyzer3_setting_data = data['log_fortianalyzer3_setting'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_setting_data(log_fortianalyzer3_setting_data)) + + return fos.set('log.fortianalyzer3', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer3(data, fos): + + if data['log_fortianalyzer3_setting']: + resp = log_fortianalyzer3_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer3_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer3_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "__change_ip": {"required": False, "type": "int"}, + "certificate": {"required": False, "type": "str"}, + "conn_timeout": {"required": False, "type": "int"}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "faz_type": {"required": False, "type": "int"}, + "hmac_algorithm": {"required": False, "type": "str", + "choices": ["sha256", + "sha1"]}, + "ips_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mgmt_name": {"required": False, "type": "str"}, + "monitor_failure_retry_period": {"required": False, "type": "int"}, + "monitor_keepalive_period": {"required": False, "type": "int"}, + "reliable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_day": {"required": False, "type": "str"}, + "upload_interval": {"required": False, "type": "str", + "choices": ["daily", + "weekly", + "monthly"]}, + "upload_option": {"required": False, "type": "str", + "choices": ["store-and-upload", + "realtime", + "1-minute", + "5-minute"]}, + "upload_time": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_filter.py new file mode 100644 index 00000000..b4c23dfe --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_filter.py @@ -0,0 +1,418 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer_filter +short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer_filter: + description: + - Filters for FortiAnalyzer. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dlp_archive: + description: + - Enable/disable DLP archive logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - FortiAnalyzer log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiAnalyzer. + fortios_log_fortianalyzer_filter: + vdom: "{{ vdom }}" + log_fortianalyzer_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer_filter_data(json): + option_list = ['anomaly', 'dlp_archive', 'dns', + 'filter', 'filter_type', 'forward_traffic', + 'gtp', 'local_traffic', 'multicast_traffic', + 'netscan_discovery', 'netscan_vulnerability', 'severity', + 'sniffer_traffic', 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer_filter(data, fos): + vdom = data['vdom'] + log_fortianalyzer_filter_data = data['log_fortianalyzer_filter'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_filter_data(log_fortianalyzer_filter_data)) + + return fos.set('log.fortianalyzer', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer(data, fos): + + if data['log_fortianalyzer_filter']: + resp = log_fortianalyzer_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_filter.py new file mode 100644 index 00000000..4b7b78f9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_filter.py @@ -0,0 +1,418 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer_override_filter +short_description: Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer feature and override_filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer_override_filter: + description: + - Override filters for FortiAnalyzer. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dlp_archive: + description: + - Enable/disable DLP archive logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - FortiAnalyzer log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for FortiAnalyzer. + fortios_log_fortianalyzer_override_filter: + vdom: "{{ vdom }}" + log_fortianalyzer_override_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer_override_filter_data(json): + option_list = ['anomaly', 'dlp_archive', 'dns', + 'filter', 'filter_type', 'forward_traffic', + 'gtp', 'local_traffic', 'multicast_traffic', + 'netscan_discovery', 'netscan_vulnerability', 'severity', + 'sniffer_traffic', 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer_override_filter(data, fos): + vdom = data['vdom'] + log_fortianalyzer_override_filter_data = data['log_fortianalyzer_override_filter'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_filter_data(log_fortianalyzer_override_filter_data)) + + return fos.set('log.fortianalyzer', + 'override-filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer(data, fos): + + if data['log_fortianalyzer_override_filter']: + resp = log_fortianalyzer_override_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer_override_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer_override_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_setting.py new file mode 100644 index 00000000..713a16a7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_override_setting.py @@ -0,0 +1,433 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer_override_setting +short_description: Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer feature and override_setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer_override_setting: + description: + - Override FortiAnalyzer settings. + default: null + type: dict + suboptions: + __change_ip: + description: + - Hidden attribute. + type: int + certificate: + description: + - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. + type: str + conn_timeout: + description: + - FortiAnalyzer connection time-out in seconds (for status and log buffer). + type: int + enc_algorithm: + description: + - Enable/disable sending FortiAnalyzer log data with SSL encryption. + type: str + choices: + - high-medium + - high + - low + - disable + faz_type: + description: + - Hidden setting index of FortiAnalyzer. + type: int + hmac_algorithm: + description: + - FortiAnalyzer IPsec tunnel HMAC algorithm. + type: str + choices: + - sha256 + - sha1 + ips_archive: + description: + - Enable/disable IPS packet archive logging. + type: str + choices: + - enable + - disable + mgmt_name: + description: + - Hidden management name of FortiAnalyzer. + type: str + monitor_failure_retry_period: + description: + - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). + type: int + monitor_keepalive_period: + description: + - Time between OFTP keepalives in seconds (for status and log buffer). + type: int + override: + description: + - Enable/disable overriding FortiAnalyzer settings or use global settings. + type: str + choices: + - enable + - disable + reliable: + description: + - Enable/disable reliable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + server: + description: + - The remote FortiAnalyzer. + type: str + source_ip: + description: + - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. + type: str + status: + description: + - Enable/disable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + upload_day: + description: + - Day of week (month) to upload logs. + type: str + upload_interval: + description: + - Frequency to upload log files to FortiAnalyzer. + type: str + choices: + - daily + - weekly + - monthly + upload_option: + description: + - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. + type: str + choices: + - store-and-upload + - realtime + - 1-minute + - 5-minute + upload_time: + description: + - 'Time to upload logs (hh:mm).' + type: str + use_management_vdom: + description: + - Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override FortiAnalyzer settings. + fortios_log_fortianalyzer_override_setting: + vdom: "{{ vdom }}" + log_fortianalyzer_override_setting: + __change_ip: "3" + certificate: " (source certificate.local.name)" + conn_timeout: "5" + enc_algorithm: "high-medium" + faz_type: "7" + hmac_algorithm: "sha256" + ips_archive: "enable" + mgmt_name: "" + monitor_failure_retry_period: "11" + monitor_keepalive_period: "12" + override: "enable" + reliable: "enable" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + use_management_vdom: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer_override_setting_data(json): + option_list = ['__change_ip', 'certificate', 'conn_timeout', + 'enc_algorithm', 'faz_type', 'hmac_algorithm', + 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', + 'monitor_keepalive_period', 'override', 'reliable', + 'server', 'source_ip', 'status', + 'upload_day', 'upload_interval', 'upload_option', + 'upload_time', 'use_management_vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer_override_setting(data, fos): + vdom = data['vdom'] + log_fortianalyzer_override_setting_data = data['log_fortianalyzer_override_setting'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_setting_data(log_fortianalyzer_override_setting_data)) + + return fos.set('log.fortianalyzer', + 'override-setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer(data, fos): + + if data['log_fortianalyzer_override_setting']: + resp = log_fortianalyzer_override_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer_override_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer_override_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "__change_ip": {"required": False, "type": "int"}, + "certificate": {"required": False, "type": "str"}, + "conn_timeout": {"required": False, "type": "int"}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "faz_type": {"required": False, "type": "int"}, + "hmac_algorithm": {"required": False, "type": "str", + "choices": ["sha256", + "sha1"]}, + "ips_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mgmt_name": {"required": False, "type": "str"}, + "monitor_failure_retry_period": {"required": False, "type": "int"}, + "monitor_keepalive_period": {"required": False, "type": "int"}, + "override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "reliable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_day": {"required": False, "type": "str"}, + "upload_interval": {"required": False, "type": "str", + "choices": ["daily", + "weekly", + "monthly"]}, + "upload_option": {"required": False, "type": "str", + "choices": ["store-and-upload", + "realtime", + "1-minute", + "5-minute"]}, + "upload_time": {"required": False, "type": "str"}, + "use_management_vdom": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_setting.py new file mode 100644 index 00000000..8758e52a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortianalyzer_setting.py @@ -0,0 +1,410 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortianalyzer_setting +short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortianalyzer feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortianalyzer_setting: + description: + - Global FortiAnalyzer settings. + default: null + type: dict + suboptions: + __change_ip: + description: + - Hidden attribute. + type: int + certificate: + description: + - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. + type: str + conn_timeout: + description: + - FortiAnalyzer connection time-out in seconds (for status and log buffer). + type: int + enc_algorithm: + description: + - Enable/disable sending FortiAnalyzer log data with SSL encryption. + type: str + choices: + - high-medium + - high + - low + - disable + faz_type: + description: + - Hidden setting index of FortiAnalyzer. + type: int + hmac_algorithm: + description: + - FortiAnalyzer IPsec tunnel HMAC algorithm. + type: str + choices: + - sha256 + - sha1 + ips_archive: + description: + - Enable/disable IPS packet archive logging. + type: str + choices: + - enable + - disable + mgmt_name: + description: + - Hidden management name of FortiAnalyzer. + type: str + monitor_failure_retry_period: + description: + - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). + type: int + monitor_keepalive_period: + description: + - Time between OFTP keepalives in seconds (for status and log buffer). + type: int + reliable: + description: + - Enable/disable reliable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + server: + description: + - The remote FortiAnalyzer. + type: str + source_ip: + description: + - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. + type: str + status: + description: + - Enable/disable logging to FortiAnalyzer. + type: str + choices: + - enable + - disable + upload_day: + description: + - Day of week (month) to upload logs. + type: str + upload_interval: + description: + - Frequency to upload log files to FortiAnalyzer. + type: str + choices: + - daily + - weekly + - monthly + upload_option: + description: + - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. + type: str + choices: + - store-and-upload + - realtime + - 1-minute + - 5-minute + upload_time: + description: + - 'Time to upload logs (hh:mm).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global FortiAnalyzer settings. + fortios_log_fortianalyzer_setting: + vdom: "{{ vdom }}" + log_fortianalyzer_setting: + __change_ip: "3" + certificate: " (source certificate.local.name)" + conn_timeout: "5" + enc_algorithm: "high-medium" + faz_type: "7" + hmac_algorithm: "sha256" + ips_archive: "enable" + mgmt_name: "" + monitor_failure_retry_period: "11" + monitor_keepalive_period: "12" + reliable: "enable" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortianalyzer_setting_data(json): + option_list = ['__change_ip', 'certificate', 'conn_timeout', + 'enc_algorithm', 'faz_type', 'hmac_algorithm', + 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', + 'monitor_keepalive_period', 'reliable', 'server', + 'source_ip', 'status', 'upload_day', + 'upload_interval', 'upload_option', 'upload_time'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortianalyzer_setting(data, fos): + vdom = data['vdom'] + log_fortianalyzer_setting_data = data['log_fortianalyzer_setting'] + filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_setting_data(log_fortianalyzer_setting_data)) + + return fos.set('log.fortianalyzer', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortianalyzer(data, fos): + + if data['log_fortianalyzer_setting']: + resp = log_fortianalyzer_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortianalyzer_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "__change_ip": {"required": False, "type": "int"}, + "certificate": {"required": False, "type": "str"}, + "conn_timeout": {"required": False, "type": "int"}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "faz_type": {"required": False, "type": "int"}, + "hmac_algorithm": {"required": False, "type": "str", + "choices": ["sha256", + "sha1"]}, + "ips_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mgmt_name": {"required": False, "type": "str"}, + "monitor_failure_retry_period": {"required": False, "type": "int"}, + "monitor_keepalive_period": {"required": False, "type": "int"}, + "reliable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_day": {"required": False, "type": "str"}, + "upload_interval": {"required": False, "type": "str", + "choices": ["daily", + "weekly", + "monthly"]}, + "upload_option": {"required": False, "type": "str", + "choices": ["store-and-upload", + "realtime", + "1-minute", + "5-minute"]}, + "upload_time": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_filter.py new file mode 100644 index 00000000..4c70a1d4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_filter.py @@ -0,0 +1,418 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortiguard_filter +short_description: Filters for FortiCloud in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortiguard feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortiguard_filter: + description: + - Filters for FortiCloud. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dlp_archive: + description: + - Enable/disable DLP archive logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - FortiCloud log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for FortiCloud. + fortios_log_fortiguard_filter: + vdom: "{{ vdom }}" + log_fortiguard_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortiguard_filter_data(json): + option_list = ['anomaly', 'dlp_archive', 'dns', + 'filter', 'filter_type', 'forward_traffic', + 'gtp', 'local_traffic', 'multicast_traffic', + 'netscan_discovery', 'netscan_vulnerability', 'severity', + 'sniffer_traffic', 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortiguard_filter(data, fos): + vdom = data['vdom'] + log_fortiguard_filter_data = data['log_fortiguard_filter'] + filtered_data = underscore_to_hyphen(filter_log_fortiguard_filter_data(log_fortiguard_filter_data)) + + return fos.set('log.fortiguard', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortiguard(data, fos): + + if data['log_fortiguard_filter']: + resp = log_fortiguard_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortiguard_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortiguard_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_filter.py new file mode 100644 index 00000000..05e3f2e0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_filter.py @@ -0,0 +1,418 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortiguard_override_filter +short_description: Override filters for FortiCloud in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortiguard feature and override_filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortiguard_override_filter: + description: + - Override filters for FortiCloud. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dlp_archive: + description: + - Enable/disable DLP archive logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - FortiCloud log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for FortiCloud. + fortios_log_fortiguard_override_filter: + vdom: "{{ vdom }}" + log_fortiguard_override_filter: + anomaly: "enable" + dlp_archive: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortiguard_override_filter_data(json): + option_list = ['anomaly', 'dlp_archive', 'dns', + 'filter', 'filter_type', 'forward_traffic', + 'gtp', 'local_traffic', 'multicast_traffic', + 'netscan_discovery', 'netscan_vulnerability', 'severity', + 'sniffer_traffic', 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortiguard_override_filter(data, fos): + vdom = data['vdom'] + log_fortiguard_override_filter_data = data['log_fortiguard_override_filter'] + filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_filter_data(log_fortiguard_override_filter_data)) + + return fos.set('log.fortiguard', + 'override-filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortiguard(data, fos): + + if data['log_fortiguard_override_filter']: + resp = log_fortiguard_override_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortiguard_override_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortiguard_override_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dlp_archive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_setting.py new file mode 100644 index 00000000..6db177c8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_override_setting.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortiguard_override_setting +short_description: Override global FortiCloud logging settings for this VDOM in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortiguard feature and override_setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortiguard_override_setting: + description: + - Override global FortiCloud logging settings for this VDOM. + default: null + type: dict + suboptions: + override: + description: + - Overriding FortiCloud settings for this VDOM or use global settings. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable logging to FortiCloud. + type: str + choices: + - enable + - disable + upload_day: + description: + - Day of week to roll logs. + type: str + upload_interval: + description: + - Frequency of uploading log files to FortiCloud. + type: str + choices: + - daily + - weekly + - monthly + upload_option: + description: + - Configure how log messages are sent to FortiCloud. + type: str + choices: + - store-and-upload + - realtime + - 1-minute + - 5-minute + upload_time: + description: + - 'Time of day to roll logs (hh:mm).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override global FortiCloud logging settings for this VDOM. + fortios_log_fortiguard_override_setting: + vdom: "{{ vdom }}" + log_fortiguard_override_setting: + override: "enable" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortiguard_override_setting_data(json): + option_list = ['override', 'status', 'upload_day', + 'upload_interval', 'upload_option', 'upload_time'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortiguard_override_setting(data, fos): + vdom = data['vdom'] + log_fortiguard_override_setting_data = data['log_fortiguard_override_setting'] + filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_setting_data(log_fortiguard_override_setting_data)) + + return fos.set('log.fortiguard', + 'override-setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortiguard(data, fos): + + if data['log_fortiguard_override_setting']: + resp = log_fortiguard_override_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortiguard_override_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortiguard_override_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_day": {"required": False, "type": "str"}, + "upload_interval": {"required": False, "type": "str", + "choices": ["daily", + "weekly", + "monthly"]}, + "upload_option": {"required": False, "type": "str", + "choices": ["store-and-upload", + "realtime", + "1-minute", + "5-minute"]}, + "upload_time": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_setting.py new file mode 100644 index 00000000..4d8adc5c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_fortiguard_setting.py @@ -0,0 +1,326 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_fortiguard_setting +short_description: Configure logging to FortiCloud in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_fortiguard feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_fortiguard_setting: + description: + - Configure logging to FortiCloud. + default: null + type: dict + suboptions: + enc_algorithm: + description: + - Enable/disable and set the SSL security level for for sending encrypted logs to FortiCloud. + type: str + choices: + - high-medium + - high + - low + - disable + source_ip: + description: + - Source IP address used to connect FortiCloud. + type: str + status: + description: + - Enable/disable logging to FortiCloud. + type: str + choices: + - enable + - disable + upload_day: + description: + - Day of week to roll logs. + type: str + upload_interval: + description: + - Frequency of uploading log files to FortiCloud. + type: str + choices: + - daily + - weekly + - monthly + upload_option: + description: + - Configure how log messages are sent to FortiCloud. + type: str + choices: + - store-and-upload + - realtime + - 1-minute + - 5-minute + upload_time: + description: + - 'Time of day to roll logs (hh:mm).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure logging to FortiCloud. + fortios_log_fortiguard_setting: + vdom: "{{ vdom }}" + log_fortiguard_setting: + enc_algorithm: "high-medium" + source_ip: "84.230.14.43" + status: "enable" + upload_day: "" + upload_interval: "daily" + upload_option: "store-and-upload" + upload_time: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_fortiguard_setting_data(json): + option_list = ['enc_algorithm', 'source_ip', 'status', + 'upload_day', 'upload_interval', 'upload_option', + 'upload_time'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_fortiguard_setting(data, fos): + vdom = data['vdom'] + log_fortiguard_setting_data = data['log_fortiguard_setting'] + filtered_data = underscore_to_hyphen(filter_log_fortiguard_setting_data(log_fortiguard_setting_data)) + + return fos.set('log.fortiguard', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_fortiguard(data, fos): + + if data['log_fortiguard_setting']: + resp = log_fortiguard_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_fortiguard_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_fortiguard_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "upload_day": {"required": False, "type": "str"}, + "upload_interval": {"required": False, "type": "str", + "choices": ["daily", + "weekly", + "monthly"]}, + "upload_option": {"required": False, "type": "str", + "choices": ["store-and-upload", + "realtime", + "1-minute", + "5-minute"]}, + "upload_time": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_gui_display.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_gui_display.py new file mode 100644 index 00000000..3b439ee9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_gui_display.py @@ -0,0 +1,285 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_gui_display +short_description: Configure how log messages are displayed on the GUI in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log feature and gui_display category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_gui_display: + description: + - Configure how log messages are displayed on the GUI. + default: null + type: dict + suboptions: + fortiview_unscanned_apps: + description: + - Enable/disable showing unscanned traffic in FortiView application charts. + type: str + choices: + - enable + - disable + resolve_apps: + description: + - Resolve unknown applications on the GUI using Fortinet"s remote application database. + type: str + choices: + - enable + - disable + resolve_hosts: + description: + - Enable/disable resolving IP addresses to hostname in log messages on the GUI using reverse DNS lookup + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure how log messages are displayed on the GUI. + fortios_log_gui_display: + vdom: "{{ vdom }}" + log_gui_display: + fortiview_unscanned_apps: "enable" + resolve_apps: "enable" + resolve_hosts: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_gui_display_data(json): + option_list = ['fortiview_unscanned_apps', 'resolve_apps', 'resolve_hosts'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_gui_display(data, fos): + vdom = data['vdom'] + log_gui_display_data = data['log_gui_display'] + filtered_data = underscore_to_hyphen(filter_log_gui_display_data(log_gui_display_data)) + + return fos.set('log', + 'gui-display', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log(data, fos): + + if data['log_gui_display']: + resp = log_gui_display(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_gui_display')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_gui_display": { + "required": False, "type": "dict", "default": None, + "options": { + "fortiview_unscanned_apps": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "resolve_apps": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "resolve_hosts": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_filter.py new file mode 100644 index 00000000..51657139 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_filter.py @@ -0,0 +1,611 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_memory_filter +short_description: Filters for memory buffer in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_memory feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_memory_filter: + description: + - Filters for memory buffer. + default: null + type: dict + suboptions: + admin: + description: + - Enable/disable admin login/logout logging. + type: str + choices: + - enable + - disable + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + auth: + description: + - Enable/disable firewall authentication logging. + type: str + choices: + - enable + - disable + cpu_memory_usage: + description: + - Enable/disable CPU & memory usage logging every 5 minutes. + type: str + choices: + - enable + - disable + dhcp: + description: + - Enable/disable DHCP service messages logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + event: + description: + - Enable/disable event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Memory log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + ha: + description: + - Enable/disable HA logging. + type: str + choices: + - enable + - disable + ipsec: + description: + - Enable/disable IPsec negotiation messages logging. + type: str + choices: + - enable + - disable + ldb_monitor: + description: + - Enable/disable VIP real server health monitoring logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + pattern: + description: + - Enable/disable pattern update logging. + type: str + choices: + - enable + - disable + ppp: + description: + - Enable/disable L2TP/PPTP/PPPoE logging. + type: str + choices: + - enable + - disable + radius: + description: + - Enable/disable RADIUS messages logging. + type: str + choices: + - enable + - disable + severity: + description: + - Log every message above and including this severity level. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + sslvpn_log_adm: + description: + - Enable/disable SSL administrator login logging. + type: str + choices: + - enable + - disable + sslvpn_log_auth: + description: + - Enable/disable SSL user authentication logging. + type: str + choices: + - enable + - disable + sslvpn_log_session: + description: + - Enable/disable SSL session logging. + type: str + choices: + - enable + - disable + system: + description: + - Enable/disable system activity logging. + type: str + choices: + - enable + - disable + vip_ssl: + description: + - Enable/disable VIP SSL logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable + wan_opt: + description: + - Enable/disable WAN optimization event logging. + type: str + choices: + - enable + - disable + wireless_activity: + description: + - Enable/disable wireless activity event logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for memory buffer. + fortios_log_memory_filter: + vdom: "{{ vdom }}" + log_memory_filter: + admin: "enable" + anomaly: "enable" + auth: "enable" + cpu_memory_usage: "enable" + dhcp: "enable" + dns: "enable" + event: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + ha: "enable" + ipsec: "enable" + ldb_monitor: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + pattern: "enable" + ppp: "enable" + radius: "enable" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + sslvpn_log_adm: "enable" + sslvpn_log_auth: "enable" + sslvpn_log_session: "enable" + system: "enable" + vip_ssl: "enable" + voip: "enable" + wan_opt: "enable" + wireless_activity: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_memory_filter_data(json): + option_list = ['admin', 'anomaly', 'auth', + 'cpu_memory_usage', 'dhcp', 'dns', + 'event', 'filter', 'filter_type', + 'forward_traffic', 'gtp', 'ha', + 'ipsec', 'ldb_monitor', 'local_traffic', + 'multicast_traffic', 'netscan_discovery', 'netscan_vulnerability', + 'pattern', 'ppp', 'radius', + 'severity', 'sniffer_traffic', 'ssh', + 'sslvpn_log_adm', 'sslvpn_log_auth', 'sslvpn_log_session', + 'system', 'vip_ssl', 'voip', + 'wan_opt', 'wireless_activity'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_memory_filter(data, fos): + vdom = data['vdom'] + log_memory_filter_data = data['log_memory_filter'] + filtered_data = underscore_to_hyphen(filter_log_memory_filter_data(log_memory_filter_data)) + + return fos.set('log.memory', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_memory(data, fos): + + if data['log_memory_filter']: + resp = log_memory_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_memory_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_memory_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "admin": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cpu_memory_usage": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "event": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ldb_monitor": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "pattern": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ppp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "radius": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_log_adm": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_log_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_log_session": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "system": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vip_ssl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wan_opt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wireless_activity": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_memory(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_global_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_global_setting.py new file mode 100644 index 00000000..c88cb013 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_global_setting.py @@ -0,0 +1,277 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_memory_global_setting +short_description: Global settings for memory logging in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_memory feature and global_setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_memory_global_setting: + description: + - Global settings for memory logging. + default: null + type: dict + suboptions: + full_final_warning_threshold: + description: + - Log full final warning threshold as a percent (3 - 100). + type: int + full_first_warning_threshold: + description: + - Log full first warning threshold as a percent (1 - 98). + type: int + full_second_warning_threshold: + description: + - Log full second warning threshold as a percent (2 - 99). + type: int + max_size: + description: + - Maximum amount of memory that can be used for memory logging in bytes. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for memory logging. + fortios_log_memory_global_setting: + vdom: "{{ vdom }}" + log_memory_global_setting: + full_final_warning_threshold: "3" + full_first_warning_threshold: "4" + full_second_warning_threshold: "5" + max_size: "6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_memory_global_setting_data(json): + option_list = ['full_final_warning_threshold', 'full_first_warning_threshold', 'full_second_warning_threshold', + 'max_size'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_memory_global_setting(data, fos): + vdom = data['vdom'] + log_memory_global_setting_data = data['log_memory_global_setting'] + filtered_data = underscore_to_hyphen(filter_log_memory_global_setting_data(log_memory_global_setting_data)) + + return fos.set('log.memory', + 'global-setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_memory(data, fos): + + if data['log_memory_global_setting']: + resp = log_memory_global_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_memory_global_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_memory_global_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "full_final_warning_threshold": {"required": False, "type": "int"}, + "full_first_warning_threshold": {"required": False, "type": "int"}, + "full_second_warning_threshold": {"required": False, "type": "int"}, + "max_size": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_memory(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_setting.py new file mode 100644 index 00000000..3c0675bf --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_memory_setting.py @@ -0,0 +1,272 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_memory_setting +short_description: Settings for memory buffer in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_memory feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_memory_setting: + description: + - Settings for memory buffer. + default: null + type: dict + suboptions: + diskfull: + description: + - Action to take when memory is full. + type: str + choices: + - overwrite + status: + description: + - Enable/disable logging to the FortiGate"s memory. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for memory buffer. + fortios_log_memory_setting: + vdom: "{{ vdom }}" + log_memory_setting: + diskfull: "overwrite" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_memory_setting_data(json): + option_list = ['diskfull', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_memory_setting(data, fos): + vdom = data['vdom'] + log_memory_setting_data = data['log_memory_setting'] + filtered_data = underscore_to_hyphen(filter_log_memory_setting_data(log_memory_setting_data)) + + return fos.set('log.memory', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_memory(data, fos): + + if data['log_memory_setting']: + resp = log_memory_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_memory_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_memory_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "diskfull": {"required": False, "type": "str", + "choices": ["overwrite"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_memory(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_filter.py new file mode 100644 index 00000000..555d4c4b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_filter.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_null_device_filter +short_description: Filters for null device logging in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_null_device feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_null_device_filter: + description: + - Filters for null device logging. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Null-device log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for null device logging. + fortios_log_null_device_filter: + vdom: "{{ vdom }}" + log_null_device_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_null_device_filter_data(json): + option_list = ['anomaly', 'dns', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'severity', 'sniffer_traffic', + 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_null_device_filter(data, fos): + vdom = data['vdom'] + log_null_device_filter_data = data['log_null_device_filter'] + filtered_data = underscore_to_hyphen(filter_log_null_device_filter_data(log_null_device_filter_data)) + + return fos.set('log.null-device', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_null_device(data, fos): + + if data['log_null_device_filter']: + resp = log_null_device_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_null_device_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_null_device_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_null_device(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_setting.py new file mode 100644 index 00000000..a6d87a9b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_null_device_setting.py @@ -0,0 +1,263 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_null_device_setting +short_description: Settings for null device logging in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_null_device feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_null_device_setting: + description: + - Settings for null device logging. + default: null + type: dict + suboptions: + status: + description: + - Enable/disable statistics collection for when no external logging destination, such as FortiAnalyzer, is present (data is not saved). + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for null device logging. + fortios_log_null_device_setting: + vdom: "{{ vdom }}" + log_null_device_setting: + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_null_device_setting_data(json): + option_list = ['status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_null_device_setting(data, fos): + vdom = data['vdom'] + log_null_device_setting_data = data['log_null_device_setting'] + filtered_data = underscore_to_hyphen(filter_log_null_device_setting_data(log_null_device_setting_data)) + + return fos.set('log.null-device', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_null_device(data, fos): + + if data['log_null_device_setting']: + resp = log_null_device_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_null_device_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_null_device_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_null_device(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_setting.py new file mode 100644 index 00000000..34948cd8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_setting.py @@ -0,0 +1,460 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_setting +short_description: Configure general log settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_setting: + description: + - Configure general log settings. + default: null + type: dict + suboptions: + brief_traffic_format: + description: + - Enable/disable brief format traffic logging. + type: str + choices: + - enable + - disable + custom_log_fields: + description: + - Custom fields to append to all log messages. + type: list + suboptions: + field_id: + description: + - Custom log field. Source log.custom-field.id. + type: str + daemon_log: + description: + - Enable/disable daemon logging. + type: str + choices: + - enable + - disable + expolicy_implicit_log: + description: + - Enable/disable explicit proxy firewall implicit policy logging. + type: str + choices: + - enable + - disable + fwpolicy_implicit_log: + description: + - Enable/disable implicit firewall policy logging. + type: str + choices: + - enable + - disable + fwpolicy6_implicit_log: + description: + - Enable/disable implicit firewall policy6 logging. + type: str + choices: + - enable + - disable + local_in_allow: + description: + - Enable/disable local-in-allow logging. + type: str + choices: + - enable + - disable + local_in_deny_broadcast: + description: + - Enable/disable local-in-deny-broadcast logging. + type: str + choices: + - enable + - disable + local_in_deny_unicast: + description: + - Enable/disable local-in-deny-unicast logging. + type: str + choices: + - enable + - disable + local_out: + description: + - Enable/disable local-out logging. + type: str + choices: + - enable + - disable + log_invalid_packet: + description: + - Enable/disable invalid packet traffic logging. + type: str + choices: + - enable + - disable + log_policy_comment: + description: + - Enable/disable inserting policy comments into traffic logs. + type: str + choices: + - enable + - disable + log_policy_name: + description: + - Enable/disable inserting policy name into traffic logs. + type: str + choices: + - enable + - disable + log_user_in_upper: + description: + - Enable/disable logs with user-in-upper. + type: str + choices: + - enable + - disable + neighbor_event: + description: + - Enable/disable neighbor event logging. + type: str + choices: + - enable + - disable + resolve_ip: + description: + - Enable/disable adding resolved domain names to traffic logs if possible. + type: str + choices: + - enable + - disable + resolve_port: + description: + - Enable/disable adding resolved service names to traffic logs. + type: str + choices: + - enable + - disable + user_anonymize: + description: + - Enable/disable anonymizing user names in log messages. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure general log settings. + fortios_log_setting: + vdom: "{{ vdom }}" + log_setting: + brief_traffic_format: "enable" + custom_log_fields: + - + field_id: " (source log.custom-field.id)" + daemon_log: "enable" + expolicy_implicit_log: "enable" + fwpolicy_implicit_log: "enable" + fwpolicy6_implicit_log: "enable" + local_in_allow: "enable" + local_in_deny_broadcast: "enable" + local_in_deny_unicast: "enable" + local_out: "enable" + log_invalid_packet: "enable" + log_policy_comment: "enable" + log_policy_name: "enable" + log_user_in_upper: "enable" + neighbor_event: "enable" + resolve_ip: "enable" + resolve_port: "enable" + user_anonymize: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_setting_data(json): + option_list = ['brief_traffic_format', 'custom_log_fields', 'daemon_log', + 'expolicy_implicit_log', 'fwpolicy_implicit_log', 'fwpolicy6_implicit_log', + 'local_in_allow', 'local_in_deny_broadcast', 'local_in_deny_unicast', + 'local_out', 'log_invalid_packet', 'log_policy_comment', + 'log_policy_name', 'log_user_in_upper', 'neighbor_event', + 'resolve_ip', 'resolve_port', 'user_anonymize'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_setting(data, fos): + vdom = data['vdom'] + log_setting_data = data['log_setting'] + filtered_data = underscore_to_hyphen(filter_log_setting_data(log_setting_data)) + + return fos.set('log', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log(data, fos): + + if data['log_setting']: + resp = log_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "brief_traffic_format": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "custom_log_fields": {"required": False, "type": "list", + "options": { + "field_id": {"required": False, "type": "str"} + }}, + "daemon_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "expolicy_implicit_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fwpolicy_implicit_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fwpolicy6_implicit_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_in_allow": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_in_deny_broadcast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_in_deny_unicast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_out": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_invalid_packet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_policy_comment": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_policy_name": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_user_in_upper": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "neighbor_event": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "resolve_ip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "resolve_port": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "user_anonymize": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_filter.py new file mode 100644 index 00000000..97a507b9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_filter.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd2_filter +short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd2 feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd2_filter: + description: + - Filters for remote system server. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Syslog 2 filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd2_filter: + vdom: "{{ vdom }}" + log_syslogd2_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd2_filter_data(json): + option_list = ['anomaly', 'dns', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'severity', 'sniffer_traffic', + 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd2_filter(data, fos): + vdom = data['vdom'] + log_syslogd2_filter_data = data['log_syslogd2_filter'] + filtered_data = underscore_to_hyphen(filter_log_syslogd2_filter_data(log_syslogd2_filter_data)) + + return fos.set('log.syslogd2', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd2(data, fos): + + if data['log_syslogd2_filter']: + resp = log_syslogd2_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd2_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd2_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd2(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_setting.py new file mode 100644 index 00000000..621d5883 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd2_setting.py @@ -0,0 +1,415 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd2_setting +short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd2 feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd2_setting: + description: + - Global settings for remote syslog server. + default: null + type: dict + suboptions: + certificate: + description: + - Certificate used to communicate with Syslog server. Source certificate.local.name. + type: str + custom_field_name: + description: + - Custom field name for CEF format logging. + type: list + suboptions: + custom: + description: + - Field custom name. + type: str + id: + description: + - Entry ID. + required: true + type: int + name: + description: + - Field name. + type: str + enc_algorithm: + description: + - Enable/disable reliable syslogging with TLS encryption. + type: str + choices: + - high-medium + - high + - low + - disable + facility: + description: + - Remote syslog facility. + type: str + choices: + - kernel + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - authpriv + - ftp + - ntp + - audit + - alert + - clock + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + format: + description: + - Log format. + type: str + choices: + - default + - csv + - cef + mode: + description: + - Remote syslog logging over UDP/Reliable TCP. + type: str + choices: + - udp + - legacy-reliable + - reliable + port: + description: + - Server listen port. + type: int + server: + description: + - Address of remote syslog server. + type: str + source_ip: + description: + - Source IP address of syslog. + type: str + status: + description: + - Enable/disable remote syslog logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd2_setting: + vdom: "{{ vdom }}" + log_syslogd2_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + mode: "udp" + port: "12" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd2_setting_data(json): + option_list = ['certificate', 'custom_field_name', 'enc_algorithm', + 'facility', 'format', 'mode', + 'port', 'server', 'source_ip', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd2_setting(data, fos): + vdom = data['vdom'] + log_syslogd2_setting_data = data['log_syslogd2_setting'] + filtered_data = underscore_to_hyphen(filter_log_syslogd2_setting_data(log_syslogd2_setting_data)) + + return fos.set('log.syslogd2', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd2(data, fos): + + if data['log_syslogd2_setting']: + resp = log_syslogd2_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd2_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd2_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "certificate": {"required": False, "type": "str"}, + "custom_field_name": {"required": False, "type": "list", + "options": { + "custom": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + }}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "facility": {"required": False, "type": "str", + "choices": ["kernel", + "user", + "mail", + "daemon", + "auth", + "syslog", + "lpr", + "news", + "uucp", + "cron", + "authpriv", + "ftp", + "ntp", + "audit", + "alert", + "clock", + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7"]}, + "format": {"required": False, "type": "str", + "choices": ["default", + "csv", + "cef"]}, + "mode": {"required": False, "type": "str", + "choices": ["udp", + "legacy-reliable", + "reliable"]}, + "port": {"required": False, "type": "int"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd2(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_filter.py new file mode 100644 index 00000000..637203dc --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_filter.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd3_filter +short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd3 feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd3_filter: + description: + - Filters for remote system server. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Syslog 3 filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd3_filter: + vdom: "{{ vdom }}" + log_syslogd3_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd3_filter_data(json): + option_list = ['anomaly', 'dns', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'severity', 'sniffer_traffic', + 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd3_filter(data, fos): + vdom = data['vdom'] + log_syslogd3_filter_data = data['log_syslogd3_filter'] + filtered_data = underscore_to_hyphen(filter_log_syslogd3_filter_data(log_syslogd3_filter_data)) + + return fos.set('log.syslogd3', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd3(data, fos): + + if data['log_syslogd3_filter']: + resp = log_syslogd3_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd3_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd3_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_setting.py new file mode 100644 index 00000000..3e630480 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd3_setting.py @@ -0,0 +1,415 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd3_setting +short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd3 feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd3_setting: + description: + - Global settings for remote syslog server. + default: null + type: dict + suboptions: + certificate: + description: + - Certificate used to communicate with Syslog server. Source certificate.local.name. + type: str + custom_field_name: + description: + - Custom field name for CEF format logging. + type: list + suboptions: + custom: + description: + - Field custom name. + type: str + id: + description: + - Entry ID. + required: true + type: int + name: + description: + - Field name. + type: str + enc_algorithm: + description: + - Enable/disable reliable syslogging with TLS encryption. + type: str + choices: + - high-medium + - high + - low + - disable + facility: + description: + - Remote syslog facility. + type: str + choices: + - kernel + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - authpriv + - ftp + - ntp + - audit + - alert + - clock + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + format: + description: + - Log format. + type: str + choices: + - default + - csv + - cef + mode: + description: + - Remote syslog logging over UDP/Reliable TCP. + type: str + choices: + - udp + - legacy-reliable + - reliable + port: + description: + - Server listen port. + type: int + server: + description: + - Address of remote syslog server. + type: str + source_ip: + description: + - Source IP address of syslog. + type: str + status: + description: + - Enable/disable remote syslog logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd3_setting: + vdom: "{{ vdom }}" + log_syslogd3_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + mode: "udp" + port: "12" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd3_setting_data(json): + option_list = ['certificate', 'custom_field_name', 'enc_algorithm', + 'facility', 'format', 'mode', + 'port', 'server', 'source_ip', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd3_setting(data, fos): + vdom = data['vdom'] + log_syslogd3_setting_data = data['log_syslogd3_setting'] + filtered_data = underscore_to_hyphen(filter_log_syslogd3_setting_data(log_syslogd3_setting_data)) + + return fos.set('log.syslogd3', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd3(data, fos): + + if data['log_syslogd3_setting']: + resp = log_syslogd3_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd3_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd3_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "certificate": {"required": False, "type": "str"}, + "custom_field_name": {"required": False, "type": "list", + "options": { + "custom": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + }}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "facility": {"required": False, "type": "str", + "choices": ["kernel", + "user", + "mail", + "daemon", + "auth", + "syslog", + "lpr", + "news", + "uucp", + "cron", + "authpriv", + "ftp", + "ntp", + "audit", + "alert", + "clock", + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7"]}, + "format": {"required": False, "type": "str", + "choices": ["default", + "csv", + "cef"]}, + "mode": {"required": False, "type": "str", + "choices": ["udp", + "legacy-reliable", + "reliable"]}, + "port": {"required": False, "type": "int"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_filter.py new file mode 100644 index 00000000..6d8c960b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_filter.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd4_filter +short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd4 feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd4_filter: + description: + - Filters for remote system server. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Syslog 4 filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd4_filter: + vdom: "{{ vdom }}" + log_syslogd4_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd4_filter_data(json): + option_list = ['anomaly', 'dns', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'severity', 'sniffer_traffic', + 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd4_filter(data, fos): + vdom = data['vdom'] + log_syslogd4_filter_data = data['log_syslogd4_filter'] + filtered_data = underscore_to_hyphen(filter_log_syslogd4_filter_data(log_syslogd4_filter_data)) + + return fos.set('log.syslogd4', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd4(data, fos): + + if data['log_syslogd4_filter']: + resp = log_syslogd4_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd4_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd4_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd4(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_setting.py new file mode 100644 index 00000000..2ef53e49 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd4_setting.py @@ -0,0 +1,415 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd4_setting +short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd4 feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd4_setting: + description: + - Global settings for remote syslog server. + default: null + type: dict + suboptions: + certificate: + description: + - Certificate used to communicate with Syslog server. Source certificate.local.name. + type: str + custom_field_name: + description: + - Custom field name for CEF format logging. + type: list + suboptions: + custom: + description: + - Field custom name. + type: str + id: + description: + - Entry ID. + required: true + type: int + name: + description: + - Field name. + type: str + enc_algorithm: + description: + - Enable/disable reliable syslogging with TLS encryption. + type: str + choices: + - high-medium + - high + - low + - disable + facility: + description: + - Remote syslog facility. + type: str + choices: + - kernel + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - authpriv + - ftp + - ntp + - audit + - alert + - clock + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + format: + description: + - Log format. + type: str + choices: + - default + - csv + - cef + mode: + description: + - Remote syslog logging over UDP/Reliable TCP. + type: str + choices: + - udp + - legacy-reliable + - reliable + port: + description: + - Server listen port. + type: int + server: + description: + - Address of remote syslog server. + type: str + source_ip: + description: + - Source IP address of syslog. + type: str + status: + description: + - Enable/disable remote syslog logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd4_setting: + vdom: "{{ vdom }}" + log_syslogd4_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + mode: "udp" + port: "12" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd4_setting_data(json): + option_list = ['certificate', 'custom_field_name', 'enc_algorithm', + 'facility', 'format', 'mode', + 'port', 'server', 'source_ip', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd4_setting(data, fos): + vdom = data['vdom'] + log_syslogd4_setting_data = data['log_syslogd4_setting'] + filtered_data = underscore_to_hyphen(filter_log_syslogd4_setting_data(log_syslogd4_setting_data)) + + return fos.set('log.syslogd4', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd4(data, fos): + + if data['log_syslogd4_setting']: + resp = log_syslogd4_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd4_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd4_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "certificate": {"required": False, "type": "str"}, + "custom_field_name": {"required": False, "type": "list", + "options": { + "custom": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + }}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "facility": {"required": False, "type": "str", + "choices": ["kernel", + "user", + "mail", + "daemon", + "auth", + "syslog", + "lpr", + "news", + "uucp", + "cron", + "authpriv", + "ftp", + "ntp", + "audit", + "alert", + "clock", + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7"]}, + "format": {"required": False, "type": "str", + "choices": ["default", + "csv", + "cef"]}, + "mode": {"required": False, "type": "str", + "choices": ["udp", + "legacy-reliable", + "reliable"]}, + "port": {"required": False, "type": "int"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd4(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_filter.py new file mode 100644 index 00000000..1a84461d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_filter.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd_filter +short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd_filter: + description: + - Filters for remote system server. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Syslog filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for remote system server. + fortios_log_syslogd_filter: + vdom: "{{ vdom }}" + log_syslogd_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd_filter_data(json): + option_list = ['anomaly', 'dns', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'severity', 'sniffer_traffic', + 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd_filter(data, fos): + vdom = data['vdom'] + log_syslogd_filter_data = data['log_syslogd_filter'] + filtered_data = underscore_to_hyphen(filter_log_syslogd_filter_data(log_syslogd_filter_data)) + + return fos.set('log.syslogd', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd(data, fos): + + if data['log_syslogd_filter']: + resp = log_syslogd_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_filter.py new file mode 100644 index 00000000..d18031e3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_filter.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd_override_filter +short_description: Override filters for remote system server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd feature and override_filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd_override_filter: + description: + - Override filters for remote system server. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Syslog filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override filters for remote system server. + fortios_log_syslogd_override_filter: + vdom: "{{ vdom }}" + log_syslogd_override_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd_override_filter_data(json): + option_list = ['anomaly', 'dns', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'severity', 'sniffer_traffic', + 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd_override_filter(data, fos): + vdom = data['vdom'] + log_syslogd_override_filter_data = data['log_syslogd_override_filter'] + filtered_data = underscore_to_hyphen(filter_log_syslogd_override_filter_data(log_syslogd_override_filter_data)) + + return fos.set('log.syslogd', + 'override-filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd(data, fos): + + if data['log_syslogd_override_filter']: + resp = log_syslogd_override_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd_override_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd_override_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_setting.py new file mode 100644 index 00000000..52f286f9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_override_setting.py @@ -0,0 +1,426 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd_override_setting +short_description: Override settings for remote syslog server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd feature and override_setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd_override_setting: + description: + - Override settings for remote syslog server. + default: null + type: dict + suboptions: + certificate: + description: + - Certificate used to communicate with Syslog server. Source certificate.local.name. + type: str + custom_field_name: + description: + - Custom field name for CEF format logging. + type: list + suboptions: + custom: + description: + - Field custom name. + type: str + id: + description: + - Entry ID. + required: true + type: int + name: + description: + - Field name. + type: str + enc_algorithm: + description: + - Enable/disable reliable syslogging with TLS encryption. + type: str + choices: + - high-medium + - high + - low + - disable + facility: + description: + - Remote syslog facility. + type: str + choices: + - kernel + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - authpriv + - ftp + - ntp + - audit + - alert + - clock + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + format: + description: + - Log format. + type: str + choices: + - default + - csv + - cef + mode: + description: + - Remote syslog logging over UDP/Reliable TCP. + type: str + choices: + - udp + - legacy-reliable + - reliable + override: + description: + - Enable/disable override syslog settings. + type: str + choices: + - enable + - disable + port: + description: + - Server listen port. + type: int + server: + description: + - Address of remote syslog server. + type: str + source_ip: + description: + - Source IP address of syslog. + type: str + status: + description: + - Enable/disable remote syslog logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Override settings for remote syslog server. + fortios_log_syslogd_override_setting: + vdom: "{{ vdom }}" + log_syslogd_override_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + mode: "udp" + override: "enable" + port: "13" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd_override_setting_data(json): + option_list = ['certificate', 'custom_field_name', 'enc_algorithm', + 'facility', 'format', 'mode', + 'override', 'port', 'server', + 'source_ip', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd_override_setting(data, fos): + vdom = data['vdom'] + log_syslogd_override_setting_data = data['log_syslogd_override_setting'] + filtered_data = underscore_to_hyphen(filter_log_syslogd_override_setting_data(log_syslogd_override_setting_data)) + + return fos.set('log.syslogd', + 'override-setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd(data, fos): + + if data['log_syslogd_override_setting']: + resp = log_syslogd_override_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd_override_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd_override_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "certificate": {"required": False, "type": "str"}, + "custom_field_name": {"required": False, "type": "list", + "options": { + "custom": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + }}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "facility": {"required": False, "type": "str", + "choices": ["kernel", + "user", + "mail", + "daemon", + "auth", + "syslog", + "lpr", + "news", + "uucp", + "cron", + "authpriv", + "ftp", + "ntp", + "audit", + "alert", + "clock", + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7"]}, + "format": {"required": False, "type": "str", + "choices": ["default", + "csv", + "cef"]}, + "mode": {"required": False, "type": "str", + "choices": ["udp", + "legacy-reliable", + "reliable"]}, + "override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "int"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_setting.py new file mode 100644 index 00000000..9d679b57 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_syslogd_setting.py @@ -0,0 +1,415 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_syslogd_setting +short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_syslogd feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_syslogd_setting: + description: + - Global settings for remote syslog server. + default: null + type: dict + suboptions: + certificate: + description: + - Certificate used to communicate with Syslog server. Source certificate.local.name. + type: str + custom_field_name: + description: + - Custom field name for CEF format logging. + type: list + suboptions: + custom: + description: + - Field custom name. + type: str + id: + description: + - Entry ID. + required: true + type: int + name: + description: + - Field name. + type: str + enc_algorithm: + description: + - Enable/disable reliable syslogging with TLS encryption. + type: str + choices: + - high-medium + - high + - low + - disable + facility: + description: + - Remote syslog facility. + type: str + choices: + - kernel + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - authpriv + - ftp + - ntp + - audit + - alert + - clock + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + format: + description: + - Log format. + type: str + choices: + - default + - csv + - cef + mode: + description: + - Remote syslog logging over UDP/Reliable TCP. + type: str + choices: + - udp + - legacy-reliable + - reliable + port: + description: + - Server listen port. + type: int + server: + description: + - Address of remote syslog server. + type: str + source_ip: + description: + - Source IP address of syslog. + type: str + status: + description: + - Enable/disable remote syslog logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global settings for remote syslog server. + fortios_log_syslogd_setting: + vdom: "{{ vdom }}" + log_syslogd_setting: + certificate: " (source certificate.local.name)" + custom_field_name: + - + custom: "" + id: "6" + name: "default_name_7" + enc_algorithm: "high-medium" + facility: "kernel" + format: "default" + mode: "udp" + port: "12" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_syslogd_setting_data(json): + option_list = ['certificate', 'custom_field_name', 'enc_algorithm', + 'facility', 'format', 'mode', + 'port', 'server', 'source_ip', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_syslogd_setting(data, fos): + vdom = data['vdom'] + log_syslogd_setting_data = data['log_syslogd_setting'] + filtered_data = underscore_to_hyphen(filter_log_syslogd_setting_data(log_syslogd_setting_data)) + + return fos.set('log.syslogd', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_syslogd(data, fos): + + if data['log_syslogd_setting']: + resp = log_syslogd_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_syslogd_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_syslogd_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "certificate": {"required": False, "type": "str"}, + "custom_field_name": {"required": False, "type": "list", + "options": { + "custom": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + }}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["high-medium", + "high", + "low", + "disable"]}, + "facility": {"required": False, "type": "str", + "choices": ["kernel", + "user", + "mail", + "daemon", + "auth", + "syslog", + "lpr", + "news", + "uucp", + "cron", + "authpriv", + "ftp", + "ntp", + "audit", + "alert", + "clock", + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7"]}, + "format": {"required": False, "type": "str", + "choices": ["default", + "csv", + "cef"]}, + "mode": {"required": False, "type": "str", + "choices": ["udp", + "legacy-reliable", + "reliable"]}, + "port": {"required": False, "type": "int"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_syslogd(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_threat_weight.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_threat_weight.py new file mode 100644 index 00000000..789b26d3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_threat_weight.py @@ -0,0 +1,598 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_threat_weight +short_description: Configure threat weight settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log feature and threat_weight category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_threat_weight: + description: + - Configure threat weight settings. + default: null + type: dict + suboptions: + application: + description: + - Application-control threat weight settings. + type: list + suboptions: + category: + description: + - Application category. + type: int + id: + description: + - Entry ID. + required: true + type: int + level: + description: + - Threat weight score for Application events. + type: str + choices: + - disable + - low + - medium + - high + - critical + blocked_connection: + description: + - Threat weight score for blocked connections. + type: str + choices: + - disable + - low + - medium + - high + - critical + botnet_connection_detected: + description: + - Threat weight score for detected botnet connections. + type: str + choices: + - disable + - low + - medium + - high + - critical + failed_connection: + description: + - Threat weight score for failed connections. + type: str + choices: + - disable + - low + - medium + - high + - critical + geolocation: + description: + - Geolocation-based threat weight settings. + type: list + suboptions: + country: + description: + - Country code. + type: str + id: + description: + - Entry ID. + required: true + type: int + level: + description: + - Threat weight score for Geolocation-based events. + type: str + choices: + - disable + - low + - medium + - high + - critical + ips: + description: + - IPS threat weight settings. + type: dict + suboptions: + critical_severity: + description: + - Threat weight score for IPS critical severity events. + type: str + choices: + - disable + - low + - medium + - high + - critical + high_severity: + description: + - Threat weight score for IPS high severity events. + type: str + choices: + - disable + - low + - medium + - high + - critical + info_severity: + description: + - Threat weight score for IPS info severity events. + type: str + choices: + - disable + - low + - medium + - high + - critical + low_severity: + description: + - Threat weight score for IPS low severity events. + type: str + choices: + - disable + - low + - medium + - high + - critical + medium_severity: + description: + - Threat weight score for IPS medium severity events. + type: str + choices: + - disable + - low + - medium + - high + - critical + level: + description: + - Score mapping for threat weight levels. + type: dict + suboptions: + critical: + description: + - Critical level score value (1 - 100). + type: int + high: + description: + - High level score value (1 - 100). + type: int + low: + description: + - Low level score value (1 - 100). + type: int + medium: + description: + - Medium level score value (1 - 100). + type: int + malware_detected: + description: + - Threat weight score for detected malware. + type: str + choices: + - disable + - low + - medium + - high + - critical + status: + description: + - Enable/disable the threat weight feature. + type: str + choices: + - enable + - disable + url_block_detected: + description: + - Threat weight score for URL blocking. + type: str + choices: + - disable + - low + - medium + - high + - critical + web: + description: + - Web filtering threat weight settings. + type: list + suboptions: + category: + description: + - Threat weight score for web category filtering matches. + type: int + id: + description: + - Entry ID. + required: true + type: int + level: + description: + - Threat weight score for web category filtering matches. + type: str + choices: + - disable + - low + - medium + - high + - critical +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure threat weight settings. + fortios_log_threat_weight: + vdom: "{{ vdom }}" + log_threat_weight: + application: + - + category: "4" + id: "5" + level: "disable" + blocked_connection: "disable" + botnet_connection_detected: "disable" + failed_connection: "disable" + geolocation: + - + country: "" + id: "12" + level: "disable" + ips: + critical_severity: "disable" + high_severity: "disable" + info_severity: "disable" + low_severity: "disable" + medium_severity: "disable" + level: + critical: "21" + high: "22" + low: "23" + medium: "24" + malware_detected: "disable" + status: "enable" + url_block_detected: "disable" + web: + - + category: "29" + id: "30" + level: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_threat_weight_data(json): + option_list = ['application', 'blocked_connection', 'botnet_connection_detected', + 'failed_connection', 'geolocation', 'ips', + 'level', 'malware_detected', 'status', + 'url_block_detected', 'web'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_threat_weight(data, fos): + vdom = data['vdom'] + log_threat_weight_data = data['log_threat_weight'] + filtered_data = underscore_to_hyphen(filter_log_threat_weight_data(log_threat_weight_data)) + + return fos.set('log', + 'threat-weight', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log(data, fos): + + if data['log_threat_weight']: + resp = log_threat_weight(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_threat_weight')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_threat_weight": { + "required": False, "type": "dict", "default": None, + "options": { + "application": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "level": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]} + }}, + "blocked_connection": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "botnet_connection_detected": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "failed_connection": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "geolocation": {"required": False, "type": "list", + "options": { + "country": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "level": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]} + }}, + "ips": {"required": False, "type": "dict", + "options": { + "critical_severity": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "high_severity": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "info_severity": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "low_severity": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "medium_severity": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]} + }}, + "level": {"required": False, "type": "dict", + "options": { + "critical": {"required": False, "type": "int"}, + "high": {"required": False, "type": "int"}, + "low": {"required": False, "type": "int"}, + "medium": {"required": False, "type": "int"} + }}, + "malware_detected": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "url_block_detected": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]}, + "web": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "level": {"required": False, "type": "str", + "choices": ["disable", + "low", + "medium", + "high", + "critical"]} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_filter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_filter.py new file mode 100644 index 00000000..bc99eab7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_filter.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_webtrends_filter +short_description: Filters for WebTrends in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_webtrends feature and filter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_webtrends_filter: + description: + - Filters for WebTrends. + default: null + type: dict + suboptions: + anomaly: + description: + - Enable/disable anomaly logging. + type: str + choices: + - enable + - disable + dns: + description: + - Enable/disable detailed DNS event logging. + type: str + choices: + - enable + - disable + filter: + description: + - Webtrends log filter. + type: str + filter_type: + description: + - Include/exclude logs that match the filter. + type: str + choices: + - include + - exclude + forward_traffic: + description: + - Enable/disable forward traffic logging. + type: str + choices: + - enable + - disable + gtp: + description: + - Enable/disable GTP messages logging. + type: str + choices: + - enable + - disable + local_traffic: + description: + - Enable/disable local in or out traffic logging. + type: str + choices: + - enable + - disable + multicast_traffic: + description: + - Enable/disable multicast traffic logging. + type: str + choices: + - enable + - disable + netscan_discovery: + description: + - Enable/disable netscan discovery event logging. + type: str + netscan_vulnerability: + description: + - Enable/disable netscan vulnerability event logging. + type: str + severity: + description: + - Lowest severity level to log to WebTrends. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + sniffer_traffic: + description: + - Enable/disable sniffer traffic logging. + type: str + choices: + - enable + - disable + ssh: + description: + - Enable/disable SSH logging. + type: str + choices: + - enable + - disable + voip: + description: + - Enable/disable VoIP logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Filters for WebTrends. + fortios_log_webtrends_filter: + vdom: "{{ vdom }}" + log_webtrends_filter: + anomaly: "enable" + dns: "enable" + filter: "" + filter_type: "include" + forward_traffic: "enable" + gtp: "enable" + local_traffic: "enable" + multicast_traffic: "enable" + netscan_discovery: "" + netscan_vulnerability: "" + severity: "emergency" + sniffer_traffic: "enable" + ssh: "enable" + voip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_webtrends_filter_data(json): + option_list = ['anomaly', 'dns', 'filter', + 'filter_type', 'forward_traffic', 'gtp', + 'local_traffic', 'multicast_traffic', 'netscan_discovery', + 'netscan_vulnerability', 'severity', 'sniffer_traffic', + 'ssh', 'voip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_webtrends_filter(data, fos): + vdom = data['vdom'] + log_webtrends_filter_data = data['log_webtrends_filter'] + filtered_data = underscore_to_hyphen(filter_log_webtrends_filter_data(log_webtrends_filter_data)) + + return fos.set('log.webtrends', + 'filter', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_webtrends(data, fos): + + if data['log_webtrends_filter']: + resp = log_webtrends_filter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_webtrends_filter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_webtrends_filter": { + "required": False, "type": "dict", "default": None, + "options": { + "anomaly": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "filter": {"required": False, "type": "str"}, + "filter_type": {"required": False, "type": "str", + "choices": ["include", + "exclude"]}, + "forward_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netscan_discovery": {"required": False, "type": "str"}, + "netscan_vulnerability": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "sniffer_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "voip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_webtrends(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_setting.py new file mode 100644 index 00000000..cbb8c452 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_log_webtrends_setting.py @@ -0,0 +1,269 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_log_webtrends_setting +short_description: Settings for WebTrends in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify log_webtrends feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + log_webtrends_setting: + description: + - Settings for WebTrends. + default: null + type: dict + suboptions: + server: + description: + - Address of the remote WebTrends server. + type: str + status: + description: + - Enable/disable logging to WebTrends. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Settings for WebTrends. + fortios_log_webtrends_setting: + vdom: "{{ vdom }}" + log_webtrends_setting: + server: "192.168.100.40" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_log_webtrends_setting_data(json): + option_list = ['server', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def log_webtrends_setting(data, fos): + vdom = data['vdom'] + log_webtrends_setting_data = data['log_webtrends_setting'] + filtered_data = underscore_to_hyphen(filter_log_webtrends_setting_data(log_webtrends_setting_data)) + + return fos.set('log.webtrends', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_log_webtrends(data, fos): + + if data['log_webtrends_setting']: + resp = log_webtrends_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('log_webtrends_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "log_webtrends_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "server": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_log_webtrends(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_forticare.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_forticare.py new file mode 100644 index 00000000..20582042 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_forticare.py @@ -0,0 +1,289 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_registration_forticare +short_description: Add a FortiCare license in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify registration feature and forticare category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.5 +version_added: "2.8" +author: + - Frank Shen (@frankshen01) + - Link Zheng (@chillancezen) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks +requirements: + - ansible>=2.9.0 +options: + host: + description: + - FortiOS or FortiGate IP address. + type: str + required: false + username: + description: + - FortiOS or FortiGate username. + type: str + required: false + password: + description: + - FortiOS or FortiGate password. + type: str + default: "" + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + https: + description: + - Indicates if the requests towards FortiGate must use HTTPS protocol. + type: bool + default: true + ssl_verify: + description: + - Ensures FortiGate certificate must be verified by a proper CA. + type: bool + default: true + version_added: 2.9 + registration_forticare: + description: + - Add a FortiCare license. + default: null + type: dict + suboptions: + registration_code: + description: + - FortiCare contract number. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: no + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 80 + tasks: + - name: Add a FortiCare license. + fortios_registration_forticare: + vdom: "{{ vdom }}" + registration_forticare: + registration_code: "" +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'POST' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "forticare" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "registration" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def login(data, fos): + host = data['host'] + username = data['username'] + password = data['password'] + ssl_verify = data['ssl_verify'] + + fos.debug('on') + if 'https' in data and not data['https']: + fos.https('off') + else: + fos.https('on') + + fos.login(host, username, password, verify=ssl_verify) + + +def filter_registration_forticare_data(json): + option_list = ['registration_code'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + # if isinstance(data, list): + # for elem in data: + # elem = underscore_to_hyphen(elem) + # elif isinstance(data, dict): + # new_data = {} + # for k, v in data.items(): + # new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + # data = new_data + + return data + + +def registration_forticare(data, fos): + vdom = data['vdom'] + registration_forticare_data = data['registration_forticare'] + filtered_data = underscore_to_hyphen(filter_registration_forticare_data(registration_forticare_data)) + + return fos.execute('registration', + 'forticare/add-license', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_registration(data, fos): + + if data['registration_forticare']: + resp = registration_forticare(data, fos) + + return not is_successful_status(resp), \ + resp['status'] == "success", \ + resp + + +def main(): + fields = { + "host": {"required": False, "type": "str"}, + "username": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "default": "", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "https": {"required": False, "type": "bool", "default": True}, + "ssl_verify": {"required": False, "type": "bool", "default": True}, + "registration_forticare": { + "required": False, "type": "dict", "default": None, + "options": { + "registration_code": {"required": False, "type": "str"} + + } + } + } + + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + # legacy_mode refers to using fortiosapi instead of HTTPAPI + legacy_mode = 'host' in module.params and module.params['host'] is not None and \ + 'username' in module.params and module.params['username'] is not None and \ + 'password' in module.params and module.params['password'] is not None + + if not legacy_mode: + if module._socket_path: + connection = Connection(module._socket_path) + fos = FortiOSHandler(connection) + + is_error, has_changed, result = fortios_registration(module.params, fos) + else: + module.fail_json(**FAIL_SOCKET_MSG) + else: + try: + from fortiosapi import FortiOSAPI + except ImportError: + module.fail_json(msg="fortiosapi module is required") + + fos = FortiOSAPI() + + login(module.params, fos) + is_error, has_changed, result = fortios_registration(module.params, fos) + fos.logout() + + if not is_error: + module.exit_json(changed=has_changed, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_vdom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_vdom.py new file mode 100644 index 00000000..a68b108b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_registration_vdom.py @@ -0,0 +1,288 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_registration_vdom +short_description: Add a VDOM license in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify registration feature and vdom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.5 +version_added: "2.8" +author: + - Frank Shen (@frankshen01) + - Link Zheng (@chillancezen) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks +requirements: + - ansible>=2.9.0 +options: + host: + description: + - FortiOS or FortiGate IP address. + type: str + required: false + username: + description: + - FortiOS or FortiGate username. + type: str + required: false + password: + description: + - FortiOS or FortiGate password. + type: str + default: "" + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + https: + description: + - Indicates if the requests towards FortiGate must use HTTPS protocol. + type: bool + default: true + ssl_verify: + description: + - Ensures FortiGate certificate must be verified by a proper CA. + type: bool + default: true + registration_vdom: + description: + - Add a VDOM license. + default: null + type: dict + suboptions: + license: + description: + - VDOM license key. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: no + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 80 + tasks: + - name: Add a VDOM license. + fortios_registration_vdom: + vdom: "{{ vdom }}" + registration_vdom: + license: "" +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'POST' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "vdom" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "registration" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def login(data, fos): + host = data['host'] + username = data['username'] + password = data['password'] + ssl_verify = data['ssl_verify'] + + fos.debug('on') + if 'https' in data and not data['https']: + fos.https('off') + else: + fos.https('on') + + fos.login(host, username, password, verify=ssl_verify) + + +def filter_registration_vdom_data(json): + option_list = ['license'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for elem in data: + elem = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def registration_vdom(data, fos): + vdom = data['vdom'] + registration_vdom_data = data['registration_vdom'] + filtered_data = underscore_to_hyphen(filter_registration_vdom_data(registration_vdom_data)) + + return fos.execute('registration', + 'vdom/add-license', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_registration(data, fos): + + if data['registration_vdom']: + resp = registration_vdom(data, fos) + + return not is_successful_status(resp), \ + resp['status'] == "success", \ + resp + + +def main(): + fields = { + "host": {"required": False, "type": "str"}, + "username": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "default": "", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "https": {"required": False, "type": "bool", "default": True}, + "ssl_verify": {"required": False, "type": "bool", "default": True}, + "registration_vdom": { + "required": False, "type": "dict", "default": None, + "options": { + "license": {"required": False, "type": "str"} + + } + } + } + + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + # legacy_mode refers to using fortiosapi instead of HTTPAPI + legacy_mode = 'host' in module.params and module.params['host'] is not None and \ + 'username' in module.params and module.params['username'] is not None and \ + 'password' in module.params and module.params['password'] is not None + + if not legacy_mode: + if module._socket_path: + connection = Connection(module._socket_path) + fos = FortiOSHandler(connection) + + is_error, has_changed, result = fortios_registration(module.params, fos) + else: + module.fail_json(**FAIL_SOCKET_MSG) + else: + try: + from fortiosapi import FortiOSAPI + except ImportError: + module.fail_json(msg="fortiosapi module is required") + + fos = FortiOSAPI() + + login(module.params, fos) + is_error, has_changed, result = fortios_registration(module.params, fos) + fos.logout() + + if not is_error: + module.exit_json(changed=has_changed, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_chart.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_chart.py new file mode 100644 index 00000000..20b3d329 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_chart.py @@ -0,0 +1,856 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_report_chart +short_description: Report chart widget configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify report feature and chart category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + report_chart: + description: + - Report chart widget configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + background: + description: + - Chart background. + type: str + category: + description: + - Category. + type: str + choices: + - misc + - traffic + - event + - virus + - webfilter + - attack + - spam + - dlp + - app-ctrl + - vulnerability + category_series: + description: + - Category series of pie chart. + type: dict + suboptions: + databind: + description: + - Category series value expression. + type: str + font_size: + description: + - Font size of category-series title. + type: int + color_palette: + description: + - Color palette (system will pick color automatically by default). + type: str + column: + description: + - Table column definition. + type: list + suboptions: + detail_unit: + description: + - Detail unit of column. + type: str + detail_value: + description: + - Detail value of column. + type: str + footer_unit: + description: + - Footer unit of column. + type: str + footer_value: + description: + - Footer value of column. + type: str + header_value: + description: + - Display name of table header. + type: str + id: + description: + - ID. + required: true + type: int + mapping: + description: + - Show detail in certain display value for certain condition. + type: list + suboptions: + displayname: + description: + - Display name. + type: str + id: + description: + - id + required: true + type: int + op: + description: + - Comparision operater. + type: str + choices: + - none + - greater + - greater-equal + - less + - less-equal + - equal + - between + value_type: + description: + - Value type. + type: str + choices: + - integer + - string + value1: + description: + - Value 1. + type: str + value2: + description: + - Value 2. + type: str + comments: + description: + - Comment. + type: str + dataset: + description: + - Bind dataset to chart. + type: str + dimension: + description: + - Dimension. + type: str + choices: + - 2D + - 3D + drill_down_charts: + description: + - Drill down charts. + type: list + suboptions: + chart_name: + description: + - Drill down chart name. + type: str + id: + description: + - Drill down chart ID. + required: true + type: int + status: + description: + - Enable/disable this drill down chart. + type: str + choices: + - enable + - disable + favorite: + description: + - Favorite. + type: str + choices: + - no + - yes + graph_type: + description: + - Graph type. + type: str + choices: + - none + - bar + - pie + - line + - flow + legend: + description: + - Enable/Disable Legend area. + type: str + choices: + - enable + - disable + legend_font_size: + description: + - Font size of legend area. + type: int + name: + description: + - Chart Widget Name + required: true + type: str + period: + description: + - Time period. + type: str + choices: + - last24h + - last7d + policy: + description: + - Used by monitor policy. + type: int + style: + description: + - Style. + type: str + choices: + - auto + - manual + title: + description: + - Chart title. + type: str + title_font_size: + description: + - Font size of chart title. + type: int + type: + description: + - Chart type. + type: str + choices: + - graph + - table + value_series: + description: + - Value series of pie chart. + type: dict + suboptions: + databind: + description: + - Value series value expression. + type: str + x_series: + description: + - X-series of chart. + type: dict + suboptions: + caption: + description: + - X-series caption. + type: str + caption_font_size: + description: + - X-series caption font size. + type: int + databind: + description: + - X-series value expression. + type: str + font_size: + description: + - X-series label font size. + type: int + is_category: + description: + - X-series represent category or not. + type: str + choices: + - yes + - no + label_angle: + description: + - X-series label angle. + type: str + choices: + - 45-degree + - vertical + - horizontal + scale_direction: + description: + - Scale increase or decrease. + type: str + choices: + - decrease + - increase + scale_format: + description: + - Date/time format. + type: str + choices: + - YYYY-MM-DD-HH-MM + - YYYY-MM-DD HH + - YYYY-MM-DD + - YYYY-MM + - YYYY + - HH-MM + - MM-DD + scale_step: + description: + - Scale step. + type: int + scale_unit: + description: + - Scale unit. + type: str + choices: + - minute + - hour + - day + - month + - year + unit: + description: + - X-series unit. + type: str + y_series: + description: + - Y-series of chart. + type: dict + suboptions: + caption: + description: + - Y-series caption. + type: str + caption_font_size: + description: + - Y-series caption font size. + type: int + databind: + description: + - Y-series value expression. + type: str + extra_databind: + description: + - Extra Y-series value. + type: str + extra_y: + description: + - Allow another Y-series value + type: str + choices: + - enable + - disable + extra_y_legend: + description: + - Extra Y-series legend type/name. + type: str + font_size: + description: + - Y-series label font size. + type: int + group: + description: + - Y-series group option. + type: str + label_angle: + description: + - Y-series label angle. + type: str + choices: + - 45-degree + - vertical + - horizontal + unit: + description: + - Y-series unit. + type: str + y_legend: + description: + - First Y-series legend type/name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report chart widget configuration. + fortios_report_chart: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_chart: + background: "" + category: "misc" + category_series: + databind: "" + font_size: "7" + color_palette: "" + column: + - + detail_unit: "" + detail_value: "" + footer_unit: "" + footer_value: "" + header_value: "" + id: "15" + mapping: + - + displayname: "" + id: "18" + op: "none" + value_type: "integer" + value1: "" + value2: "" + comments: "" + dataset: "" + dimension: "2D" + drill_down_charts: + - + chart_name: "" + id: "28" + status: "enable" + favorite: "no" + graph_type: "none" + legend: "enable" + legend_font_size: "33" + name: "default_name_34" + period: "last24h" + policy: "36" + style: "auto" + title: "" + title_font_size: "39" + type: "graph" + value_series: + databind: "" + x_series: + caption: "" + caption_font_size: "45" + databind: "" + font_size: "47" + is_category: "yes" + label_angle: "45-degree" + scale_direction: "decrease" + scale_format: "YYYY-MM-DD-HH-MM" + scale_step: "52" + scale_unit: "minute" + unit: "" + y_series: + caption: "" + caption_font_size: "57" + databind: "" + extra_databind: "" + extra_y: "enable" + extra_y_legend: "" + font_size: "62" + group: "" + label_angle: "45-degree" + unit: "" + y_legend: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_report_chart_data(json): + option_list = ['background', 'category', 'category_series', + 'color_palette', 'column', 'comments', + 'dataset', 'dimension', 'drill_down_charts', + 'favorite', 'graph_type', 'legend', + 'legend_font_size', 'name', 'period', + 'policy', 'style', 'title', + 'title_font_size', 'type', 'value_series', + 'x_series', 'y_series'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def report_chart(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['report_chart'] and data['report_chart']['state']: + state = data['report_chart']['state'] + else: + state = True + report_chart_data = data['report_chart'] + filtered_data = underscore_to_hyphen(filter_report_chart_data(report_chart_data)) + + if state == "present": + return fos.set('report', + 'chart', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('report', + 'chart', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_report(data, fos): + + if data['report_chart']: + resp = report_chart(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('report_chart')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "report_chart": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "background": {"required": False, "type": "str"}, + "category": {"required": False, "type": "str", + "choices": ["misc", + "traffic", + "event", + "virus", + "webfilter", + "attack", + "spam", + "dlp", + "app-ctrl", + "vulnerability"]}, + "category_series": {"required": False, "type": "dict", + "options": { + "databind": {"required": False, "type": "str"}, + "font_size": {"required": False, "type": "int"} + }}, + "color_palette": {"required": False, "type": "str"}, + "column": {"required": False, "type": "list", + "options": { + "detail_unit": {"required": False, "type": "str"}, + "detail_value": {"required": False, "type": "str"}, + "footer_unit": {"required": False, "type": "str"}, + "footer_value": {"required": False, "type": "str"}, + "header_value": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "mapping": {"required": False, "type": "list", + "options": { + "displayname": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "op": {"required": False, "type": "str", + "choices": ["none", + "greater", + "greater-equal", + "less", + "less-equal", + "equal", + "between"]}, + "value_type": {"required": False, "type": "str", + "choices": ["integer", + "string"]}, + "value1": {"required": False, "type": "str"}, + "value2": {"required": False, "type": "str"} + }} + }}, + "comments": {"required": False, "type": "str"}, + "dataset": {"required": False, "type": "str"}, + "dimension": {"required": False, "type": "str", + "choices": ["2D", + "3D"]}, + "drill_down_charts": {"required": False, "type": "list", + "options": { + "chart_name": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "favorite": {"required": False, "type": "str", + "choices": ["no", + "yes"]}, + "graph_type": {"required": False, "type": "str", + "choices": ["none", + "bar", + "pie", + "line", + "flow"]}, + "legend": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "legend_font_size": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "period": {"required": False, "type": "str", + "choices": ["last24h", + "last7d"]}, + "policy": {"required": False, "type": "int"}, + "style": {"required": False, "type": "str", + "choices": ["auto", + "manual"]}, + "title": {"required": False, "type": "str"}, + "title_font_size": {"required": False, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["graph", + "table"]}, + "value_series": {"required": False, "type": "dict", + "options": { + "databind": {"required": False, "type": "str"} + }}, + "x_series": {"required": False, "type": "dict", + "options": { + "caption": {"required": False, "type": "str"}, + "caption_font_size": {"required": False, "type": "int"}, + "databind": {"required": False, "type": "str"}, + "font_size": {"required": False, "type": "int"}, + "is_category": {"required": False, "type": "str", + "choices": ["yes", + "no"]}, + "label_angle": {"required": False, "type": "str", + "choices": ["45-degree", + "vertical", + "horizontal"]}, + "scale_direction": {"required": False, "type": "str", + "choices": ["decrease", + "increase"]}, + "scale_format": {"required": False, "type": "str", + "choices": ["YYYY-MM-DD-HH-MM", + "YYYY-MM-DD HH", + "YYYY-MM-DD", + "YYYY-MM", + "YYYY", + "HH-MM", + "MM-DD"]}, + "scale_step": {"required": False, "type": "int"}, + "scale_unit": {"required": False, "type": "str", + "choices": ["minute", + "hour", + "day", + "month", + "year"]}, + "unit": {"required": False, "type": "str"} + }}, + "y_series": {"required": False, "type": "dict", + "options": { + "caption": {"required": False, "type": "str"}, + "caption_font_size": {"required": False, "type": "int"}, + "databind": {"required": False, "type": "str"}, + "extra_databind": {"required": False, "type": "str"}, + "extra_y": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "extra_y_legend": {"required": False, "type": "str"}, + "font_size": {"required": False, "type": "int"}, + "group": {"required": False, "type": "str"}, + "label_angle": {"required": False, "type": "str", + "choices": ["45-degree", + "vertical", + "horizontal"]}, + "unit": {"required": False, "type": "str"}, + "y_legend": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_report(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_dataset.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_dataset.py new file mode 100644 index 00000000..3b03a3b4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_dataset.py @@ -0,0 +1,403 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_report_dataset +short_description: Report dataset configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify report feature and dataset category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + report_dataset: + description: + - Report dataset configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + field: + description: + - Fields. + type: list + suboptions: + displayname: + description: + - Display name. + type: str + id: + description: + - Field ID (1 to number of columns in SQL result). + required: true + type: int + name: + description: + - Name. + type: str + type: + description: + - Field type. + type: str + choices: + - text + - integer + - double + name: + description: + - Name. + required: true + type: str + parameters: + description: + - Parameters. + type: list + suboptions: + data_type: + description: + - Data type. + type: str + choices: + - text + - integer + - double + - long-integer + - date-time + display_name: + description: + - Display name. + type: str + field: + description: + - SQL field name. + type: str + id: + description: + - Parameter ID (1 to number of columns in SQL result). + required: true + type: int + policy: + description: + - Used by monitor policy. + type: int + query: + description: + - SQL query statement. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report dataset configuration. + fortios_report_dataset: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_dataset: + field: + - + displayname: "" + id: "5" + name: "default_name_6" + type: "text" + name: "default_name_8" + parameters: + - + data_type: "text" + display_name: "" + field: "" + id: "13" + policy: "14" + query: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_report_dataset_data(json): + option_list = ['field', 'name', 'parameters', + 'policy', 'query'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def report_dataset(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['report_dataset'] and data['report_dataset']['state']: + state = data['report_dataset']['state'] + else: + state = True + report_dataset_data = data['report_dataset'] + filtered_data = underscore_to_hyphen(filter_report_dataset_data(report_dataset_data)) + + if state == "present": + return fos.set('report', + 'dataset', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('report', + 'dataset', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_report(data, fos): + + if data['report_dataset']: + resp = report_dataset(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('report_dataset')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "report_dataset": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "field": {"required": False, "type": "list", + "options": { + "displayname": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["text", + "integer", + "double"]} + }}, + "name": {"required": True, "type": "str"}, + "parameters": {"required": False, "type": "list", + "options": { + "data_type": {"required": False, "type": "str", + "choices": ["text", + "integer", + "double", + "long-integer", + "date-time"]}, + "display_name": {"required": False, "type": "str"}, + "field": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "policy": {"required": False, "type": "int"}, + "query": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_report(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_layout.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_layout.py new file mode 100644 index 00000000..6007dbe4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_layout.py @@ -0,0 +1,867 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_report_layout +short_description: Report layout configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify report feature and layout category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + report_layout: + description: + - Report layout configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + body_item: + description: + - Configure report body item. + type: list + suboptions: + chart: + description: + - Report item chart name. + type: str + chart_options: + description: + - Report chart options. + type: str + choices: + - include-no-data + - hide-title + - show-caption + column: + description: + - Report section column number. + type: int + content: + description: + - Report item text content. + type: str + description: + description: + - Description. + type: str + drill_down_items: + description: + - Control how drill down charts are shown. + type: str + drill_down_types: + description: + - Control whether keys from the parent being combined or not. + type: str + hide: + description: + - Enable/disable hide item in report. + type: str + choices: + - enable + - disable + id: + description: + - Report item ID. + required: true + type: int + img_src: + description: + - Report item image file name. + type: str + list: + description: + - Configure report list item. + type: list + suboptions: + content: + description: + - List entry content. + type: str + id: + description: + - List entry ID. + required: true + type: int + list_component: + description: + - Report item list component. + type: str + choices: + - bullet + - numbered + misc_component: + description: + - Report item miscellaneous component. + type: str + choices: + - hline + - page-break + - column-break + - section-start + parameters: + description: + - Parameters. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + name: + description: + - Field name that match field of parameters defined in dataset. + type: str + value: + description: + - Value to replace corresponding field of parameters defined in dataset. + type: str + style: + description: + - Report item style. + type: str + table_caption_style: + description: + - Table chart caption style. + type: str + table_column_widths: + description: + - Report item table column widths. + type: str + table_even_row_style: + description: + - Table chart even row style. + type: str + table_head_style: + description: + - Table chart head style. + type: str + table_odd_row_style: + description: + - Table chart odd row style. + type: str + text_component: + description: + - Report item text component. + type: str + choices: + - text + - heading1 + - heading2 + - heading3 + title: + description: + - Report section title. + type: str + top_n: + description: + - Value of top. + type: int + type: + description: + - Report item type. + type: str + choices: + - text + - image + - chart + - misc + cutoff_option: + description: + - Cutoff-option is either run-time or custom. + type: str + choices: + - run-time + - custom + cutoff_time: + description: + - 'Custom cutoff time to generate report [hh:mm].' + type: str + day: + description: + - Schedule days of week to generate report. + type: str + choices: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + description: + description: + - Description. + type: str + email_recipients: + description: + - Email recipients for generated reports. + type: str + email_send: + description: + - Enable/disable sending emails after reports are generated. + type: str + choices: + - enable + - disable + format: + description: + - Report format. + type: str + choices: + - pdf + max_pdf_report: + description: + - Maximum number of PDF reports to keep at one time (oldest report is overwritten). + type: int + name: + description: + - Report layout name. + required: true + type: str + options: + description: + - Report layout options. + type: str + choices: + - include-table-of-content + - auto-numbering-heading + - view-chart-as-heading + - show-html-navbar-before-heading + - dummy-option + page: + description: + - Configure report page. + type: dict + suboptions: + column_break_before: + description: + - Report page auto column break before heading. + type: str + choices: + - heading1 + - heading2 + - heading3 + footer: + description: + - Configure report page footer. + type: dict + suboptions: + footer_item: + description: + - Configure report footer item. + type: list + suboptions: + content: + description: + - Report item text content. + type: str + description: + description: + - Description. + type: str + id: + description: + - Report item ID. + required: true + type: int + img_src: + description: + - Report item image file name. + type: str + style: + description: + - Report item style. + type: str + type: + description: + - Report item type. + type: str + choices: + - text + - image + style: + description: + - Report footer style. + type: str + header: + description: + - Configure report page header. + type: dict + suboptions: + header_item: + description: + - Configure report header item. + type: list + suboptions: + content: + description: + - Report item text content. + type: str + description: + description: + - Description. + type: str + id: + description: + - Report item ID. + required: true + type: int + img_src: + description: + - Report item image file name. + type: str + style: + description: + - Report item style. + type: str + type: + description: + - Report item type. + type: str + choices: + - text + - image + style: + description: + - Report header style. + type: str + options: + description: + - Report page options. + type: str + choices: + - header-on-first-page + - footer-on-first-page + page_break_before: + description: + - Report page auto page break before heading. + type: str + choices: + - heading1 + - heading2 + - heading3 + paper: + description: + - Report page paper. + type: str + choices: + - a4 + - letter + schedule_type: + description: + - Report schedule type. + type: str + choices: + - demand + - daily + - weekly + style_theme: + description: + - Report style theme. + type: str + subtitle: + description: + - Report subtitle. + type: str + time: + description: + - 'Schedule time to generate report [hh:mm].' + type: str + title: + description: + - Report title. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report layout configuration. + fortios_report_layout: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_layout: + body_item: + - + chart: "" + chart_options: "include-no-data" + column: "6" + content: "" + description: "" + drill_down_items: "" + drill_down_types: "" + hide: "enable" + id: "12" + img_src: "" + list: + - + content: "" + id: "16" + list_component: "bullet" + misc_component: "hline" + parameters: + - + id: "20" + name: "default_name_21" + value: "" + style: "" + table_caption_style: "" + table_column_widths: "" + table_even_row_style: "" + table_head_style: "" + table_odd_row_style: "" + text_component: "text" + title: "" + top_n: "31" + type: "text" + cutoff_option: "run-time" + cutoff_time: "" + day: "sunday" + description: "" + email_recipients: "" + email_send: "enable" + format: "pdf" + max_pdf_report: "40" + name: "default_name_41" + options: "include-table-of-content" + page: + column_break_before: "heading1" + footer: + footer_item: + - + content: "" + description: "" + id: "49" + img_src: "" + style: "" + type: "text" + style: "" + header: + header_item: + - + content: "" + description: "" + id: "58" + img_src: "" + style: "" + type: "text" + style: "" + options: "header-on-first-page" + page_break_before: "heading1" + paper: "a4" + schedule_type: "demand" + style_theme: "" + subtitle: "" + time: "" + title: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_report_layout_data(json): + option_list = ['body_item', 'cutoff_option', 'cutoff_time', + 'day', 'description', 'email_recipients', + 'email_send', 'format', 'max_pdf_report', + 'name', 'options', 'page', + 'schedule_type', 'style_theme', 'subtitle', + 'time', 'title'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def report_layout(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['report_layout'] and data['report_layout']['state']: + state = data['report_layout']['state'] + else: + state = True + report_layout_data = data['report_layout'] + filtered_data = underscore_to_hyphen(filter_report_layout_data(report_layout_data)) + + if state == "present": + return fos.set('report', + 'layout', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('report', + 'layout', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_report(data, fos): + + if data['report_layout']: + resp = report_layout(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('report_layout')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "report_layout": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "body_item": {"required": False, "type": "list", + "options": { + "chart": {"required": False, "type": "str"}, + "chart_options": {"required": False, "type": "str", + "choices": ["include-no-data", + "hide-title", + "show-caption"]}, + "column": {"required": False, "type": "int"}, + "content": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "drill_down_items": {"required": False, "type": "str"}, + "drill_down_types": {"required": False, "type": "str"}, + "hide": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "img_src": {"required": False, "type": "str"}, + "list": {"required": False, "type": "list", + "options": { + "content": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "list_component": {"required": False, "type": "str", + "choices": ["bullet", + "numbered"]}, + "misc_component": {"required": False, "type": "str", + "choices": ["hline", + "page-break", + "column-break", + "section-start"]}, + "parameters": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"}, + "value": {"required": False, "type": "str"} + }}, + "style": {"required": False, "type": "str"}, + "table_caption_style": {"required": False, "type": "str"}, + "table_column_widths": {"required": False, "type": "str"}, + "table_even_row_style": {"required": False, "type": "str"}, + "table_head_style": {"required": False, "type": "str"}, + "table_odd_row_style": {"required": False, "type": "str"}, + "text_component": {"required": False, "type": "str", + "choices": ["text", + "heading1", + "heading2", + "heading3"]}, + "title": {"required": False, "type": "str"}, + "top_n": {"required": False, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["text", + "image", + "chart", + "misc"]} + }}, + "cutoff_option": {"required": False, "type": "str", + "choices": ["run-time", + "custom"]}, + "cutoff_time": {"required": False, "type": "str"}, + "day": {"required": False, "type": "str", + "choices": ["sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday"]}, + "description": {"required": False, "type": "str"}, + "email_recipients": {"required": False, "type": "str"}, + "email_send": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "format": {"required": False, "type": "str", + "choices": ["pdf"]}, + "max_pdf_report": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "options": {"required": False, "type": "str", + "choices": ["include-table-of-content", + "auto-numbering-heading", + "view-chart-as-heading", + "show-html-navbar-before-heading", + "dummy-option"]}, + "page": {"required": False, "type": "dict", + "options": { + "column_break_before": {"required": False, "type": "str", + "choices": ["heading1", + "heading2", + "heading3"]}, + "footer": {"required": False, "type": "dict", + "options": { + "footer_item": {"required": False, "type": "list", + "options": { + "content": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "img_src": {"required": False, "type": "str"}, + "style": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["text", + "image"]} + }}, + "style": {"required": False, "type": "str"} + }}, + "header": {"required": False, "type": "dict", + "options": { + "header_item": {"required": False, "type": "list", + "options": { + "content": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "img_src": {"required": False, "type": "str"}, + "style": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["text", + "image"]} + }}, + "style": {"required": False, "type": "str"} + }}, + "options": {"required": False, "type": "str", + "choices": ["header-on-first-page", + "footer-on-first-page"]}, + "page_break_before": {"required": False, "type": "str", + "choices": ["heading1", + "heading2", + "heading3"]}, + "paper": {"required": False, "type": "str", + "choices": ["a4", + "letter"]} + }}, + "schedule_type": {"required": False, "type": "str", + "choices": ["demand", + "daily", + "weekly"]}, + "style_theme": {"required": False, "type": "str"}, + "subtitle": {"required": False, "type": "str"}, + "time": {"required": False, "type": "str"}, + "title": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_report(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_setting.py new file mode 100644 index 00000000..1fe3ae74 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_setting.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_report_setting +short_description: Report setting configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify report feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + report_setting: + description: + - Report setting configuration. + default: null + type: dict + suboptions: + fortiview: + description: + - Enable/disable historical FortiView. + type: str + choices: + - enable + - disable + pdf_report: + description: + - Enable/disable PDF report. + type: str + choices: + - enable + - disable + report_source: + description: + - Report log source. + type: str + choices: + - forward-traffic + - sniffer-traffic + - local-deny-traffic + top_n: + description: + - Number of items to populate (100 - 4000). + type: int + web_browsing_threshold: + description: + - Web browsing time calculation threshold (3 - 15 min). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report setting configuration. + fortios_report_setting: + vdom: "{{ vdom }}" + report_setting: + fortiview: "enable" + pdf_report: "enable" + report_source: "forward-traffic" + top_n: "6" + web_browsing_threshold: "7" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_report_setting_data(json): + option_list = ['fortiview', 'pdf_report', 'report_source', + 'top_n', 'web_browsing_threshold'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def report_setting(data, fos): + vdom = data['vdom'] + report_setting_data = data['report_setting'] + filtered_data = underscore_to_hyphen(filter_report_setting_data(report_setting_data)) + + return fos.set('report', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_report(data, fos): + + if data['report_setting']: + resp = report_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('report_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "report_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "fortiview": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pdf_report": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "report_source": {"required": False, "type": "str", + "choices": ["forward-traffic", + "sniffer-traffic", + "local-deny-traffic"]}, + "top_n": {"required": False, "type": "int"}, + "web_browsing_threshold": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_report(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_style.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_style.py new file mode 100644 index 00000000..27f5fadb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_style.py @@ -0,0 +1,514 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_report_style +short_description: Report style configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify report feature and style category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + report_style: + description: + - Report style configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + align: + description: + - Alignment. + type: str + choices: + - left + - center + - right + - justify + bg_color: + description: + - Background color. + type: str + border_bottom: + description: + - Border bottom. + type: str + border_left: + description: + - Border left. + type: str + border_right: + description: + - Border right. + type: str + border_top: + description: + - Border top. + type: str + column_gap: + description: + - Column gap. + type: str + column_span: + description: + - Column span. + type: str + choices: + - none + - all + fg_color: + description: + - Foreground color. + type: str + font_family: + description: + - Font family. + type: str + choices: + - Verdana + - Arial + - Helvetica + - Courier + - Times + font_size: + description: + - Font size. + type: str + font_style: + description: + - Font style. + type: str + choices: + - normal + - italic + font_weight: + description: + - Font weight. + type: str + choices: + - normal + - bold + height: + description: + - Height. + type: str + line_height: + description: + - Text line height. + type: str + margin_bottom: + description: + - Margin bottom. + type: str + margin_left: + description: + - Margin left. + type: str + margin_right: + description: + - Margin right. + type: str + margin_top: + description: + - Margin top. + type: str + name: + description: + - Report style name. + required: true + type: str + options: + description: + - Report style options. + type: str + choices: + - font + - text + - color + - align + - size + - margin + - border + - padding + - column + padding_bottom: + description: + - Padding bottom. + type: str + padding_left: + description: + - Padding left. + type: str + padding_right: + description: + - Padding right. + type: str + padding_top: + description: + - Padding top. + type: str + width: + description: + - Width. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report style configuration. + fortios_report_style: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_style: + align: "left" + bg_color: "" + border_bottom: "" + border_left: "" + border_right: "" + border_top: "" + column_gap: "" + column_span: "none" + fg_color: "" + font_family: "Verdana" + font_size: "" + font_style: "normal" + font_weight: "normal" + height: "" + line_height: "" + margin_bottom: "" + margin_left: "" + margin_right: "" + margin_top: "" + name: "default_name_22" + options: "font" + padding_bottom: "" + padding_left: "" + padding_right: "" + padding_top: "" + width: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_report_style_data(json): + option_list = ['align', 'bg_color', 'border_bottom', + 'border_left', 'border_right', 'border_top', + 'column_gap', 'column_span', 'fg_color', + 'font_family', 'font_size', 'font_style', + 'font_weight', 'height', 'line_height', + 'margin_bottom', 'margin_left', 'margin_right', + 'margin_top', 'name', 'options', + 'padding_bottom', 'padding_left', 'padding_right', + 'padding_top', 'width'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def report_style(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['report_style'] and data['report_style']['state']: + state = data['report_style']['state'] + else: + state = True + report_style_data = data['report_style'] + filtered_data = underscore_to_hyphen(filter_report_style_data(report_style_data)) + + if state == "present": + return fos.set('report', + 'style', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('report', + 'style', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_report(data, fos): + + if data['report_style']: + resp = report_style(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('report_style')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "report_style": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "align": {"required": False, "type": "str", + "choices": ["left", + "center", + "right", + "justify"]}, + "bg_color": {"required": False, "type": "str"}, + "border_bottom": {"required": False, "type": "str"}, + "border_left": {"required": False, "type": "str"}, + "border_right": {"required": False, "type": "str"}, + "border_top": {"required": False, "type": "str"}, + "column_gap": {"required": False, "type": "str"}, + "column_span": {"required": False, "type": "str", + "choices": ["none", + "all"]}, + "fg_color": {"required": False, "type": "str"}, + "font_family": {"required": False, "type": "str", + "choices": ["Verdana", + "Arial", + "Helvetica", + "Courier", + "Times"]}, + "font_size": {"required": False, "type": "str"}, + "font_style": {"required": False, "type": "str", + "choices": ["normal", + "italic"]}, + "font_weight": {"required": False, "type": "str", + "choices": ["normal", + "bold"]}, + "height": {"required": False, "type": "str"}, + "line_height": {"required": False, "type": "str"}, + "margin_bottom": {"required": False, "type": "str"}, + "margin_left": {"required": False, "type": "str"}, + "margin_right": {"required": False, "type": "str"}, + "margin_top": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "options": {"required": False, "type": "str", + "choices": ["font", + "text", + "color", + "align", + "size", + "margin", + "border", + "padding", + "column"]}, + "padding_bottom": {"required": False, "type": "str"}, + "padding_left": {"required": False, "type": "str"}, + "padding_right": {"required": False, "type": "str"}, + "padding_top": {"required": False, "type": "str"}, + "width": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_report(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_theme.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_theme.py new file mode 100644 index 00000000..da566df7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_report_theme.py @@ -0,0 +1,497 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_report_theme +short_description: Report themes configuratio in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify report feature and theme category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + report_theme: + description: + - Report themes configuration + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + bullet_list_style: + description: + - Bullet list style. + type: str + column_count: + description: + - Report page column count. + type: str + choices: + - 1 + - 2 + - 3 + default_html_style: + description: + - Default HTML report style. + type: str + default_pdf_style: + description: + - Default PDF report style. + type: str + graph_chart_style: + description: + - Graph chart style. + type: str + heading1_style: + description: + - Report heading style. + type: str + heading2_style: + description: + - Report heading style. + type: str + heading3_style: + description: + - Report heading style. + type: str + heading4_style: + description: + - Report heading style. + type: str + hline_style: + description: + - Horizontal line style. + type: str + image_style: + description: + - Image style. + type: str + name: + description: + - Report theme name. + required: true + type: str + normal_text_style: + description: + - Normal text style. + type: str + numbered_list_style: + description: + - Numbered list style. + type: str + page_footer_style: + description: + - Report page footer style. + type: str + page_header_style: + description: + - Report page header style. + type: str + page_orient: + description: + - Report page orientation. + type: str + choices: + - portrait + - landscape + page_style: + description: + - Report page style. + type: str + report_subtitle_style: + description: + - Report subtitle style. + type: str + report_title_style: + description: + - Report title style. + type: str + table_chart_caption_style: + description: + - Table chart caption style. + type: str + table_chart_even_row_style: + description: + - Table chart even row style. + type: str + table_chart_head_style: + description: + - Table chart head row style. + type: str + table_chart_odd_row_style: + description: + - Table chart odd row style. + type: str + table_chart_style: + description: + - Table chart style. + type: str + toc_heading1_style: + description: + - Table of contents heading style. + type: str + toc_heading2_style: + description: + - Table of contents heading style. + type: str + toc_heading3_style: + description: + - Table of contents heading style. + type: str + toc_heading4_style: + description: + - Table of contents heading style. + type: str + toc_title_style: + description: + - Table of contents title style. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Report themes configuration + fortios_report_theme: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + report_theme: + bullet_list_style: "" + column_count: "1" + default_html_style: "" + default_pdf_style: "" + graph_chart_style: "" + heading1_style: "" + heading2_style: "" + heading3_style: "" + heading4_style: "" + hline_style: "" + image_style: "" + name: "default_name_14" + normal_text_style: "" + numbered_list_style: "" + page_footer_style: "" + page_header_style: "" + page_orient: "portrait" + page_style: "" + report_subtitle_style: "" + report_title_style: "" + table_chart_caption_style: "" + table_chart_even_row_style: "" + table_chart_head_style: "" + table_chart_odd_row_style: "" + table_chart_style: "" + toc_heading1_style: "" + toc_heading2_style: "" + toc_heading3_style: "" + toc_heading4_style: "" + toc_title_style: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_report_theme_data(json): + option_list = ['bullet_list_style', 'column_count', 'default_html_style', + 'default_pdf_style', 'graph_chart_style', 'heading1_style', + 'heading2_style', 'heading3_style', 'heading4_style', + 'hline_style', 'image_style', 'name', + 'normal_text_style', 'numbered_list_style', 'page_footer_style', + 'page_header_style', 'page_orient', 'page_style', + 'report_subtitle_style', 'report_title_style', 'table_chart_caption_style', + 'table_chart_even_row_style', 'table_chart_head_style', 'table_chart_odd_row_style', + 'table_chart_style', 'toc_heading1_style', 'toc_heading2_style', + 'toc_heading3_style', 'toc_heading4_style', 'toc_title_style'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def report_theme(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['report_theme'] and data['report_theme']['state']: + state = data['report_theme']['state'] + else: + state = True + report_theme_data = data['report_theme'] + filtered_data = underscore_to_hyphen(filter_report_theme_data(report_theme_data)) + + if state == "present": + return fos.set('report', + 'theme', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('report', + 'theme', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_report(data, fos): + + if data['report_theme']: + resp = report_theme(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('report_theme')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "report_theme": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "bullet_list_style": {"required": False, "type": "str"}, + "column_count": {"required": False, "type": "str", + "choices": ["1", + "2", + "3"]}, + "default_html_style": {"required": False, "type": "str"}, + "default_pdf_style": {"required": False, "type": "str"}, + "graph_chart_style": {"required": False, "type": "str"}, + "heading1_style": {"required": False, "type": "str"}, + "heading2_style": {"required": False, "type": "str"}, + "heading3_style": {"required": False, "type": "str"}, + "heading4_style": {"required": False, "type": "str"}, + "hline_style": {"required": False, "type": "str"}, + "image_style": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "normal_text_style": {"required": False, "type": "str"}, + "numbered_list_style": {"required": False, "type": "str"}, + "page_footer_style": {"required": False, "type": "str"}, + "page_header_style": {"required": False, "type": "str"}, + "page_orient": {"required": False, "type": "str", + "choices": ["portrait", + "landscape"]}, + "page_style": {"required": False, "type": "str"}, + "report_subtitle_style": {"required": False, "type": "str"}, + "report_title_style": {"required": False, "type": "str"}, + "table_chart_caption_style": {"required": False, "type": "str"}, + "table_chart_even_row_style": {"required": False, "type": "str"}, + "table_chart_head_style": {"required": False, "type": "str"}, + "table_chart_odd_row_style": {"required": False, "type": "str"}, + "table_chart_style": {"required": False, "type": "str"}, + "toc_heading1_style": {"required": False, "type": "str"}, + "toc_heading2_style": {"required": False, "type": "str"}, + "toc_heading3_style": {"required": False, "type": "str"}, + "toc_heading4_style": {"required": False, "type": "str"}, + "toc_title_style": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_report(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list.py new file mode 100644 index 00000000..be934fea --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list.py @@ -0,0 +1,365 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_access_list +short_description: Configure access lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and access_list category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + router_access_list: + description: + - Configure access lists. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comments: + description: + - Comment. + type: str + name: + description: + - Name. + required: true + type: str + rule: + description: + - Rule. + type: list + suboptions: + action: + description: + - Permit or deny this IP address and netmask prefix. + type: str + choices: + - permit + - deny + exact_match: + description: + - Enable/disable exact match. + type: str + choices: + - enable + - disable + flags: + description: + - Flags. + type: int + id: + description: + - Rule ID. + required: true + type: int + prefix: + description: + - IPv4 prefix to define regular filter criteria, such as "any" or subnets. + type: str + wildcard: + description: + - Wildcard to define Cisco-style wildcard filter criteria. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure access lists. + fortios_router_access_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_access_list: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + exact_match: "enable" + flags: "8" + id: "9" + prefix: "" + wildcard: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_access_list_data(json): + option_list = ['comments', 'name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_access_list(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['router_access_list'] and data['router_access_list']['state']: + state = data['router_access_list']['state'] + else: + state = True + router_access_list_data = data['router_access_list'] + filtered_data = underscore_to_hyphen(filter_router_access_list_data(router_access_list_data)) + + if state == "present": + return fos.set('router', + 'access-list', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'access-list', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_access_list']: + resp = router_access_list(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_access_list')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "router_access_list": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comments": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["permit", + "deny"]}, + "exact_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "flags": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"}, + "wildcard": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list6.py new file mode 100644 index 00000000..2e4d8126 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_access_list6.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_access_list6 +short_description: Configure IPv6 access lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and access_list6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + router_access_list6: + description: + - Configure IPv6 access lists. + default: null + type: dict + suboptions: + comments: + description: + - Comment. + type: str + name: + description: + - Name. + required: true + type: str + rule: + description: + - Rule. + type: list + suboptions: + action: + description: + - Permit or deny this IP address and netmask prefix. + type: str + choices: + - permit + - deny + exact_match: + description: + - Enable/disable exact prefix match. + type: str + choices: + - enable + - disable + flags: + description: + - Flags. + type: int + id: + description: + - Rule ID. + required: true + type: int + prefix6: + description: + - IPv6 prefix to define regular filter criteria, such as "any" or subnets. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 access lists. + fortios_router_access_list6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_access_list6: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + exact_match: "enable" + flags: "8" + id: "9" + prefix6: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_access_list6_data(json): + option_list = ['comments', 'name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_access_list6(data, fos): + vdom = data['vdom'] + state = data['state'] + router_access_list6_data = data['router_access_list6'] + filtered_data = underscore_to_hyphen(filter_router_access_list6_data(router_access_list6_data)) + + if state == "present": + return fos.set('router', + 'access-list6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'access-list6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_access_list6']: + resp = router_access_list6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_access_list6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "router_access_list6": { + "required": False, "type": "dict", "default": None, + "options": { + "comments": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["permit", + "deny"]}, + "exact_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "flags": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "prefix6": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_aspath_list.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_aspath_list.py new file mode 100644 index 00000000..27e21394 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_aspath_list.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_aspath_list +short_description: Configure Autonomous System (AS) path lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and aspath_list category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + router_aspath_list: + description: + - Configure Autonomous System (AS) path lists. + default: null + type: dict + suboptions: + name: + description: + - AS path list name. + required: true + type: str + rule: + description: + - AS path list rule. + type: list + suboptions: + action: + description: + - Permit or deny route-based operations, based on the route"s AS_PATH attribute. + type: str + choices: + - deny + - permit + id: + description: + - ID. + required: true + type: int + regexp: + description: + - Regular-expression to match the Border Gateway Protocol (BGP) AS paths. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Autonomous System (AS) path lists. + fortios_router_aspath_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_aspath_list: + name: "default_name_3" + rule: + - + action: "deny" + id: "6" + regexp: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_aspath_list_data(json): + option_list = ['name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_aspath_list(data, fos): + vdom = data['vdom'] + state = data['state'] + router_aspath_list_data = data['router_aspath_list'] + filtered_data = underscore_to_hyphen(filter_router_aspath_list_data(router_aspath_list_data)) + + if state == "present": + return fos.set('router', + 'aspath-list', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'aspath-list', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_aspath_list']: + resp = router_aspath_list(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_aspath_list')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "router_aspath_list": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["deny", + "permit"]}, + "id": {"required": True, "type": "int"}, + "regexp": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_auth_path.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_auth_path.py new file mode 100644 index 00000000..291cd7a6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_auth_path.py @@ -0,0 +1,314 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_auth_path +short_description: Configure authentication based routing in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and auth_path category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + router_auth_path: + description: + - Configure authentication based routing. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + device: + description: + - Outgoing interface. Source system.interface.name. + type: str + gateway: + description: + - Gateway IP address. + type: str + name: + description: + - Name of the entry. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure authentication based routing. + fortios_router_auth_path: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_auth_path: + device: " (source system.interface.name)" + gateway: "" + name: "default_name_5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_auth_path_data(json): + option_list = ['device', 'gateway', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_auth_path(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['router_auth_path'] and data['router_auth_path']['state']: + state = data['router_auth_path']['state'] + else: + state = True + router_auth_path_data = data['router_auth_path'] + filtered_data = underscore_to_hyphen(filter_router_auth_path_data(router_auth_path_data)) + + if state == "present": + return fos.set('router', + 'auth-path', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'auth-path', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_auth_path']: + resp = router_auth_path(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_auth_path')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "router_auth_path": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "device": {"required": False, "type": "str"}, + "gateway": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd.py new file mode 100644 index 00000000..b26f2b80 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd.py @@ -0,0 +1,275 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_bfd +short_description: Configure BFD in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and bfd category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_bfd: + description: + - Configure BFD. + default: null + type: dict + suboptions: + neighbor: + description: + - neighbor + type: list + suboptions: + interface: + description: + - Interface name. Source system.interface.name. + type: str + ip: + description: + - IPv4 address of the BFD neighbor. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure BFD. + fortios_router_bfd: + vdom: "{{ vdom }}" + router_bfd: + neighbor: + - + interface: " (source system.interface.name)" + ip: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_bfd_data(json): + option_list = ['neighbor'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_bfd(data, fos): + vdom = data['vdom'] + router_bfd_data = data['router_bfd'] + filtered_data = underscore_to_hyphen(filter_router_bfd_data(router_bfd_data)) + + return fos.set('router', + 'bfd', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_bfd']: + resp = router_bfd(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_bfd')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_bfd": { + "required": False, "type": "dict", "default": None, + "options": { + "neighbor": {"required": False, "type": "list", + "options": { + "interface": {"required": False, "type": "str"}, + "ip": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd6.py new file mode 100644 index 00000000..13f90b04 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bfd6.py @@ -0,0 +1,274 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_bfd6 +short_description: Configure IPv6 BFD in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and bfd6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_bfd6: + description: + - Configure IPv6 BFD. + default: null + type: dict + suboptions: + neighbor: + description: + - Configure neighbor of IPv6 BFD. + type: list + suboptions: + interface: + description: + - Interface to the BFD neighbor. Source system.interface.name. + type: str + ip6_address: + description: + - IPv6 address of the BFD neighbor. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 BFD. + fortios_router_bfd6: + vdom: "{{ vdom }}" + router_bfd6: + neighbor: + - + interface: " (source system.interface.name)" + ip6_address: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_bfd6_data(json): + option_list = ['neighbor'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_bfd6(data, fos): + vdom = data['vdom'] + router_bfd6_data = data['router_bfd6'] + filtered_data = underscore_to_hyphen(filter_router_bfd6_data(router_bfd6_data)) + + return fos.set('router', + 'bfd6', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_bfd6']: + resp = router_bfd6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_bfd6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_bfd6": { + "required": False, "type": "dict", "default": None, + "options": { + "neighbor": {"required": False, "type": "list", + "options": { + "interface": {"required": False, "type": "str"}, + "ip6_address": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bgp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bgp.py new file mode 100644 index 00000000..c5fa3c24 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_bgp.py @@ -0,0 +1,2405 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_bgp +short_description: Configure BGP in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and bgp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_bgp: + description: + - Configure BGP. + default: null + type: dict + suboptions: + admin_distance: + description: + - Administrative distance modifications. + type: list + suboptions: + distance: + description: + - Administrative distance to apply (1 - 255). + type: int + id: + description: + - ID. + required: true + type: int + neighbour_prefix: + description: + - Neighbor address prefix. + type: str + route_list: + description: + - Access list of routes to apply new distance to. Source router.access-list.name. + type: str + aggregate_address: + description: + - BGP aggregate address table. + type: list + suboptions: + as_set: + description: + - Enable/disable generate AS set path information. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + prefix: + description: + - Aggregate prefix. + type: str + summary_only: + description: + - Enable/disable filter more specific routes from updates. + type: str + choices: + - enable + - disable + aggregate_address6: + description: + - BGP IPv6 aggregate address table. + type: list + suboptions: + as_set: + description: + - Enable/disable generate AS set path information. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + prefix6: + description: + - Aggregate IPv6 prefix. + type: str + summary_only: + description: + - Enable/disable filter more specific routes from updates. + type: str + choices: + - enable + - disable + always_compare_med: + description: + - Enable/disable always compare MED. + type: str + choices: + - enable + - disable + as: + description: + - Router AS number, valid from 1 to 4294967295, 0 to disable BGP. + type: int + bestpath_as_path_ignore: + description: + - Enable/disable ignore AS path. + type: str + choices: + - enable + - disable + bestpath_cmp_confed_aspath: + description: + - Enable/disable compare federation AS path length. + type: str + choices: + - enable + - disable + bestpath_cmp_routerid: + description: + - Enable/disable compare router ID for identical EBGP paths. + type: str + choices: + - enable + - disable + bestpath_med_confed: + description: + - Enable/disable compare MED among confederation paths. + type: str + choices: + - enable + - disable + bestpath_med_missing_as_worst: + description: + - Enable/disable treat missing MED as least preferred. + type: str + choices: + - enable + - disable + client_to_client_reflection: + description: + - Enable/disable client-to-client route reflection. + type: str + choices: + - enable + - disable + cluster_id: + description: + - Route reflector cluster ID. + type: str + confederation_identifier: + description: + - Confederation identifier. + type: int + confederation_peers: + description: + - Confederation peers. + type: list + suboptions: + peer: + description: + - Peer ID. + required: true + type: str + dampening: + description: + - Enable/disable route-flap dampening. + type: str + choices: + - enable + - disable + dampening_max_suppress_time: + description: + - Maximum minutes a route can be suppressed. + type: int + dampening_reachability_half_life: + description: + - Reachability half-life time for penalty (min). + type: int + dampening_reuse: + description: + - Threshold to reuse routes. + type: int + dampening_route_map: + description: + - Criteria for dampening. Source router.route-map.name. + type: str + dampening_suppress: + description: + - Threshold to suppress routes. + type: int + dampening_unreachability_half_life: + description: + - Unreachability half-life time for penalty (min). + type: int + default_local_preference: + description: + - Default local preference. + type: int + deterministic_med: + description: + - Enable/disable enforce deterministic comparison of MED. + type: str + choices: + - enable + - disable + distance_external: + description: + - Distance for routes external to the AS. + type: int + distance_internal: + description: + - Distance for routes internal to the AS. + type: int + distance_local: + description: + - Distance for routes local to the AS. + type: int + ebgp_multipath: + description: + - Enable/disable EBGP multi-path. + type: str + choices: + - enable + - disable + enforce_first_as: + description: + - Enable/disable enforce first AS for EBGP routes. + type: str + choices: + - enable + - disable + fast_external_failover: + description: + - Enable/disable reset peer BGP session if link goes down. + type: str + choices: + - enable + - disable + graceful_end_on_timer: + description: + - Enable/disable to exit graceful restart on timer only. + type: str + choices: + - enable + - disable + graceful_restart: + description: + - Enable/disable BGP graceful restart capabilities. + type: str + choices: + - enable + - disable + graceful_restart_time: + description: + - Time needed for neighbors to restart (sec). + type: int + graceful_stalepath_time: + description: + - Time to hold stale paths of restarting neighbor (sec). + type: int + graceful_update_delay: + description: + - Route advertisement/selection delay after restart (sec). + type: int + holdtime_timer: + description: + - Number of seconds to mark peer as dead. + type: int + ibgp_multipath: + description: + - Enable/disable IBGP multi-path. + type: str + choices: + - enable + - disable + ignore_optional_capability: + description: + - Don"t send unknown optional capability notification message + type: str + choices: + - enable + - disable + keepalive_timer: + description: + - Frequency to send keep alive requests. + type: int + log_neighbour_changes: + description: + - Enable logging of BGP neighbour"s changes + type: str + choices: + - enable + - disable + neighbor: + description: + - BGP neighbor table. + type: list + suboptions: + activate: + description: + - Enable/disable address family IPv4 for this neighbor. + type: str + choices: + - enable + - disable + activate6: + description: + - Enable/disable address family IPv6 for this neighbor. + type: str + choices: + - enable + - disable + advertisement_interval: + description: + - Minimum interval (sec) between sending updates. + type: int + allowas_in: + description: + - IPv4 The maximum number of occurrence of my AS number allowed. + type: int + allowas_in_enable: + description: + - Enable/disable IPv4 Enable to allow my AS in AS path. + type: str + choices: + - enable + - disable + allowas_in_enable6: + description: + - Enable/disable IPv6 Enable to allow my AS in AS path. + type: str + choices: + - enable + - disable + allowas_in6: + description: + - IPv6 The maximum number of occurrence of my AS number allowed. + type: int + as_override: + description: + - Enable/disable replace peer AS with own AS for IPv4. + type: str + choices: + - enable + - disable + as_override6: + description: + - Enable/disable replace peer AS with own AS for IPv6. + type: str + choices: + - enable + - disable + attribute_unchanged: + description: + - IPv4 List of attributes that should be unchanged. + type: str + choices: + - as-path + - med + - next-hop + attribute_unchanged6: + description: + - IPv6 List of attributes that should be unchanged. + type: str + choices: + - as-path + - med + - next-hop + bfd: + description: + - Enable/disable BFD for this neighbor. + type: str + choices: + - enable + - disable + capability_default_originate: + description: + - Enable/disable advertise default IPv4 route to this neighbor. + type: str + choices: + - enable + - disable + capability_default_originate6: + description: + - Enable/disable advertise default IPv6 route to this neighbor. + type: str + choices: + - enable + - disable + capability_dynamic: + description: + - Enable/disable advertise dynamic capability to this neighbor. + type: str + choices: + - enable + - disable + capability_graceful_restart: + description: + - Enable/disable advertise IPv4 graceful restart capability to this neighbor. + type: str + choices: + - enable + - disable + capability_graceful_restart6: + description: + - Enable/disable advertise IPv6 graceful restart capability to this neighbor. + type: str + choices: + - enable + - disable + capability_orf: + description: + - Accept/Send IPv4 ORF lists to/from this neighbor. + type: str + choices: + - none + - receive + - send + - both + capability_orf6: + description: + - Accept/Send IPv6 ORF lists to/from this neighbor. + type: str + choices: + - none + - receive + - send + - both + capability_route_refresh: + description: + - Enable/disable advertise route refresh capability to this neighbor. + type: str + choices: + - enable + - disable + conditional_advertise: + description: + - Conditional advertisement. + type: list + suboptions: + advertise_routemap: + description: + - Name of advertising route map. Source router.route-map.name. + type: str + condition_routemap: + description: + - Name of condition route map. Source router.route-map.name. + type: str + condition_type: + description: + - Type of condition. + type: str + choices: + - exist + - non-exist + connect_timer: + description: + - Interval (sec) for connect timer. + type: int + default_originate_routemap: + description: + - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. + type: str + default_originate_routemap6: + description: + - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. + type: str + description: + description: + - Description. + type: str + distribute_list_in: + description: + - Filter for IPv4 updates from this neighbor. Source router.access-list.name. + type: str + distribute_list_in6: + description: + - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. + type: str + distribute_list_out: + description: + - Filter for IPv4 updates to this neighbor. Source router.access-list.name. + type: str + distribute_list_out6: + description: + - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. + type: str + dont_capability_negotiate: + description: + - Don"t negotiate capabilities with this neighbor + type: str + choices: + - enable + - disable + ebgp_enforce_multihop: + description: + - Enable/disable allow multi-hop EBGP neighbors. + type: str + choices: + - enable + - disable + ebgp_multihop_ttl: + description: + - EBGP multihop TTL for this peer. + type: int + filter_list_in: + description: + - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. + type: str + filter_list_in6: + description: + - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. + type: str + filter_list_out: + description: + - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. + type: str + filter_list_out6: + description: + - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. + type: str + holdtime_timer: + description: + - Interval (sec) before peer considered dead. + type: int + interface: + description: + - Interface Source system.interface.name. + type: str + ip: + description: + - IP/IPv6 address of neighbor. + required: true + type: str + keep_alive_timer: + description: + - Keep alive timer interval (sec). + type: int + link_down_failover: + description: + - Enable/disable failover upon link down. + type: str + choices: + - enable + - disable + local_as: + description: + - Local AS number of neighbor. + type: int + local_as_no_prepend: + description: + - Do not prepend local-as to incoming updates. + type: str + choices: + - enable + - disable + local_as_replace_as: + description: + - Replace real AS with local-as in outgoing updates. + type: str + choices: + - enable + - disable + maximum_prefix: + description: + - Maximum number of IPv4 prefixes to accept from this peer. + type: int + maximum_prefix_threshold: + description: + - Maximum IPv4 prefix threshold value (1 - 100 percent). + type: int + maximum_prefix_threshold6: + description: + - Maximum IPv6 prefix threshold value (1 - 100 percent). + type: int + maximum_prefix_warning_only: + description: + - Enable/disable IPv4 Only give warning message when limit is exceeded. + type: str + choices: + - enable + - disable + maximum_prefix_warning_only6: + description: + - Enable/disable IPv6 Only give warning message when limit is exceeded. + type: str + choices: + - enable + - disable + maximum_prefix6: + description: + - Maximum number of IPv6 prefixes to accept from this peer. + type: int + next_hop_self: + description: + - Enable/disable IPv4 next-hop calculation for this neighbor. + type: str + choices: + - enable + - disable + next_hop_self6: + description: + - Enable/disable IPv6 next-hop calculation for this neighbor. + type: str + choices: + - enable + - disable + override_capability: + description: + - Enable/disable override result of capability negotiation. + type: str + choices: + - enable + - disable + passive: + description: + - Enable/disable sending of open messages to this neighbor. + type: str + choices: + - enable + - disable + password: + description: + - Password used in MD5 authentication. + type: str + prefix_list_in: + description: + - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. + type: str + prefix_list_in6: + description: + - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. + type: str + prefix_list_out: + description: + - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. + type: str + prefix_list_out6: + description: + - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. + type: str + remote_as: + description: + - AS number of neighbor. + type: int + remove_private_as: + description: + - Enable/disable remove private AS number from IPv4 outbound updates. + type: str + choices: + - enable + - disable + remove_private_as6: + description: + - Enable/disable remove private AS number from IPv6 outbound updates. + type: str + choices: + - enable + - disable + restart_time: + description: + - Graceful restart delay time (sec, 0 = global default). + type: int + retain_stale_time: + description: + - Time to retain stale routes. + type: int + route_map_in: + description: + - IPv4 Inbound route map filter. Source router.route-map.name. + type: str + route_map_in6: + description: + - IPv6 Inbound route map filter. Source router.route-map.name. + type: str + route_map_out: + description: + - IPv4 Outbound route map filter. Source router.route-map.name. + type: str + route_map_out6: + description: + - IPv6 Outbound route map filter. Source router.route-map.name. + type: str + route_reflector_client: + description: + - Enable/disable IPv4 AS route reflector client. + type: str + choices: + - enable + - disable + route_reflector_client6: + description: + - Enable/disable IPv6 AS route reflector client. + type: str + choices: + - enable + - disable + route_server_client: + description: + - Enable/disable IPv4 AS route server client. + type: str + choices: + - enable + - disable + route_server_client6: + description: + - Enable/disable IPv6 AS route server client. + type: str + choices: + - enable + - disable + send_community: + description: + - IPv4 Send community attribute to neighbor. + type: str + choices: + - standard + - extended + - both + - disable + send_community6: + description: + - IPv6 Send community attribute to neighbor. + type: str + choices: + - standard + - extended + - both + - disable + shutdown: + description: + - Enable/disable shutdown this neighbor. + type: str + choices: + - enable + - disable + soft_reconfiguration: + description: + - Enable/disable allow IPv4 inbound soft reconfiguration. + type: str + choices: + - enable + - disable + soft_reconfiguration6: + description: + - Enable/disable allow IPv6 inbound soft reconfiguration. + type: str + choices: + - enable + - disable + stale_route: + description: + - Enable/disable stale route after neighbor down. + type: str + choices: + - enable + - disable + strict_capability_match: + description: + - Enable/disable strict capability matching. + type: str + choices: + - enable + - disable + unsuppress_map: + description: + - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. + type: str + unsuppress_map6: + description: + - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. + type: str + update_source: + description: + - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. + type: str + weight: + description: + - Neighbor weight. + type: int + neighbor_group: + description: + - BGP neighbor group table. + type: list + suboptions: + activate: + description: + - Enable/disable address family IPv4 for this neighbor. + type: str + choices: + - enable + - disable + activate6: + description: + - Enable/disable address family IPv6 for this neighbor. + type: str + choices: + - enable + - disable + advertisement_interval: + description: + - Minimum interval (sec) between sending updates. + type: int + allowas_in: + description: + - IPv4 The maximum number of occurrence of my AS number allowed. + type: int + allowas_in_enable: + description: + - Enable/disable IPv4 Enable to allow my AS in AS path. + type: str + choices: + - enable + - disable + allowas_in_enable6: + description: + - Enable/disable IPv6 Enable to allow my AS in AS path. + type: str + choices: + - enable + - disable + allowas_in6: + description: + - IPv6 The maximum number of occurrence of my AS number allowed. + type: int + as_override: + description: + - Enable/disable replace peer AS with own AS for IPv4. + type: str + choices: + - enable + - disable + as_override6: + description: + - Enable/disable replace peer AS with own AS for IPv6. + type: str + choices: + - enable + - disable + attribute_unchanged: + description: + - IPv4 List of attributes that should be unchanged. + type: str + choices: + - as-path + - med + - next-hop + attribute_unchanged6: + description: + - IPv6 List of attributes that should be unchanged. + type: str + choices: + - as-path + - med + - next-hop + bfd: + description: + - Enable/disable BFD for this neighbor. + type: str + choices: + - enable + - disable + capability_default_originate: + description: + - Enable/disable advertise default IPv4 route to this neighbor. + type: str + choices: + - enable + - disable + capability_default_originate6: + description: + - Enable/disable advertise default IPv6 route to this neighbor. + type: str + choices: + - enable + - disable + capability_dynamic: + description: + - Enable/disable advertise dynamic capability to this neighbor. + type: str + choices: + - enable + - disable + capability_graceful_restart: + description: + - Enable/disable advertise IPv4 graceful restart capability to this neighbor. + type: str + choices: + - enable + - disable + capability_graceful_restart6: + description: + - Enable/disable advertise IPv6 graceful restart capability to this neighbor. + type: str + choices: + - enable + - disable + capability_orf: + description: + - Accept/Send IPv4 ORF lists to/from this neighbor. + type: str + choices: + - none + - receive + - send + - both + capability_orf6: + description: + - Accept/Send IPv6 ORF lists to/from this neighbor. + type: str + choices: + - none + - receive + - send + - both + capability_route_refresh: + description: + - Enable/disable advertise route refresh capability to this neighbor. + type: str + choices: + - enable + - disable + connect_timer: + description: + - Interval (sec) for connect timer. + type: int + default_originate_routemap: + description: + - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. + type: str + default_originate_routemap6: + description: + - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. + type: str + description: + description: + - Description. + type: str + distribute_list_in: + description: + - Filter for IPv4 updates from this neighbor. Source router.access-list.name. + type: str + distribute_list_in6: + description: + - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. + type: str + distribute_list_out: + description: + - Filter for IPv4 updates to this neighbor. Source router.access-list.name. + type: str + distribute_list_out6: + description: + - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. + type: str + dont_capability_negotiate: + description: + - Don"t negotiate capabilities with this neighbor + type: str + choices: + - enable + - disable + ebgp_enforce_multihop: + description: + - Enable/disable allow multi-hop EBGP neighbors. + type: str + choices: + - enable + - disable + ebgp_multihop_ttl: + description: + - EBGP multihop TTL for this peer. + type: int + filter_list_in: + description: + - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. + type: str + filter_list_in6: + description: + - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. + type: str + filter_list_out: + description: + - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. + type: str + filter_list_out6: + description: + - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. + type: str + holdtime_timer: + description: + - Interval (sec) before peer considered dead. + type: int + interface: + description: + - Interface Source system.interface.name. + type: str + keep_alive_timer: + description: + - Keep alive timer interval (sec). + type: int + link_down_failover: + description: + - Enable/disable failover upon link down. + type: str + choices: + - enable + - disable + local_as: + description: + - Local AS number of neighbor. + type: int + local_as_no_prepend: + description: + - Do not prepend local-as to incoming updates. + type: str + choices: + - enable + - disable + local_as_replace_as: + description: + - Replace real AS with local-as in outgoing updates. + type: str + choices: + - enable + - disable + maximum_prefix: + description: + - Maximum number of IPv4 prefixes to accept from this peer. + type: int + maximum_prefix_threshold: + description: + - Maximum IPv4 prefix threshold value (1 - 100 percent). + type: int + maximum_prefix_threshold6: + description: + - Maximum IPv6 prefix threshold value (1 - 100 percent). + type: int + maximum_prefix_warning_only: + description: + - Enable/disable IPv4 Only give warning message when limit is exceeded. + type: str + choices: + - enable + - disable + maximum_prefix_warning_only6: + description: + - Enable/disable IPv6 Only give warning message when limit is exceeded. + type: str + choices: + - enable + - disable + maximum_prefix6: + description: + - Maximum number of IPv6 prefixes to accept from this peer. + type: int + name: + description: + - Neighbor group name. + required: true + type: str + next_hop_self: + description: + - Enable/disable IPv4 next-hop calculation for this neighbor. + type: str + choices: + - enable + - disable + next_hop_self6: + description: + - Enable/disable IPv6 next-hop calculation for this neighbor. + type: str + choices: + - enable + - disable + override_capability: + description: + - Enable/disable override result of capability negotiation. + type: str + choices: + - enable + - disable + passive: + description: + - Enable/disable sending of open messages to this neighbor. + type: str + choices: + - enable + - disable + prefix_list_in: + description: + - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. + type: str + prefix_list_in6: + description: + - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. + type: str + prefix_list_out: + description: + - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. + type: str + prefix_list_out6: + description: + - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. + type: str + remote_as: + description: + - AS number of neighbor. + type: int + remove_private_as: + description: + - Enable/disable remove private AS number from IPv4 outbound updates. + type: str + choices: + - enable + - disable + remove_private_as6: + description: + - Enable/disable remove private AS number from IPv6 outbound updates. + type: str + choices: + - enable + - disable + restart_time: + description: + - Graceful restart delay time (sec, 0 = global default). + type: int + retain_stale_time: + description: + - Time to retain stale routes. + type: int + route_map_in: + description: + - IPv4 Inbound route map filter. Source router.route-map.name. + type: str + route_map_in6: + description: + - IPv6 Inbound route map filter. Source router.route-map.name. + type: str + route_map_out: + description: + - IPv4 Outbound route map filter. Source router.route-map.name. + type: str + route_map_out6: + description: + - IPv6 Outbound route map filter. Source router.route-map.name. + type: str + route_reflector_client: + description: + - Enable/disable IPv4 AS route reflector client. + type: str + choices: + - enable + - disable + route_reflector_client6: + description: + - Enable/disable IPv6 AS route reflector client. + type: str + choices: + - enable + - disable + route_server_client: + description: + - Enable/disable IPv4 AS route server client. + type: str + choices: + - enable + - disable + route_server_client6: + description: + - Enable/disable IPv6 AS route server client. + type: str + choices: + - enable + - disable + send_community: + description: + - IPv4 Send community attribute to neighbor. + type: str + choices: + - standard + - extended + - both + - disable + send_community6: + description: + - IPv6 Send community attribute to neighbor. + type: str + choices: + - standard + - extended + - both + - disable + shutdown: + description: + - Enable/disable shutdown this neighbor. + type: str + choices: + - enable + - disable + soft_reconfiguration: + description: + - Enable/disable allow IPv4 inbound soft reconfiguration. + type: str + choices: + - enable + - disable + soft_reconfiguration6: + description: + - Enable/disable allow IPv6 inbound soft reconfiguration. + type: str + choices: + - enable + - disable + stale_route: + description: + - Enable/disable stale route after neighbor down. + type: str + choices: + - enable + - disable + strict_capability_match: + description: + - Enable/disable strict capability matching. + type: str + choices: + - enable + - disable + unsuppress_map: + description: + - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. + type: str + unsuppress_map6: + description: + - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. + type: str + update_source: + description: + - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. + type: str + weight: + description: + - Neighbor weight. + type: int + neighbor_range: + description: + - BGP neighbor range table. + type: list + suboptions: + id: + description: + - Neighbor range ID. + required: true + type: int + max_neighbor_num: + description: + - Maximum number of neighbors. + type: int + neighbor_group: + description: + - Neighbor group name. Source router.bgp.neighbor-group.name. + type: str + prefix: + description: + - Neighbor range prefix. + type: str + network: + description: + - BGP network table. + type: list + suboptions: + backdoor: + description: + - Enable/disable route as backdoor. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + prefix: + description: + - Network prefix. + type: str + route_map: + description: + - Route map to modify generated route. Source router.route-map.name. + type: str + network_import_check: + description: + - Enable/disable ensure BGP network route exists in IGP. + type: str + choices: + - enable + - disable + network6: + description: + - BGP IPv6 network table. + type: list + suboptions: + backdoor: + description: + - Enable/disable route as backdoor. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + prefix6: + description: + - Network IPv6 prefix. + type: str + route_map: + description: + - Route map to modify generated route. Source router.route-map.name. + type: str + redistribute: + description: + - BGP IPv4 redistribute table. + type: list + suboptions: + name: + description: + - Distribute list entry name. + required: true + type: str + route_map: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - Status + type: str + choices: + - enable + - disable + redistribute6: + description: + - BGP IPv6 redistribute table. + type: list + suboptions: + name: + description: + - Distribute list entry name. + required: true + type: str + route_map: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - Status + type: str + choices: + - enable + - disable + router_id: + description: + - Router ID. + type: str + scan_time: + description: + - Background scanner interval (sec), 0 to disable it. + type: int + synchronization: + description: + - Enable/disable only advertise routes from iBGP if routes present in an IGP. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure BGP. + fortios_router_bgp: + vdom: "{{ vdom }}" + router_bgp: + admin_distance: + - + distance: "4" + id: "5" + neighbour_prefix: "" + route_list: " (source router.access-list.name)" + aggregate_address: + - + as_set: "enable" + id: "10" + prefix: "" + summary_only: "enable" + aggregate_address6: + - + as_set: "enable" + id: "15" + prefix6: "" + summary_only: "enable" + always_compare_med: "enable" + as: "19" + bestpath_as_path_ignore: "enable" + bestpath_cmp_confed_aspath: "enable" + bestpath_cmp_routerid: "enable" + bestpath_med_confed: "enable" + bestpath_med_missing_as_worst: "enable" + client_to_client_reflection: "enable" + cluster_id: "" + confederation_identifier: "27" + confederation_peers: + - + peer: "" + dampening: "enable" + dampening_max_suppress_time: "31" + dampening_reachability_half_life: "32" + dampening_reuse: "33" + dampening_route_map: " (source router.route-map.name)" + dampening_suppress: "35" + dampening_unreachability_half_life: "36" + default_local_preference: "37" + deterministic_med: "enable" + distance_external: "39" + distance_internal: "40" + distance_local: "41" + ebgp_multipath: "enable" + enforce_first_as: "enable" + fast_external_failover: "enable" + graceful_end_on_timer: "enable" + graceful_restart: "enable" + graceful_restart_time: "47" + graceful_stalepath_time: "48" + graceful_update_delay: "49" + holdtime_timer: "50" + ibgp_multipath: "enable" + ignore_optional_capability: "enable" + keepalive_timer: "53" + log_neighbour_changes: "enable" + neighbor: + - + activate: "enable" + activate6: "enable" + advertisement_interval: "58" + allowas_in: "59" + allowas_in_enable: "enable" + allowas_in_enable6: "enable" + allowas_in6: "62" + as_override: "enable" + as_override6: "enable" + attribute_unchanged: "as-path" + attribute_unchanged6: "as-path" + bfd: "enable" + capability_default_originate: "enable" + capability_default_originate6: "enable" + capability_dynamic: "enable" + capability_graceful_restart: "enable" + capability_graceful_restart6: "enable" + capability_orf: "none" + capability_orf6: "none" + capability_route_refresh: "enable" + conditional_advertise: + - + advertise_routemap: " (source router.route-map.name)" + condition_routemap: " (source router.route-map.name)" + condition_type: "exist" + connect_timer: "80" + default_originate_routemap: " (source router.route-map.name)" + default_originate_routemap6: " (source router.route-map.name)" + description: "" + distribute_list_in: " (source router.access-list.name)" + distribute_list_in6: " (source router.access-list6.name)" + distribute_list_out: " (source router.access-list.name)" + distribute_list_out6: " (source router.access-list6.name)" + dont_capability_negotiate: "enable" + ebgp_enforce_multihop: "enable" + ebgp_multihop_ttl: "90" + filter_list_in: " (source router.aspath-list.name)" + filter_list_in6: " (source router.aspath-list.name)" + filter_list_out: " (source router.aspath-list.name)" + filter_list_out6: " (source router.aspath-list.name)" + holdtime_timer: "95" + interface: " (source system.interface.name)" + ip: "" + keep_alive_timer: "98" + link_down_failover: "enable" + local_as: "100" + local_as_no_prepend: "enable" + local_as_replace_as: "enable" + maximum_prefix: "103" + maximum_prefix_threshold: "104" + maximum_prefix_threshold6: "105" + maximum_prefix_warning_only: "enable" + maximum_prefix_warning_only6: "enable" + maximum_prefix6: "108" + next_hop_self: "enable" + next_hop_self6: "enable" + override_capability: "enable" + passive: "enable" + password: "" + prefix_list_in: " (source router.prefix-list.name)" + prefix_list_in6: " (source router.prefix-list6.name)" + prefix_list_out: " (source router.prefix-list.name)" + prefix_list_out6: " (source router.prefix-list6.name)" + remote_as: "118" + remove_private_as: "enable" + remove_private_as6: "enable" + restart_time: "121" + retain_stale_time: "122" + route_map_in: " (source router.route-map.name)" + route_map_in6: " (source router.route-map.name)" + route_map_out: " (source router.route-map.name)" + route_map_out6: " (source router.route-map.name)" + route_reflector_client: "enable" + route_reflector_client6: "enable" + route_server_client: "enable" + route_server_client6: "enable" + send_community: "standard" + send_community6: "standard" + shutdown: "enable" + soft_reconfiguration: "enable" + soft_reconfiguration6: "enable" + stale_route: "enable" + strict_capability_match: "enable" + unsuppress_map: " (source router.route-map.name)" + unsuppress_map6: " (source router.route-map.name)" + update_source: " (source system.interface.name)" + weight: "141" + neighbor_group: + - + activate: "enable" + activate6: "enable" + advertisement_interval: "145" + allowas_in: "146" + allowas_in_enable: "enable" + allowas_in_enable6: "enable" + allowas_in6: "149" + as_override: "enable" + as_override6: "enable" + attribute_unchanged: "as-path" + attribute_unchanged6: "as-path" + bfd: "enable" + capability_default_originate: "enable" + capability_default_originate6: "enable" + capability_dynamic: "enable" + capability_graceful_restart: "enable" + capability_graceful_restart6: "enable" + capability_orf: "none" + capability_orf6: "none" + capability_route_refresh: "enable" + connect_timer: "163" + default_originate_routemap: " (source router.route-map.name)" + default_originate_routemap6: " (source router.route-map.name)" + description: "" + distribute_list_in: " (source router.access-list.name)" + distribute_list_in6: " (source router.access-list6.name)" + distribute_list_out: " (source router.access-list.name)" + distribute_list_out6: " (source router.access-list6.name)" + dont_capability_negotiate: "enable" + ebgp_enforce_multihop: "enable" + ebgp_multihop_ttl: "173" + filter_list_in: " (source router.aspath-list.name)" + filter_list_in6: " (source router.aspath-list.name)" + filter_list_out: " (source router.aspath-list.name)" + filter_list_out6: " (source router.aspath-list.name)" + holdtime_timer: "178" + interface: " (source system.interface.name)" + keep_alive_timer: "180" + link_down_failover: "enable" + local_as: "182" + local_as_no_prepend: "enable" + local_as_replace_as: "enable" + maximum_prefix: "185" + maximum_prefix_threshold: "186" + maximum_prefix_threshold6: "187" + maximum_prefix_warning_only: "enable" + maximum_prefix_warning_only6: "enable" + maximum_prefix6: "190" + name: "default_name_191" + next_hop_self: "enable" + next_hop_self6: "enable" + override_capability: "enable" + passive: "enable" + prefix_list_in: " (source router.prefix-list.name)" + prefix_list_in6: " (source router.prefix-list6.name)" + prefix_list_out: " (source router.prefix-list.name)" + prefix_list_out6: " (source router.prefix-list6.name)" + remote_as: "200" + remove_private_as: "enable" + remove_private_as6: "enable" + restart_time: "203" + retain_stale_time: "204" + route_map_in: " (source router.route-map.name)" + route_map_in6: " (source router.route-map.name)" + route_map_out: " (source router.route-map.name)" + route_map_out6: " (source router.route-map.name)" + route_reflector_client: "enable" + route_reflector_client6: "enable" + route_server_client: "enable" + route_server_client6: "enable" + send_community: "standard" + send_community6: "standard" + shutdown: "enable" + soft_reconfiguration: "enable" + soft_reconfiguration6: "enable" + stale_route: "enable" + strict_capability_match: "enable" + unsuppress_map: " (source router.route-map.name)" + unsuppress_map6: " (source router.route-map.name)" + update_source: " (source system.interface.name)" + weight: "223" + neighbor_range: + - + id: "225" + max_neighbor_num: "226" + neighbor_group: " (source router.bgp.neighbor-group.name)" + prefix: "" + network: + - + backdoor: "enable" + id: "231" + prefix: "" + route_map: " (source router.route-map.name)" + network_import_check: "enable" + network6: + - + backdoor: "enable" + id: "237" + prefix6: "" + route_map: " (source router.route-map.name)" + redistribute: + - + name: "default_name_241" + route_map: " (source router.route-map.name)" + status: "enable" + redistribute6: + - + name: "default_name_245" + route_map: " (source router.route-map.name)" + status: "enable" + router_id: "" + scan_time: "249" + synchronization: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_bgp_data(json): + option_list = ['admin_distance', 'aggregate_address', 'aggregate_address6', + 'always_compare_med', 'as', 'bestpath_as_path_ignore', + 'bestpath_cmp_confed_aspath', 'bestpath_cmp_routerid', 'bestpath_med_confed', + 'bestpath_med_missing_as_worst', 'client_to_client_reflection', 'cluster_id', + 'confederation_identifier', 'confederation_peers', 'dampening', + 'dampening_max_suppress_time', 'dampening_reachability_half_life', 'dampening_reuse', + 'dampening_route_map', 'dampening_suppress', 'dampening_unreachability_half_life', + 'default_local_preference', 'deterministic_med', 'distance_external', + 'distance_internal', 'distance_local', 'ebgp_multipath', + 'enforce_first_as', 'fast_external_failover', 'graceful_end_on_timer', + 'graceful_restart', 'graceful_restart_time', 'graceful_stalepath_time', + 'graceful_update_delay', 'holdtime_timer', 'ibgp_multipath', + 'ignore_optional_capability', 'keepalive_timer', 'log_neighbour_changes', + 'neighbor', 'neighbor_group', 'neighbor_range', + 'network', 'network_import_check', 'network6', + 'redistribute', 'redistribute6', 'router_id', + 'scan_time', 'synchronization'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_bgp(data, fos): + vdom = data['vdom'] + router_bgp_data = data['router_bgp'] + filtered_data = underscore_to_hyphen(filter_router_bgp_data(router_bgp_data)) + + return fos.set('router', + 'bgp', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_bgp']: + resp = router_bgp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_bgp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_bgp": { + "required": False, "type": "dict", "default": None, + "options": { + "admin_distance": {"required": False, "type": "list", + "options": { + "distance": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "neighbour_prefix": {"required": False, "type": "str"}, + "route_list": {"required": False, "type": "str"} + }}, + "aggregate_address": {"required": False, "type": "list", + "options": { + "as_set": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"}, + "summary_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "aggregate_address6": {"required": False, "type": "list", + "options": { + "as_set": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "prefix6": {"required": False, "type": "str"}, + "summary_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "always_compare_med": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "as": {"required": False, "type": "int"}, + "bestpath_as_path_ignore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bestpath_cmp_confed_aspath": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bestpath_cmp_routerid": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bestpath_med_confed": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bestpath_med_missing_as_worst": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_to_client_reflection": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cluster_id": {"required": False, "type": "str"}, + "confederation_identifier": {"required": False, "type": "int"}, + "confederation_peers": {"required": False, "type": "list", + "options": { + "peer": {"required": True, "type": "str"} + }}, + "dampening": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dampening_max_suppress_time": {"required": False, "type": "int"}, + "dampening_reachability_half_life": {"required": False, "type": "int"}, + "dampening_reuse": {"required": False, "type": "int"}, + "dampening_route_map": {"required": False, "type": "str"}, + "dampening_suppress": {"required": False, "type": "int"}, + "dampening_unreachability_half_life": {"required": False, "type": "int"}, + "default_local_preference": {"required": False, "type": "int"}, + "deterministic_med": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "distance_external": {"required": False, "type": "int"}, + "distance_internal": {"required": False, "type": "int"}, + "distance_local": {"required": False, "type": "int"}, + "ebgp_multipath": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "enforce_first_as": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fast_external_failover": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "graceful_end_on_timer": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "graceful_restart": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "graceful_restart_time": {"required": False, "type": "int"}, + "graceful_stalepath_time": {"required": False, "type": "int"}, + "graceful_update_delay": {"required": False, "type": "int"}, + "holdtime_timer": {"required": False, "type": "int"}, + "ibgp_multipath": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ignore_optional_capability": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "keepalive_timer": {"required": False, "type": "int"}, + "log_neighbour_changes": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "neighbor": {"required": False, "type": "list", + "options": { + "activate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "activate6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "advertisement_interval": {"required": False, "type": "int"}, + "allowas_in": {"required": False, "type": "int"}, + "allowas_in_enable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allowas_in_enable6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allowas_in6": {"required": False, "type": "int"}, + "as_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "as_override6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "attribute_unchanged": {"required": False, "type": "str", + "choices": ["as-path", + "med", + "next-hop"]}, + "attribute_unchanged6": {"required": False, "type": "str", + "choices": ["as-path", + "med", + "next-hop"]}, + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_default_originate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_default_originate6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_dynamic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_graceful_restart": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_graceful_restart6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_orf": {"required": False, "type": "str", + "choices": ["none", + "receive", + "send", + "both"]}, + "capability_orf6": {"required": False, "type": "str", + "choices": ["none", + "receive", + "send", + "both"]}, + "capability_route_refresh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "conditional_advertise": {"required": False, "type": "list", + "options": { + "advertise_routemap": {"required": False, "type": "str"}, + "condition_routemap": {"required": False, "type": "str"}, + "condition_type": {"required": False, "type": "str", + "choices": ["exist", + "non-exist"]} + }}, + "connect_timer": {"required": False, "type": "int"}, + "default_originate_routemap": {"required": False, "type": "str"}, + "default_originate_routemap6": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "distribute_list_in": {"required": False, "type": "str"}, + "distribute_list_in6": {"required": False, "type": "str"}, + "distribute_list_out": {"required": False, "type": "str"}, + "distribute_list_out6": {"required": False, "type": "str"}, + "dont_capability_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ebgp_enforce_multihop": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ebgp_multihop_ttl": {"required": False, "type": "int"}, + "filter_list_in": {"required": False, "type": "str"}, + "filter_list_in6": {"required": False, "type": "str"}, + "filter_list_out": {"required": False, "type": "str"}, + "filter_list_out6": {"required": False, "type": "str"}, + "holdtime_timer": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip": {"required": True, "type": "str"}, + "keep_alive_timer": {"required": False, "type": "int"}, + "link_down_failover": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_as": {"required": False, "type": "int"}, + "local_as_no_prepend": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_as_replace_as": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "maximum_prefix": {"required": False, "type": "int"}, + "maximum_prefix_threshold": {"required": False, "type": "int"}, + "maximum_prefix_threshold6": {"required": False, "type": "int"}, + "maximum_prefix_warning_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "maximum_prefix_warning_only6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "maximum_prefix6": {"required": False, "type": "int"}, + "next_hop_self": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "next_hop_self6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_capability": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "passive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "password": {"required": False, "type": "str"}, + "prefix_list_in": {"required": False, "type": "str"}, + "prefix_list_in6": {"required": False, "type": "str"}, + "prefix_list_out": {"required": False, "type": "str"}, + "prefix_list_out6": {"required": False, "type": "str"}, + "remote_as": {"required": False, "type": "int"}, + "remove_private_as": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remove_private_as6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "restart_time": {"required": False, "type": "int"}, + "retain_stale_time": {"required": False, "type": "int"}, + "route_map_in": {"required": False, "type": "str"}, + "route_map_in6": {"required": False, "type": "str"}, + "route_map_out": {"required": False, "type": "str"}, + "route_map_out6": {"required": False, "type": "str"}, + "route_reflector_client": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_reflector_client6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_server_client": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_server_client6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "send_community": {"required": False, "type": "str", + "choices": ["standard", + "extended", + "both", + "disable"]}, + "send_community6": {"required": False, "type": "str", + "choices": ["standard", + "extended", + "both", + "disable"]}, + "shutdown": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "soft_reconfiguration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "soft_reconfiguration6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "stale_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strict_capability_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unsuppress_map": {"required": False, "type": "str"}, + "unsuppress_map6": {"required": False, "type": "str"}, + "update_source": {"required": False, "type": "str"}, + "weight": {"required": False, "type": "int"} + }}, + "neighbor_group": {"required": False, "type": "list", + "options": { + "activate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "activate6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "advertisement_interval": {"required": False, "type": "int"}, + "allowas_in": {"required": False, "type": "int"}, + "allowas_in_enable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allowas_in_enable6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allowas_in6": {"required": False, "type": "int"}, + "as_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "as_override6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "attribute_unchanged": {"required": False, "type": "str", + "choices": ["as-path", + "med", + "next-hop"]}, + "attribute_unchanged6": {"required": False, "type": "str", + "choices": ["as-path", + "med", + "next-hop"]}, + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_default_originate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_default_originate6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_dynamic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_graceful_restart": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_graceful_restart6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "capability_orf": {"required": False, "type": "str", + "choices": ["none", + "receive", + "send", + "both"]}, + "capability_orf6": {"required": False, "type": "str", + "choices": ["none", + "receive", + "send", + "both"]}, + "capability_route_refresh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "connect_timer": {"required": False, "type": "int"}, + "default_originate_routemap": {"required": False, "type": "str"}, + "default_originate_routemap6": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "distribute_list_in": {"required": False, "type": "str"}, + "distribute_list_in6": {"required": False, "type": "str"}, + "distribute_list_out": {"required": False, "type": "str"}, + "distribute_list_out6": {"required": False, "type": "str"}, + "dont_capability_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ebgp_enforce_multihop": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ebgp_multihop_ttl": {"required": False, "type": "int"}, + "filter_list_in": {"required": False, "type": "str"}, + "filter_list_in6": {"required": False, "type": "str"}, + "filter_list_out": {"required": False, "type": "str"}, + "filter_list_out6": {"required": False, "type": "str"}, + "holdtime_timer": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "keep_alive_timer": {"required": False, "type": "int"}, + "link_down_failover": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_as": {"required": False, "type": "int"}, + "local_as_no_prepend": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_as_replace_as": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "maximum_prefix": {"required": False, "type": "int"}, + "maximum_prefix_threshold": {"required": False, "type": "int"}, + "maximum_prefix_threshold6": {"required": False, "type": "int"}, + "maximum_prefix_warning_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "maximum_prefix_warning_only6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "maximum_prefix6": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "next_hop_self": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "next_hop_self6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_capability": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "passive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "prefix_list_in": {"required": False, "type": "str"}, + "prefix_list_in6": {"required": False, "type": "str"}, + "prefix_list_out": {"required": False, "type": "str"}, + "prefix_list_out6": {"required": False, "type": "str"}, + "remote_as": {"required": False, "type": "int"}, + "remove_private_as": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remove_private_as6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "restart_time": {"required": False, "type": "int"}, + "retain_stale_time": {"required": False, "type": "int"}, + "route_map_in": {"required": False, "type": "str"}, + "route_map_in6": {"required": False, "type": "str"}, + "route_map_out": {"required": False, "type": "str"}, + "route_map_out6": {"required": False, "type": "str"}, + "route_reflector_client": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_reflector_client6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_server_client": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_server_client6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "send_community": {"required": False, "type": "str", + "choices": ["standard", + "extended", + "both", + "disable"]}, + "send_community6": {"required": False, "type": "str", + "choices": ["standard", + "extended", + "both", + "disable"]}, + "shutdown": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "soft_reconfiguration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "soft_reconfiguration6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "stale_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strict_capability_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unsuppress_map": {"required": False, "type": "str"}, + "unsuppress_map6": {"required": False, "type": "str"}, + "update_source": {"required": False, "type": "str"}, + "weight": {"required": False, "type": "int"} + }}, + "neighbor_range": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "max_neighbor_num": {"required": False, "type": "int"}, + "neighbor_group": {"required": False, "type": "str"}, + "prefix": {"required": False, "type": "str"} + }}, + "network": {"required": False, "type": "list", + "options": { + "backdoor": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"}, + "route_map": {"required": False, "type": "str"} + }}, + "network_import_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "network6": {"required": False, "type": "list", + "options": { + "backdoor": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "prefix6": {"required": False, "type": "str"}, + "route_map": {"required": False, "type": "str"} + }}, + "redistribute": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "route_map": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "redistribute6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "route_map": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "router_id": {"required": False, "type": "str"}, + "scan_time": {"required": False, "type": "int"}, + "synchronization": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_community_list.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_community_list.py new file mode 100644 index 00000000..1e6ea0f6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_community_list.py @@ -0,0 +1,332 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_community_list +short_description: Configure community lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and community_list category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + router_community_list: + description: + - Configure community lists. + default: null + type: dict + suboptions: + name: + description: + - Community list name. + required: true + type: str + rule: + description: + - Community list rule. + type: list + suboptions: + action: + description: + - Permit or deny route-based operations, based on the route"s COMMUNITY attribute. + type: str + choices: + - deny + - permit + id: + description: + - ID. + required: true + type: int + match: + description: + - Community specifications for matching a reserved community. + type: str + regexp: + description: + - Ordered list of COMMUNITY attributes as a regular expression. + type: str + type: + description: + - Community list type (standard or expanded). + type: str + choices: + - standard + - expanded +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure community lists. + fortios_router_community_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_community_list: + name: "default_name_3" + rule: + - + action: "deny" + id: "6" + match: "" + regexp: "" + type: "standard" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_community_list_data(json): + option_list = ['name', 'rule', 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_community_list(data, fos): + vdom = data['vdom'] + state = data['state'] + router_community_list_data = data['router_community_list'] + filtered_data = underscore_to_hyphen(filter_router_community_list_data(router_community_list_data)) + + if state == "present": + return fos.set('router', + 'community-list', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'community-list', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_community_list']: + resp = router_community_list(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_community_list')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "router_community_list": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["deny", + "permit"]}, + "id": {"required": True, "type": "int"}, + "match": {"required": False, "type": "str"}, + "regexp": {"required": False, "type": "str"} + }}, + "type": {"required": False, "type": "str", + "choices": ["standard", + "expanded"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_isis.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_isis.py new file mode 100644 index 00000000..97a8b922 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_isis.py @@ -0,0 +1,1067 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_isis +short_description: Configure IS-IS in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and isis category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_isis: + description: + - Configure IS-IS. + default: null + type: dict + suboptions: + adjacency_check: + description: + - Enable/disable adjacency check. + type: str + choices: + - enable + - disable + adjacency_check6: + description: + - Enable/disable IPv6 adjacency check. + type: str + choices: + - enable + - disable + adv_passive_only: + description: + - Enable/disable IS-IS advertisement of passive interfaces only. + type: str + choices: + - enable + - disable + adv_passive_only6: + description: + - Enable/disable IPv6 IS-IS advertisement of passive interfaces only. + type: str + choices: + - enable + - disable + auth_keychain_l1: + description: + - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. + type: str + auth_keychain_l2: + description: + - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. + type: str + auth_mode_l1: + description: + - Level 1 authentication mode. + type: str + choices: + - password + - md5 + auth_mode_l2: + description: + - Level 2 authentication mode. + type: str + choices: + - password + - md5 + auth_password_l1: + description: + - Authentication password for level 1 PDUs. + type: str + auth_password_l2: + description: + - Authentication password for level 2 PDUs. + type: str + auth_sendonly_l1: + description: + - Enable/disable level 1 authentication send-only. + type: str + choices: + - enable + - disable + auth_sendonly_l2: + description: + - Enable/disable level 2 authentication send-only. + type: str + choices: + - enable + - disable + default_originate: + description: + - Enable/disable distribution of default route information. + type: str + choices: + - enable + - disable + default_originate6: + description: + - Enable/disable distribution of default IPv6 route information. + type: str + choices: + - enable + - disable + dynamic_hostname: + description: + - Enable/disable dynamic hostname. + type: str + choices: + - enable + - disable + ignore_lsp_errors: + description: + - Enable/disable ignoring of LSP errors with bad checksums. + type: str + choices: + - enable + - disable + is_type: + description: + - IS type. + type: str + choices: + - level-1-2 + - level-1 + - level-2-only + isis_interface: + description: + - IS-IS interface configuration. + type: list + suboptions: + auth_keychain_l1: + description: + - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. + type: str + auth_keychain_l2: + description: + - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. + type: str + auth_mode_l1: + description: + - Level 1 authentication mode. + type: str + choices: + - md5 + - password + auth_mode_l2: + description: + - Level 2 authentication mode. + type: str + choices: + - md5 + - password + auth_password_l1: + description: + - Authentication password for level 1 PDUs. + type: str + auth_password_l2: + description: + - Authentication password for level 2 PDUs. + type: str + auth_send_only_l1: + description: + - Enable/disable authentication send-only for level 1 PDUs. + type: str + choices: + - enable + - disable + auth_send_only_l2: + description: + - Enable/disable authentication send-only for level 2 PDUs. + type: str + choices: + - enable + - disable + circuit_type: + description: + - IS-IS interface"s circuit type + type: str + choices: + - level-1-2 + - level-1 + - level-2 + csnp_interval_l1: + description: + - Level 1 CSNP interval. + type: int + csnp_interval_l2: + description: + - Level 2 CSNP interval. + type: int + hello_interval_l1: + description: + - Level 1 hello interval. + type: int + hello_interval_l2: + description: + - Level 2 hello interval. + type: int + hello_multiplier_l1: + description: + - Level 1 multiplier for Hello holding time. + type: int + hello_multiplier_l2: + description: + - Level 2 multiplier for Hello holding time. + type: int + hello_padding: + description: + - Enable/disable padding to IS-IS hello packets. + type: str + choices: + - enable + - disable + lsp_interval: + description: + - LSP transmission interval (milliseconds). + type: int + lsp_retransmit_interval: + description: + - LSP retransmission interval (sec). + type: int + mesh_group: + description: + - Enable/disable IS-IS mesh group. + type: str + choices: + - enable + - disable + mesh_group_id: + description: + - 'Mesh group ID <0-4294967295>, 0: mesh-group blocked.' + type: int + metric_l1: + description: + - Level 1 metric for interface. + type: int + metric_l2: + description: + - Level 2 metric for interface. + type: int + name: + description: + - IS-IS interface name. Source system.interface.name. + required: true + type: str + network_type: + description: + - IS-IS interface"s network type + type: str + choices: + - broadcast + - point-to-point + - loopback + priority_l1: + description: + - Level 1 priority. + type: int + priority_l2: + description: + - Level 2 priority. + type: int + status: + description: + - Enable/disable interface for IS-IS. + type: str + choices: + - enable + - disable + status6: + description: + - Enable/disable IPv6 interface for IS-IS. + type: str + choices: + - enable + - disable + wide_metric_l1: + description: + - Level 1 wide metric for interface. + type: int + wide_metric_l2: + description: + - Level 2 wide metric for interface. + type: int + isis_net: + description: + - IS-IS net configuration. + type: list + suboptions: + id: + description: + - isis-net ID. + required: true + type: int + net: + description: + - IS-IS net xx.xxxx. ... .xxxx.xx. + type: str + lsp_gen_interval_l1: + description: + - Minimum interval for level 1 LSP regenerating. + type: int + lsp_gen_interval_l2: + description: + - Minimum interval for level 2 LSP regenerating. + type: int + lsp_refresh_interval: + description: + - LSP refresh time in seconds. + type: int + max_lsp_lifetime: + description: + - Maximum LSP lifetime in seconds. + type: int + metric_style: + description: + - Use old-style (ISO 10589) or new-style packet formats + type: str + choices: + - narrow + - wide + - transition + - narrow-transition + - narrow-transition-l1 + - narrow-transition-l2 + - wide-l1 + - wide-l2 + - wide-transition + - wide-transition-l1 + - wide-transition-l2 + - transition-l1 + - transition-l2 + overload_bit: + description: + - Enable/disable signal other routers not to use us in SPF. + type: str + choices: + - enable + - disable + overload_bit_on_startup: + description: + - Overload-bit only temporarily after reboot. + type: int + overload_bit_suppress: + description: + - Suppress overload-bit for the specific prefixes. + type: str + choices: + - external + - interlevel + redistribute: + description: + - IS-IS redistribute protocols. + type: list + suboptions: + level: + description: + - Level. + type: str + choices: + - level-1-2 + - level-1 + - level-2 + metric: + description: + - Metric. + type: int + metric_type: + description: + - Metric type. + type: str + choices: + - external + - internal + protocol: + description: + - Protocol name. + required: true + type: str + routemap: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - Status. + type: str + choices: + - enable + - disable + redistribute_l1: + description: + - Enable/disable redistribution of level 1 routes into level 2. + type: str + choices: + - enable + - disable + redistribute_l1_list: + description: + - Access-list for route redistribution from l1 to l2. Source router.access-list.name. + type: str + redistribute_l2: + description: + - Enable/disable redistribution of level 2 routes into level 1. + type: str + choices: + - enable + - disable + redistribute_l2_list: + description: + - Access-list for route redistribution from l2 to l1. Source router.access-list.name. + type: str + redistribute6: + description: + - IS-IS IPv6 redistribution for routing protocols. + type: list + suboptions: + level: + description: + - Level. + type: str + choices: + - level-1-2 + - level-1 + - level-2 + metric: + description: + - Metric. + type: int + metric_type: + description: + - Metric type. + type: str + choices: + - external + - internal + protocol: + description: + - Protocol name. + required: true + type: str + routemap: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - Enable/disable redistribution. + type: str + choices: + - enable + - disable + redistribute6_l1: + description: + - Enable/disable redistribution of level 1 IPv6 routes into level 2. + type: str + choices: + - enable + - disable + redistribute6_l1_list: + description: + - Access-list for IPv6 route redistribution from l1 to l2. Source router.access-list6.name. + type: str + redistribute6_l2: + description: + - Enable/disable redistribution of level 2 IPv6 routes into level 1. + type: str + choices: + - enable + - disable + redistribute6_l2_list: + description: + - Access-list for IPv6 route redistribution from l2 to l1. Source router.access-list6.name. + type: str + spf_interval_exp_l1: + description: + - Level 1 SPF calculation delay. + type: str + spf_interval_exp_l2: + description: + - Level 2 SPF calculation delay. + type: str + summary_address: + description: + - IS-IS summary addresses. + type: list + suboptions: + id: + description: + - Summary address entry ID. + required: true + type: int + level: + description: + - Level. + type: str + choices: + - level-1-2 + - level-1 + - level-2 + prefix: + description: + - Prefix. + type: str + summary_address6: + description: + - IS-IS IPv6 summary address. + type: list + suboptions: + id: + description: + - Prefix entry ID. + required: true + type: int + level: + description: + - Level. + type: str + choices: + - level-1-2 + - level-1 + - level-2 + prefix6: + description: + - IPv6 prefix. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IS-IS. + fortios_router_isis: + vdom: "{{ vdom }}" + router_isis: + adjacency_check: "enable" + adjacency_check6: "enable" + adv_passive_only: "enable" + adv_passive_only6: "enable" + auth_keychain_l1: " (source router.key-chain.name)" + auth_keychain_l2: " (source router.key-chain.name)" + auth_mode_l1: "password" + auth_mode_l2: "password" + auth_password_l1: "" + auth_password_l2: "" + auth_sendonly_l1: "enable" + auth_sendonly_l2: "enable" + default_originate: "enable" + default_originate6: "enable" + dynamic_hostname: "enable" + ignore_lsp_errors: "enable" + is_type: "level-1-2" + isis_interface: + - + auth_keychain_l1: " (source router.key-chain.name)" + auth_keychain_l2: " (source router.key-chain.name)" + auth_mode_l1: "md5" + auth_mode_l2: "md5" + auth_password_l1: "" + auth_password_l2: "" + auth_send_only_l1: "enable" + auth_send_only_l2: "enable" + circuit_type: "level-1-2" + csnp_interval_l1: "30" + csnp_interval_l2: "31" + hello_interval_l1: "32" + hello_interval_l2: "33" + hello_multiplier_l1: "34" + hello_multiplier_l2: "35" + hello_padding: "enable" + lsp_interval: "37" + lsp_retransmit_interval: "38" + mesh_group: "enable" + mesh_group_id: "40" + metric_l1: "41" + metric_l2: "42" + name: "default_name_43 (source system.interface.name)" + network_type: "broadcast" + priority_l1: "45" + priority_l2: "46" + status: "enable" + status6: "enable" + wide_metric_l1: "49" + wide_metric_l2: "50" + isis_net: + - + id: "52" + net: "" + lsp_gen_interval_l1: "54" + lsp_gen_interval_l2: "55" + lsp_refresh_interval: "56" + max_lsp_lifetime: "57" + metric_style: "narrow" + overload_bit: "enable" + overload_bit_on_startup: "60" + overload_bit_suppress: "external" + redistribute: + - + level: "level-1-2" + metric: "64" + metric_type: "external" + protocol: "" + routemap: " (source router.route-map.name)" + status: "enable" + redistribute_l1: "enable" + redistribute_l1_list: " (source router.access-list.name)" + redistribute_l2: "enable" + redistribute_l2_list: " (source router.access-list.name)" + redistribute6: + - + level: "level-1-2" + metric: "75" + metric_type: "external" + protocol: "" + routemap: " (source router.route-map.name)" + status: "enable" + redistribute6_l1: "enable" + redistribute6_l1_list: " (source router.access-list6.name)" + redistribute6_l2: "enable" + redistribute6_l2_list: " (source router.access-list6.name)" + spf_interval_exp_l1: "" + spf_interval_exp_l2: "" + summary_address: + - + id: "87" + level: "level-1-2" + prefix: "" + summary_address6: + - + id: "91" + level: "level-1-2" + prefix6: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_isis_data(json): + option_list = ['adjacency_check', 'adjacency_check6', 'adv_passive_only', + 'adv_passive_only6', 'auth_keychain_l1', 'auth_keychain_l2', + 'auth_mode_l1', 'auth_mode_l2', 'auth_password_l1', + 'auth_password_l2', 'auth_sendonly_l1', 'auth_sendonly_l2', + 'default_originate', 'default_originate6', 'dynamic_hostname', + 'ignore_lsp_errors', 'is_type', 'isis_interface', + 'isis_net', 'lsp_gen_interval_l1', 'lsp_gen_interval_l2', + 'lsp_refresh_interval', 'max_lsp_lifetime', 'metric_style', + 'overload_bit', 'overload_bit_on_startup', 'overload_bit_suppress', + 'redistribute', 'redistribute_l1', 'redistribute_l1_list', + 'redistribute_l2', 'redistribute_l2_list', 'redistribute6', + 'redistribute6_l1', 'redistribute6_l1_list', 'redistribute6_l2', + 'redistribute6_l2_list', 'spf_interval_exp_l1', 'spf_interval_exp_l2', + 'summary_address', 'summary_address6'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_isis(data, fos): + vdom = data['vdom'] + router_isis_data = data['router_isis'] + filtered_data = underscore_to_hyphen(filter_router_isis_data(router_isis_data)) + + return fos.set('router', + 'isis', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_isis']: + resp = router_isis(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_isis')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_isis": { + "required": False, "type": "dict", "default": None, + "options": { + "adjacency_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "adjacency_check6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "adv_passive_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "adv_passive_only6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_keychain_l1": {"required": False, "type": "str"}, + "auth_keychain_l2": {"required": False, "type": "str"}, + "auth_mode_l1": {"required": False, "type": "str", + "choices": ["password", + "md5"]}, + "auth_mode_l2": {"required": False, "type": "str", + "choices": ["password", + "md5"]}, + "auth_password_l1": {"required": False, "type": "str"}, + "auth_password_l2": {"required": False, "type": "str"}, + "auth_sendonly_l1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_sendonly_l2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_originate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_originate6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dynamic_hostname": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ignore_lsp_errors": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "is_type": {"required": False, "type": "str", + "choices": ["level-1-2", + "level-1", + "level-2-only"]}, + "isis_interface": {"required": False, "type": "list", + "options": { + "auth_keychain_l1": {"required": False, "type": "str"}, + "auth_keychain_l2": {"required": False, "type": "str"}, + "auth_mode_l1": {"required": False, "type": "str", + "choices": ["md5", + "password"]}, + "auth_mode_l2": {"required": False, "type": "str", + "choices": ["md5", + "password"]}, + "auth_password_l1": {"required": False, "type": "str"}, + "auth_password_l2": {"required": False, "type": "str"}, + "auth_send_only_l1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_send_only_l2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "circuit_type": {"required": False, "type": "str", + "choices": ["level-1-2", + "level-1", + "level-2"]}, + "csnp_interval_l1": {"required": False, "type": "int"}, + "csnp_interval_l2": {"required": False, "type": "int"}, + "hello_interval_l1": {"required": False, "type": "int"}, + "hello_interval_l2": {"required": False, "type": "int"}, + "hello_multiplier_l1": {"required": False, "type": "int"}, + "hello_multiplier_l2": {"required": False, "type": "int"}, + "hello_padding": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "lsp_interval": {"required": False, "type": "int"}, + "lsp_retransmit_interval": {"required": False, "type": "int"}, + "mesh_group": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mesh_group_id": {"required": False, "type": "int"}, + "metric_l1": {"required": False, "type": "int"}, + "metric_l2": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "network_type": {"required": False, "type": "str", + "choices": ["broadcast", + "point-to-point", + "loopback"]}, + "priority_l1": {"required": False, "type": "int"}, + "priority_l2": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wide_metric_l1": {"required": False, "type": "int"}, + "wide_metric_l2": {"required": False, "type": "int"} + }}, + "isis_net": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "net": {"required": False, "type": "str"} + }}, + "lsp_gen_interval_l1": {"required": False, "type": "int"}, + "lsp_gen_interval_l2": {"required": False, "type": "int"}, + "lsp_refresh_interval": {"required": False, "type": "int"}, + "max_lsp_lifetime": {"required": False, "type": "int"}, + "metric_style": {"required": False, "type": "str", + "choices": ["narrow", + "wide", + "transition", + "narrow-transition", + "narrow-transition-l1", + "narrow-transition-l2", + "wide-l1", + "wide-l2", + "wide-transition", + "wide-transition-l1", + "wide-transition-l2", + "transition-l1", + "transition-l2"]}, + "overload_bit": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "overload_bit_on_startup": {"required": False, "type": "int"}, + "overload_bit_suppress": {"required": False, "type": "str", + "choices": ["external", + "interlevel"]}, + "redistribute": {"required": False, "type": "list", + "options": { + "level": {"required": False, "type": "str", + "choices": ["level-1-2", + "level-1", + "level-2"]}, + "metric": {"required": False, "type": "int"}, + "metric_type": {"required": False, "type": "str", + "choices": ["external", + "internal"]}, + "protocol": {"required": True, "type": "str"}, + "routemap": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "redistribute_l1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "redistribute_l1_list": {"required": False, "type": "str"}, + "redistribute_l2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "redistribute_l2_list": {"required": False, "type": "str"}, + "redistribute6": {"required": False, "type": "list", + "options": { + "level": {"required": False, "type": "str", + "choices": ["level-1-2", + "level-1", + "level-2"]}, + "metric": {"required": False, "type": "int"}, + "metric_type": {"required": False, "type": "str", + "choices": ["external", + "internal"]}, + "protocol": {"required": True, "type": "str"}, + "routemap": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "redistribute6_l1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "redistribute6_l1_list": {"required": False, "type": "str"}, + "redistribute6_l2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "redistribute6_l2_list": {"required": False, "type": "str"}, + "spf_interval_exp_l1": {"required": False, "type": "str"}, + "spf_interval_exp_l2": {"required": False, "type": "str"}, + "summary_address": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "level": {"required": False, "type": "str", + "choices": ["level-1-2", + "level-1", + "level-2"]}, + "prefix": {"required": False, "type": "str"} + }}, + "summary_address6": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "level": {"required": False, "type": "str", + "choices": ["level-1-2", + "level-1", + "level-2"]}, + "prefix6": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_key_chain.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_key_chain.py new file mode 100644 index 00000000..e1a29181 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_key_chain.py @@ -0,0 +1,316 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_key_chain +short_description: Configure key-chain in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and key_chain category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + router_key_chain: + description: + - Configure key-chain. + default: null + type: dict + suboptions: + key: + description: + - Configuration method to edit key settings. + type: list + suboptions: + accept_lifetime: + description: + - 'Lifetime of received authentication key (format: hh:mm:ss day month year).' + type: str + id: + description: + - Key ID (0 - 2147483647). + required: true + type: int + key_string: + description: + - Password for the key (max. = 35 characters). + type: str + send_lifetime: + description: + - 'Lifetime of sent authentication key (format: hh:mm:ss day month year).' + type: str + name: + description: + - Key-chain name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure key-chain. + fortios_router_key_chain: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_key_chain: + key: + - + accept_lifetime: "" + id: "5" + key_string: "" + send_lifetime: "" + name: "default_name_8" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_key_chain_data(json): + option_list = ['key', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_key_chain(data, fos): + vdom = data['vdom'] + state = data['state'] + router_key_chain_data = data['router_key_chain'] + filtered_data = underscore_to_hyphen(filter_router_key_chain_data(router_key_chain_data)) + + if state == "present": + return fos.set('router', + 'key-chain', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'key-chain', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_key_chain']: + resp = router_key_chain(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_key_chain')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "router_key_chain": { + "required": False, "type": "dict", "default": None, + "options": { + "key": {"required": False, "type": "list", + "options": { + "accept_lifetime": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "key_string": {"required": False, "type": "str"}, + "send_lifetime": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast.py new file mode 100644 index 00000000..160e03da --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast.py @@ -0,0 +1,747 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_multicast +short_description: Configure router multicast in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and multicast category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_multicast: + description: + - Configure router multicast. + default: null + type: dict + suboptions: + interface: + description: + - PIM interfaces. + type: list + suboptions: + bfd: + description: + - Enable/disable Protocol Independent Multicast (PIM) Bidirectional Forwarding Detection (BFD). + type: str + choices: + - enable + - disable + cisco_exclude_genid: + description: + - Exclude GenID from hello packets (compatibility with old Cisco IOS). + type: str + choices: + - enable + - disable + dr_priority: + description: + - DR election priority. + type: int + hello_holdtime: + description: + - Time before old neighbor information expires (0 - 65535 sec). + type: int + hello_interval: + description: + - Interval between sending PIM hello messages (0 - 65535 sec). + type: int + igmp: + description: + - IGMP configuration options. + type: dict + suboptions: + access_group: + description: + - Groups IGMP hosts are allowed to join. Source router.access-list.name. + type: str + immediate_leave_group: + description: + - Groups to drop membership for immediately after receiving IGMPv2 leave. Source router.access-list.name. + type: str + last_member_query_count: + description: + - Number of group specific queries before removing group (2 - 7). + type: int + last_member_query_interval: + description: + - Timeout between IGMPv2 leave and removing group (1 - 65535 msec). + type: int + query_interval: + description: + - Interval between queries to IGMP hosts (1 - 65535 sec). + type: int + query_max_response_time: + description: + - Maximum time to wait for a IGMP query response (1 - 25 sec). + type: int + query_timeout: + description: + - Timeout between queries before becoming querier for network (60 - 900). + type: int + router_alert_check: + description: + - Enable/disable require IGMP packets contain router alert option. + type: str + choices: + - enable + - disable + version: + description: + - Maximum version of IGMP to support. + type: str + choices: + - 3 + - 2 + - 1 + join_group: + description: + - Join multicast groups. + type: list + suboptions: + address: + description: + - Multicast group IP address. + required: true + type: str + multicast_flow: + description: + - Acceptable source for multicast group. Source router.multicast-flow.name. + type: str + name: + description: + - Interface name. Source system.interface.name. + required: true + type: str + neighbour_filter: + description: + - Routers acknowledged as neighbor routers. Source router.access-list.name. + type: str + passive: + description: + - Enable/disable listening to IGMP but not participating in PIM. + type: str + choices: + - enable + - disable + pim_mode: + description: + - PIM operation mode. + type: str + choices: + - sparse-mode + - dense-mode + propagation_delay: + description: + - Delay flooding packets on this interface (100 - 5000 msec). + type: int + rp_candidate: + description: + - Enable/disable compete to become RP in elections. + type: str + choices: + - enable + - disable + rp_candidate_group: + description: + - Multicast groups managed by this RP. Source router.access-list.name. + type: str + rp_candidate_interval: + description: + - RP candidate advertisement interval (1 - 16383 sec). + type: int + rp_candidate_priority: + description: + - Router"s priority as RP. + type: int + state_refresh_interval: + description: + - Interval between sending state-refresh packets (1 - 100 sec). + type: int + static_group: + description: + - Statically set multicast groups to forward out. Source router.multicast-flow.name. + type: str + ttl_threshold: + description: + - Minimum TTL of multicast packets that will be forwarded (applied only to new multicast routes) (1 - 255). + type: int + multicast_routing: + description: + - Enable/disable IP multicast routing. + type: str + choices: + - enable + - disable + pim_sm_global: + description: + - PIM sparse-mode global settings. + type: dict + suboptions: + accept_register_list: + description: + - Sources allowed to register packets with this Rendezvous Point (RP). Source router.access-list.name. + type: str + accept_source_list: + description: + - Sources allowed to send multicast traffic. Source router.access-list.name. + type: str + bsr_allow_quick_refresh: + description: + - Enable/disable accept BSR quick refresh packets from neighbors. + type: str + choices: + - enable + - disable + bsr_candidate: + description: + - Enable/disable allowing this router to become a bootstrap router (BSR). + type: str + choices: + - enable + - disable + bsr_hash: + description: + - BSR hash length (0 - 32). + type: int + bsr_interface: + description: + - Interface to advertise as candidate BSR. Source system.interface.name. + type: str + bsr_priority: + description: + - BSR priority (0 - 255). + type: int + cisco_crp_prefix: + description: + - Enable/disable making candidate RP compatible with old Cisco IOS. + type: str + choices: + - enable + - disable + cisco_ignore_rp_set_priority: + description: + - Use only hash for RP selection (compatibility with old Cisco IOS). + type: str + choices: + - enable + - disable + cisco_register_checksum: + description: + - Checksum entire register packet(for old Cisco IOS compatibility). + type: str + choices: + - enable + - disable + cisco_register_checksum_group: + description: + - Cisco register checksum only these groups. Source router.access-list.name. + type: str + join_prune_holdtime: + description: + - Join/prune holdtime (1 - 65535). + type: int + message_interval: + description: + - Period of time between sending periodic PIM join/prune messages in seconds (1 - 65535). + type: int + null_register_retries: + description: + - Maximum retries of null register (1 - 20). + type: int + register_rate_limit: + description: + - Limit of packets/sec per source registered through this RP (0 - 65535). + type: int + register_rp_reachability: + description: + - Enable/disable check RP is reachable before registering packets. + type: str + choices: + - enable + - disable + register_source: + description: + - Override source address in register packets. + type: str + choices: + - disable + - interface + - ip-address + register_source_interface: + description: + - Override with primary interface address. Source system.interface.name. + type: str + register_source_ip: + description: + - Override with local IP address. + type: str + register_supression: + description: + - Period of time to honor register-stop message (1 - 65535 sec). + type: int + rp_address: + description: + - Statically configure RP addresses. + type: list + suboptions: + group: + description: + - Groups to use this RP. Source router.access-list.name. + type: str + id: + description: + - ID. + required: true + type: int + ip_address: + description: + - RP router address. + type: str + rp_register_keepalive: + description: + - Timeout for RP receiving data on (S,G) tree (1 - 65535 sec). + type: int + spt_threshold: + description: + - Enable/disable switching to source specific trees. + type: str + choices: + - enable + - disable + spt_threshold_group: + description: + - Groups allowed to switch to source tree. Source router.access-list.name. + type: str + ssm: + description: + - Enable/disable source specific multicast. + type: str + choices: + - enable + - disable + ssm_range: + description: + - Groups allowed to source specific multicast. Source router.access-list.name. + type: str + route_limit: + description: + - Maximum number of multicast routes. + type: int + route_threshold: + description: + - Generate warnings when the number of multicast routes exceeds this number, must not be greater than route-limit. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure router multicast. + fortios_router_multicast: + vdom: "{{ vdom }}" + router_multicast: + interface: + - + bfd: "enable" + cisco_exclude_genid: "enable" + dr_priority: "6" + hello_holdtime: "7" + hello_interval: "8" + igmp: + access_group: " (source router.access-list.name)" + immediate_leave_group: " (source router.access-list.name)" + last_member_query_count: "12" + last_member_query_interval: "13" + query_interval: "14" + query_max_response_time: "15" + query_timeout: "16" + router_alert_check: "enable" + version: "3" + join_group: + - + address: "" + multicast_flow: " (source router.multicast-flow.name)" + name: "default_name_22 (source system.interface.name)" + neighbour_filter: " (source router.access-list.name)" + passive: "enable" + pim_mode: "sparse-mode" + propagation_delay: "26" + rp_candidate: "enable" + rp_candidate_group: " (source router.access-list.name)" + rp_candidate_interval: "29" + rp_candidate_priority: "30" + state_refresh_interval: "31" + static_group: " (source router.multicast-flow.name)" + ttl_threshold: "33" + multicast_routing: "enable" + pim_sm_global: + accept_register_list: " (source router.access-list.name)" + accept_source_list: " (source router.access-list.name)" + bsr_allow_quick_refresh: "enable" + bsr_candidate: "enable" + bsr_hash: "40" + bsr_interface: " (source system.interface.name)" + bsr_priority: "42" + cisco_crp_prefix: "enable" + cisco_ignore_rp_set_priority: "enable" + cisco_register_checksum: "enable" + cisco_register_checksum_group: " (source router.access-list.name)" + join_prune_holdtime: "47" + message_interval: "48" + null_register_retries: "49" + register_rate_limit: "50" + register_rp_reachability: "enable" + register_source: "disable" + register_source_interface: " (source system.interface.name)" + register_source_ip: "" + register_supression: "55" + rp_address: + - + group: " (source router.access-list.name)" + id: "58" + ip_address: "" + rp_register_keepalive: "60" + spt_threshold: "enable" + spt_threshold_group: " (source router.access-list.name)" + ssm: "enable" + ssm_range: " (source router.access-list.name)" + route_limit: "65" + route_threshold: "66" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_multicast_data(json): + option_list = ['interface', 'multicast_routing', 'pim_sm_global', + 'route_limit', 'route_threshold'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_multicast(data, fos): + vdom = data['vdom'] + router_multicast_data = data['router_multicast'] + filtered_data = underscore_to_hyphen(filter_router_multicast_data(router_multicast_data)) + + return fos.set('router', + 'multicast', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_multicast']: + resp = router_multicast(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_multicast')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_multicast": { + "required": False, "type": "dict", "default": None, + "options": { + "interface": {"required": False, "type": "list", + "options": { + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cisco_exclude_genid": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dr_priority": {"required": False, "type": "int"}, + "hello_holdtime": {"required": False, "type": "int"}, + "hello_interval": {"required": False, "type": "int"}, + "igmp": {"required": False, "type": "dict", + "options": { + "access_group": {"required": False, "type": "str"}, + "immediate_leave_group": {"required": False, "type": "str"}, + "last_member_query_count": {"required": False, "type": "int"}, + "last_member_query_interval": {"required": False, "type": "int"}, + "query_interval": {"required": False, "type": "int"}, + "query_max_response_time": {"required": False, "type": "int"}, + "query_timeout": {"required": False, "type": "int"}, + "router_alert_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "version": {"required": False, "type": "str", + "choices": ["3", + "2", + "1"]} + }}, + "join_group": {"required": False, "type": "list", + "options": { + "address": {"required": True, "type": "str"} + }}, + "multicast_flow": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "neighbour_filter": {"required": False, "type": "str"}, + "passive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pim_mode": {"required": False, "type": "str", + "choices": ["sparse-mode", + "dense-mode"]}, + "propagation_delay": {"required": False, "type": "int"}, + "rp_candidate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rp_candidate_group": {"required": False, "type": "str"}, + "rp_candidate_interval": {"required": False, "type": "int"}, + "rp_candidate_priority": {"required": False, "type": "int"}, + "state_refresh_interval": {"required": False, "type": "int"}, + "static_group": {"required": False, "type": "str"}, + "ttl_threshold": {"required": False, "type": "int"} + }}, + "multicast_routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pim_sm_global": {"required": False, "type": "dict", + "options": { + "accept_register_list": {"required": False, "type": "str"}, + "accept_source_list": {"required": False, "type": "str"}, + "bsr_allow_quick_refresh": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bsr_candidate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bsr_hash": {"required": False, "type": "int"}, + "bsr_interface": {"required": False, "type": "str"}, + "bsr_priority": {"required": False, "type": "int"}, + "cisco_crp_prefix": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cisco_ignore_rp_set_priority": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cisco_register_checksum": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cisco_register_checksum_group": {"required": False, "type": "str"}, + "join_prune_holdtime": {"required": False, "type": "int"}, + "message_interval": {"required": False, "type": "int"}, + "null_register_retries": {"required": False, "type": "int"}, + "register_rate_limit": {"required": False, "type": "int"}, + "register_rp_reachability": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "register_source": {"required": False, "type": "str", + "choices": ["disable", + "interface", + "ip-address"]}, + "register_source_interface": {"required": False, "type": "str"}, + "register_source_ip": {"required": False, "type": "str"}, + "register_supression": {"required": False, "type": "int"}, + "rp_address": {"required": False, "type": "list", + "options": { + "group": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ip_address": {"required": False, "type": "str"} + }}, + "rp_register_keepalive": {"required": False, "type": "int"}, + "spt_threshold": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "spt_threshold_group": {"required": False, "type": "str"}, + "ssm": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssm_range": {"required": False, "type": "str"} + }}, + "route_limit": {"required": False, "type": "int"}, + "route_threshold": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast6.py new file mode 100644 index 00000000..eda34d0b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast6.py @@ -0,0 +1,342 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_multicast6 +short_description: Configure IPv6 multicast in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and multicast6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_multicast6: + description: + - Configure IPv6 multicast. + default: null + type: dict + suboptions: + interface: + description: + - Protocol Independent Multicast (PIM) interfaces. + type: list + suboptions: + hello_holdtime: + description: + - Time before old neighbour information expires (1 - 65535 sec). + type: int + hello_interval: + description: + - Interval between sending PIM hello messages (1 - 65535 sec).. + type: int + name: + description: + - Interface name. Source system.interface.name. + required: true + type: str + multicast_pmtu: + description: + - Enable/disable PMTU for IPv6 multicast. + type: str + choices: + - enable + - disable + multicast_routing: + description: + - Enable/disable IPv6 multicast routing. + type: str + choices: + - enable + - disable + pim_sm_global: + description: + - PIM sparse-mode global settings. + type: dict + suboptions: + register_rate_limit: + description: + - Limit of packets/sec per source registered through this RP (0 means unlimited). + type: int + rp_address: + description: + - Statically configured RP addresses. + type: list + suboptions: + id: + description: + - ID of the entry. + required: true + type: int + ip6_address: + description: + - RP router IPv6 address. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 multicast. + fortios_router_multicast6: + vdom: "{{ vdom }}" + router_multicast6: + interface: + - + hello_holdtime: "4" + hello_interval: "5" + name: "default_name_6 (source system.interface.name)" + multicast_pmtu: "enable" + multicast_routing: "enable" + pim_sm_global: + register_rate_limit: "10" + rp_address: + - + id: "12" + ip6_address: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_multicast6_data(json): + option_list = ['interface', 'multicast_pmtu', 'multicast_routing', + 'pim_sm_global'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_multicast6(data, fos): + vdom = data['vdom'] + router_multicast6_data = data['router_multicast6'] + filtered_data = underscore_to_hyphen(filter_router_multicast6_data(router_multicast6_data)) + + return fos.set('router', + 'multicast6', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_multicast6']: + resp = router_multicast6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_multicast6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_multicast6": { + "required": False, "type": "dict", "default": None, + "options": { + "interface": {"required": False, "type": "list", + "options": { + "hello_holdtime": {"required": False, "type": "int"}, + "hello_interval": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"} + }}, + "multicast_pmtu": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pim_sm_global": {"required": False, "type": "dict", + "options": { + "register_rate_limit": {"required": False, "type": "int"}, + "rp_address": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "ip6_address": {"required": False, "type": "str"} + }} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast_flow.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast_flow.py new file mode 100644 index 00000000..5b08293d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_multicast_flow.py @@ -0,0 +1,337 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_multicast_flow +short_description: Configure multicast-flow in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and multicast_flow category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + router_multicast_flow: + description: + - Configure multicast-flow. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comments: + description: + - Comment. + type: str + flows: + description: + - Multicast-flow entries. + type: list + suboptions: + group_addr: + description: + - Multicast group IP address. + type: str + id: + description: + - Flow ID. + required: true + type: int + source_addr: + description: + - Multicast source IP address. + type: str + name: + description: + - Name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure multicast-flow. + fortios_router_multicast_flow: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_multicast_flow: + comments: "" + flows: + - + group_addr: "" + id: "6" + source_addr: "" + name: "default_name_8" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_multicast_flow_data(json): + option_list = ['comments', 'flows', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_multicast_flow(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['router_multicast_flow'] and data['router_multicast_flow']['state']: + state = data['router_multicast_flow']['state'] + else: + state = True + router_multicast_flow_data = data['router_multicast_flow'] + filtered_data = underscore_to_hyphen(filter_router_multicast_flow_data(router_multicast_flow_data)) + + if state == "present": + return fos.set('router', + 'multicast-flow', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'multicast-flow', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_multicast_flow']: + resp = router_multicast_flow(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_multicast_flow')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "router_multicast_flow": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comments": {"required": False, "type": "str"}, + "flows": {"required": False, "type": "list", + "options": { + "group_addr": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "source_addr": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf.py new file mode 100644 index 00000000..ff400fb3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf.py @@ -0,0 +1,1129 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_ospf +short_description: Configure OSPF in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and ospf category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_ospf: + description: + - Configure OSPF. + default: null + type: dict + suboptions: + abr_type: + description: + - Area border router type. + type: str + choices: + - cisco + - ibm + - shortcut + - standard + area: + description: + - OSPF area configuration. + type: list + suboptions: + authentication: + description: + - Authentication type. + type: str + choices: + - none + - text + - md5 + default_cost: + description: + - Summary default cost of stub or NSSA area. + type: int + filter_list: + description: + - OSPF area filter-list configuration. + type: list + suboptions: + direction: + description: + - Direction. + type: str + choices: + - in + - out + id: + description: + - Filter list entry ID. + required: true + type: int + list: + description: + - Access-list or prefix-list name. Source router.access-list.name router.prefix-list.name. + type: str + id: + description: + - Area entry IP address. + required: true + type: str + nssa_default_information_originate: + description: + - Redistribute, advertise, or do not originate Type-7 default route into NSSA area. + type: str + choices: + - enable + - always + - disable + nssa_default_information_originate_metric: + description: + - OSPF default metric. + type: int + nssa_default_information_originate_metric_type: + description: + - OSPF metric type for default routes. + type: str + choices: + - 1 + - 2 + nssa_redistribution: + description: + - Enable/disable redistribute into NSSA area. + type: str + choices: + - enable + - disable + nssa_translator_role: + description: + - NSSA translator role type. + type: str + choices: + - candidate + - never + - always + range: + description: + - OSPF area range configuration. + type: list + suboptions: + advertise: + description: + - Enable/disable advertise status. + type: str + choices: + - disable + - enable + id: + description: + - Range entry ID. + required: true + type: int + prefix: + description: + - Prefix. + type: str + substitute: + description: + - Substitute prefix. + type: str + substitute_status: + description: + - Enable/disable substitute status. + type: str + choices: + - enable + - disable + shortcut: + description: + - Enable/disable shortcut option. + type: str + choices: + - disable + - enable + - default + stub_type: + description: + - Stub summary setting. + type: str + choices: + - no-summary + - summary + type: + description: + - Area type setting. + type: str + choices: + - regular + - nssa + - stub + virtual_link: + description: + - OSPF virtual link configuration. + type: list + suboptions: + authentication: + description: + - Authentication type. + type: str + choices: + - none + - text + - md5 + authentication_key: + description: + - Authentication key. + type: str + dead_interval: + description: + - Dead interval. + type: int + hello_interval: + description: + - Hello interval. + type: int + md5_key: + description: + - MD5 key. + type: str + name: + description: + - Virtual link entry name. + required: true + type: str + peer: + description: + - Peer IP. + type: str + retransmit_interval: + description: + - Retransmit interval. + type: int + transmit_delay: + description: + - Transmit delay. + type: int + auto_cost_ref_bandwidth: + description: + - Reference bandwidth in terms of megabits per second. + type: int + bfd: + description: + - Bidirectional Forwarding Detection (BFD). + type: str + choices: + - enable + - disable + database_overflow: + description: + - Enable/disable database overflow. + type: str + choices: + - enable + - disable + database_overflow_max_lsas: + description: + - Database overflow maximum LSAs. + type: int + database_overflow_time_to_recover: + description: + - Database overflow time to recover (sec). + type: int + default_information_metric: + description: + - Default information metric. + type: int + default_information_metric_type: + description: + - Default information metric type. + type: str + choices: + - 1 + - 2 + default_information_originate: + description: + - Enable/disable generation of default route. + type: str + choices: + - enable + - always + - disable + default_information_route_map: + description: + - Default information route map. Source router.route-map.name. + type: str + default_metric: + description: + - Default metric of redistribute routes. + type: int + distance: + description: + - Distance of the route. + type: int + distance_external: + description: + - Administrative external distance. + type: int + distance_inter_area: + description: + - Administrative inter-area distance. + type: int + distance_intra_area: + description: + - Administrative intra-area distance. + type: int + distribute_list: + description: + - Distribute list configuration. + type: list + suboptions: + access_list: + description: + - Access list name. Source router.access-list.name. + type: str + id: + description: + - Distribute list entry ID. + required: true + type: int + protocol: + description: + - Protocol type. + type: str + choices: + - connected + - static + - rip + distribute_list_in: + description: + - Filter incoming routes. Source router.access-list.name router.prefix-list.name. + type: str + distribute_route_map_in: + description: + - Filter incoming external routes by route-map. Source router.route-map.name. + type: str + log_neighbour_changes: + description: + - Enable logging of OSPF neighbour"s changes + type: str + choices: + - enable + - disable + neighbor: + description: + - OSPF neighbor configuration are used when OSPF runs on non-broadcast media + type: list + suboptions: + cost: + description: + - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. + type: int + id: + description: + - Neighbor entry ID. + required: true + type: int + ip: + description: + - Interface IP address of the neighbor. + type: str + poll_interval: + description: + - Poll interval time in seconds. + type: int + priority: + description: + - Priority. + type: int + network: + description: + - OSPF network configuration. + type: list + suboptions: + area: + description: + - Attach the network to area. + type: str + id: + description: + - Network entry ID. + required: true + type: int + prefix: + description: + - Prefix. + type: str + ospf_interface: + description: + - OSPF interface configuration. + type: list + suboptions: + authentication: + description: + - Authentication type. + type: str + choices: + - none + - text + - md5 + authentication_key: + description: + - Authentication key. + type: str + bfd: + description: + - Bidirectional Forwarding Detection (BFD). + type: str + choices: + - global + - enable + - disable + cost: + description: + - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. + type: int + database_filter_out: + description: + - Enable/disable control of flooding out LSAs. + type: str + choices: + - enable + - disable + dead_interval: + description: + - Dead interval. + type: int + hello_interval: + description: + - Hello interval. + type: int + hello_multiplier: + description: + - Number of hello packets within dead interval. + type: int + interface: + description: + - Configuration interface name. Source system.interface.name. + type: str + ip: + description: + - IP address. + type: str + md5_key: + description: + - MD5 key. + type: str + mtu: + description: + - MTU for database description packets. + type: int + mtu_ignore: + description: + - Enable/disable ignore MTU. + type: str + choices: + - enable + - disable + name: + description: + - Interface entry name. + required: true + type: str + network_type: + description: + - Network type. + type: str + choices: + - broadcast + - non-broadcast + - point-to-point + - point-to-multipoint + - point-to-multipoint-non-broadcast + prefix_length: + description: + - Prefix length. + type: int + priority: + description: + - Priority. + type: int + resync_timeout: + description: + - Graceful restart neighbor resynchronization timeout. + type: int + retransmit_interval: + description: + - Retransmit interval. + type: int + status: + description: + - Enable/disable status. + type: str + choices: + - disable + - enable + transmit_delay: + description: + - Transmit delay. + type: int + passive_interface: + description: + - Passive interface configuration. + type: list + suboptions: + name: + description: + - Passive interface name. Source system.interface.name. + required: true + type: str + redistribute: + description: + - Redistribute configuration. + type: list + suboptions: + metric: + description: + - Redistribute metric setting. + type: int + metric_type: + description: + - Metric type. + type: str + choices: + - 1 + - 2 + name: + description: + - Redistribute name. + required: true + type: str + routemap: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - status + type: str + choices: + - enable + - disable + tag: + description: + - Tag value. + type: int + restart_mode: + description: + - OSPF restart mode (graceful or LLS). + type: str + choices: + - none + - lls + - graceful-restart + restart_period: + description: + - Graceful restart period. + type: int + rfc1583_compatible: + description: + - Enable/disable RFC1583 compatibility. + type: str + choices: + - enable + - disable + router_id: + description: + - Router ID. + type: str + spf_timers: + description: + - SPF calculation frequency. + type: str + summary_address: + description: + - IP address summary configuration. + type: list + suboptions: + advertise: + description: + - Enable/disable advertise status. + type: str + choices: + - disable + - enable + id: + description: + - Summary address entry ID. + required: true + type: int + prefix: + description: + - Prefix. + type: str + tag: + description: + - Tag value. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure OSPF. + fortios_router_ospf: + vdom: "{{ vdom }}" + router_ospf: + abr_type: "cisco" + area: + - + authentication: "none" + default_cost: "6" + filter_list: + - + direction: "in" + id: "9" + list: " (source router.access-list.name router.prefix-list.name)" + id: "11" + nssa_default_information_originate: "enable" + nssa_default_information_originate_metric: "13" + nssa_default_information_originate_metric_type: "1" + nssa_redistribution: "enable" + nssa_translator_role: "candidate" + range: + - + advertise: "disable" + id: "19" + prefix: "" + substitute: "" + substitute_status: "enable" + shortcut: "disable" + stub_type: "no-summary" + type: "regular" + virtual_link: + - + authentication: "none" + authentication_key: "" + dead_interval: "29" + hello_interval: "30" + md5_key: "" + name: "default_name_32" + peer: "" + retransmit_interval: "34" + transmit_delay: "35" + auto_cost_ref_bandwidth: "36" + bfd: "enable" + database_overflow: "enable" + database_overflow_max_lsas: "39" + database_overflow_time_to_recover: "40" + default_information_metric: "41" + default_information_metric_type: "1" + default_information_originate: "enable" + default_information_route_map: " (source router.route-map.name)" + default_metric: "45" + distance: "46" + distance_external: "47" + distance_inter_area: "48" + distance_intra_area: "49" + distribute_list: + - + access_list: " (source router.access-list.name)" + id: "52" + protocol: "connected" + distribute_list_in: " (source router.access-list.name router.prefix-list.name)" + distribute_route_map_in: " (source router.route-map.name)" + log_neighbour_changes: "enable" + neighbor: + - + cost: "58" + id: "59" + ip: "" + poll_interval: "61" + priority: "62" + network: + - + area: "" + id: "65" + prefix: "" + ospf_interface: + - + authentication: "none" + authentication_key: "" + bfd: "global" + cost: "71" + database_filter_out: "enable" + dead_interval: "73" + hello_interval: "74" + hello_multiplier: "75" + interface: " (source system.interface.name)" + ip: "" + md5_key: "" + mtu: "79" + mtu_ignore: "enable" + name: "default_name_81" + network_type: "broadcast" + prefix_length: "83" + priority: "84" + resync_timeout: "85" + retransmit_interval: "86" + status: "disable" + transmit_delay: "88" + passive_interface: + - + name: "default_name_90 (source system.interface.name)" + redistribute: + - + metric: "92" + metric_type: "1" + name: "default_name_94" + routemap: " (source router.route-map.name)" + status: "enable" + tag: "97" + restart_mode: "none" + restart_period: "99" + rfc1583_compatible: "enable" + router_id: "" + spf_timers: "" + summary_address: + - + advertise: "disable" + id: "105" + prefix: "" + tag: "107" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_ospf_data(json): + option_list = ['abr_type', 'area', 'auto_cost_ref_bandwidth', + 'bfd', 'database_overflow', 'database_overflow_max_lsas', + 'database_overflow_time_to_recover', 'default_information_metric', 'default_information_metric_type', + 'default_information_originate', 'default_information_route_map', 'default_metric', + 'distance', 'distance_external', 'distance_inter_area', + 'distance_intra_area', 'distribute_list', 'distribute_list_in', + 'distribute_route_map_in', 'log_neighbour_changes', 'neighbor', + 'network', 'ospf_interface', 'passive_interface', + 'redistribute', 'restart_mode', 'restart_period', + 'rfc1583_compatible', 'router_id', 'spf_timers', + 'summary_address'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_ospf(data, fos): + vdom = data['vdom'] + router_ospf_data = data['router_ospf'] + filtered_data = underscore_to_hyphen(filter_router_ospf_data(router_ospf_data)) + + return fos.set('router', + 'ospf', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_ospf']: + resp = router_ospf(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_ospf')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_ospf": { + "required": False, "type": "dict", "default": None, + "options": { + "abr_type": {"required": False, "type": "str", + "choices": ["cisco", + "ibm", + "shortcut", + "standard"]}, + "area": {"required": False, "type": "list", + "options": { + "authentication": {"required": False, "type": "str", + "choices": ["none", + "text", + "md5"]}, + "default_cost": {"required": False, "type": "int"}, + "filter_list": {"required": False, "type": "list", + "options": { + "direction": {"required": False, "type": "str", + "choices": ["in", + "out"]}, + "id": {"required": True, "type": "int"}, + "list": {"required": False, "type": "str"} + }}, + "id": {"required": True, "type": "str"}, + "nssa_default_information_originate": {"required": False, "type": "str", + "choices": ["enable", + "always", + "disable"]}, + "nssa_default_information_originate_metric": {"required": False, "type": "int"}, + "nssa_default_information_originate_metric_type": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "nssa_redistribution": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "nssa_translator_role": {"required": False, "type": "str", + "choices": ["candidate", + "never", + "always"]}, + "range": {"required": False, "type": "list", + "options": { + "advertise": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"}, + "substitute": {"required": False, "type": "str"}, + "substitute_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "shortcut": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "default"]}, + "stub_type": {"required": False, "type": "str", + "choices": ["no-summary", + "summary"]}, + "type": {"required": False, "type": "str", + "choices": ["regular", + "nssa", + "stub"]}, + "virtual_link": {"required": False, "type": "list", + "options": { + "authentication": {"required": False, "type": "str", + "choices": ["none", + "text", + "md5"]}, + "authentication_key": {"required": False, "type": "str"}, + "dead_interval": {"required": False, "type": "int"}, + "hello_interval": {"required": False, "type": "int"}, + "md5_key": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "peer": {"required": False, "type": "str"}, + "retransmit_interval": {"required": False, "type": "int"}, + "transmit_delay": {"required": False, "type": "int"} + }} + }}, + "auto_cost_ref_bandwidth": {"required": False, "type": "int"}, + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "database_overflow": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "database_overflow_max_lsas": {"required": False, "type": "int"}, + "database_overflow_time_to_recover": {"required": False, "type": "int"}, + "default_information_metric": {"required": False, "type": "int"}, + "default_information_metric_type": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "default_information_originate": {"required": False, "type": "str", + "choices": ["enable", + "always", + "disable"]}, + "default_information_route_map": {"required": False, "type": "str"}, + "default_metric": {"required": False, "type": "int"}, + "distance": {"required": False, "type": "int"}, + "distance_external": {"required": False, "type": "int"}, + "distance_inter_area": {"required": False, "type": "int"}, + "distance_intra_area": {"required": False, "type": "int"}, + "distribute_list": {"required": False, "type": "list", + "options": { + "access_list": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "protocol": {"required": False, "type": "str", + "choices": ["connected", + "static", + "rip"]} + }}, + "distribute_list_in": {"required": False, "type": "str"}, + "distribute_route_map_in": {"required": False, "type": "str"}, + "log_neighbour_changes": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "neighbor": {"required": False, "type": "list", + "options": { + "cost": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "poll_interval": {"required": False, "type": "int"}, + "priority": {"required": False, "type": "int"} + }}, + "network": {"required": False, "type": "list", + "options": { + "area": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"} + }}, + "ospf_interface": {"required": False, "type": "list", + "options": { + "authentication": {"required": False, "type": "str", + "choices": ["none", + "text", + "md5"]}, + "authentication_key": {"required": False, "type": "str"}, + "bfd": {"required": False, "type": "str", + "choices": ["global", + "enable", + "disable"]}, + "cost": {"required": False, "type": "int"}, + "database_filter_out": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dead_interval": {"required": False, "type": "int"}, + "hello_interval": {"required": False, "type": "int"}, + "hello_multiplier": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip": {"required": False, "type": "str"}, + "md5_key": {"required": False, "type": "str"}, + "mtu": {"required": False, "type": "int"}, + "mtu_ignore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "network_type": {"required": False, "type": "str", + "choices": ["broadcast", + "non-broadcast", + "point-to-point", + "point-to-multipoint", + "point-to-multipoint-non-broadcast"]}, + "prefix_length": {"required": False, "type": "int"}, + "priority": {"required": False, "type": "int"}, + "resync_timeout": {"required": False, "type": "int"}, + "retransmit_interval": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "transmit_delay": {"required": False, "type": "int"} + }}, + "passive_interface": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "redistribute": {"required": False, "type": "list", + "options": { + "metric": {"required": False, "type": "int"}, + "metric_type": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "name": {"required": True, "type": "str"}, + "routemap": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tag": {"required": False, "type": "int"} + }}, + "restart_mode": {"required": False, "type": "str", + "choices": ["none", + "lls", + "graceful-restart"]}, + "restart_period": {"required": False, "type": "int"}, + "rfc1583_compatible": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "router_id": {"required": False, "type": "str"}, + "spf_timers": {"required": False, "type": "str"}, + "summary_address": {"required": False, "type": "list", + "options": { + "advertise": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"}, + "tag": {"required": False, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf6.py new file mode 100644 index 00000000..d19c6492 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ospf6.py @@ -0,0 +1,781 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_ospf6 +short_description: Configure IPv6 OSPF in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and ospf6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_ospf6: + description: + - Configure IPv6 OSPF. + default: null + type: dict + suboptions: + abr_type: + description: + - Area border router type. + type: str + choices: + - cisco + - ibm + - standard + area: + description: + - OSPF6 area configuration. + type: list + suboptions: + default_cost: + description: + - Summary default cost of stub or NSSA area. + type: int + id: + description: + - Area entry IP address. + required: true + type: str + nssa_default_information_originate: + description: + - Enable/disable originate type 7 default into NSSA area. + type: str + choices: + - enable + - disable + nssa_default_information_originate_metric: + description: + - OSPFv3 default metric. + type: int + nssa_default_information_originate_metric_type: + description: + - OSPFv3 metric type for default routes. + type: str + choices: + - 1 + - 2 + nssa_redistribution: + description: + - Enable/disable redistribute into NSSA area. + type: str + choices: + - enable + - disable + nssa_translator_role: + description: + - NSSA translator role type. + type: str + choices: + - candidate + - never + - always + range: + description: + - OSPF6 area range configuration. + type: list + suboptions: + advertise: + description: + - Enable/disable advertise status. + type: str + choices: + - disable + - enable + id: + description: + - Range entry ID. + required: true + type: int + prefix6: + description: + - IPv6 prefix. + type: str + stub_type: + description: + - Stub summary setting. + type: str + choices: + - no-summary + - summary + type: + description: + - Area type setting. + type: str + choices: + - regular + - nssa + - stub + virtual_link: + description: + - OSPF6 virtual link configuration. + type: list + suboptions: + dead_interval: + description: + - Dead interval. + type: int + hello_interval: + description: + - Hello interval. + type: int + name: + description: + - Virtual link entry name. + required: true + type: str + peer: + description: + - A.B.C.D, peer router ID. + type: str + retransmit_interval: + description: + - Retransmit interval. + type: int + transmit_delay: + description: + - Transmit delay. + type: int + auto_cost_ref_bandwidth: + description: + - Reference bandwidth in terms of megabits per second. + type: int + bfd: + description: + - Enable/disable Bidirectional Forwarding Detection (BFD). + type: str + choices: + - enable + - disable + default_information_metric: + description: + - Default information metric. + type: int + default_information_metric_type: + description: + - Default information metric type. + type: str + choices: + - 1 + - 2 + default_information_originate: + description: + - Enable/disable generation of default route. + type: str + choices: + - enable + - always + - disable + default_information_route_map: + description: + - Default information route map. Source router.route-map.name. + type: str + default_metric: + description: + - Default metric of redistribute routes. + type: int + log_neighbour_changes: + description: + - Enable logging of OSPFv3 neighbour"s changes + type: str + choices: + - enable + - disable + ospf6_interface: + description: + - OSPF6 interface configuration. + type: list + suboptions: + area_id: + description: + - A.B.C.D, in IPv4 address format. + type: str + bfd: + description: + - Enable/disable Bidirectional Forwarding Detection (BFD). + type: str + choices: + - global + - enable + - disable + cost: + description: + - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. + type: int + dead_interval: + description: + - Dead interval. + type: int + hello_interval: + description: + - Hello interval. + type: int + interface: + description: + - Configuration interface name. Source system.interface.name. + type: str + name: + description: + - Interface entry name. + required: true + type: str + neighbor: + description: + - OSPFv3 neighbors are used when OSPFv3 runs on non-broadcast media + type: list + suboptions: + cost: + description: + - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. + type: int + ip6: + description: + - IPv6 link local address of the neighbor. + required: true + type: str + poll_interval: + description: + - Poll interval time in seconds. + type: int + priority: + description: + - priority + type: int + network_type: + description: + - Network type. + type: str + choices: + - broadcast + - point-to-point + - non-broadcast + - point-to-multipoint + - point-to-multipoint-non-broadcast + priority: + description: + - priority + type: int + retransmit_interval: + description: + - Retransmit interval. + type: int + status: + description: + - Enable/disable OSPF6 routing on this interface. + type: str + choices: + - disable + - enable + transmit_delay: + description: + - Transmit delay. + type: int + passive_interface: + description: + - Passive interface configuration. + type: list + suboptions: + name: + description: + - Passive interface name. Source system.interface.name. + required: true + type: str + redistribute: + description: + - Redistribute configuration. + type: list + suboptions: + metric: + description: + - Redistribute metric setting. + type: int + metric_type: + description: + - Metric type. + type: str + choices: + - 1 + - 2 + name: + description: + - Redistribute name. + required: true + type: str + routemap: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - status + type: str + choices: + - enable + - disable + router_id: + description: + - A.B.C.D, in IPv4 address format. + type: str + spf_timers: + description: + - SPF calculation frequency. + type: str + summary_address: + description: + - IPv6 address summary configuration. + type: list + suboptions: + advertise: + description: + - Enable/disable advertise status. + type: str + choices: + - disable + - enable + id: + description: + - Summary address entry ID. + required: true + type: int + prefix6: + description: + - IPv6 prefix. + type: str + tag: + description: + - Tag value. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 OSPF. + fortios_router_ospf6: + vdom: "{{ vdom }}" + router_ospf6: + abr_type: "cisco" + area: + - + default_cost: "5" + id: "6" + nssa_default_information_originate: "enable" + nssa_default_information_originate_metric: "8" + nssa_default_information_originate_metric_type: "1" + nssa_redistribution: "enable" + nssa_translator_role: "candidate" + range: + - + advertise: "disable" + id: "14" + prefix6: "" + stub_type: "no-summary" + type: "regular" + virtual_link: + - + dead_interval: "19" + hello_interval: "20" + name: "default_name_21" + peer: "" + retransmit_interval: "23" + transmit_delay: "24" + auto_cost_ref_bandwidth: "25" + bfd: "enable" + default_information_metric: "27" + default_information_metric_type: "1" + default_information_originate: "enable" + default_information_route_map: " (source router.route-map.name)" + default_metric: "31" + log_neighbour_changes: "enable" + ospf6_interface: + - + area_id: "" + bfd: "global" + cost: "36" + dead_interval: "37" + hello_interval: "38" + interface: " (source system.interface.name)" + name: "default_name_40" + neighbor: + - + cost: "42" + ip6: "" + poll_interval: "44" + priority: "45" + network_type: "broadcast" + priority: "47" + retransmit_interval: "48" + status: "disable" + transmit_delay: "50" + passive_interface: + - + name: "default_name_52 (source system.interface.name)" + redistribute: + - + metric: "54" + metric_type: "1" + name: "default_name_56" + routemap: " (source router.route-map.name)" + status: "enable" + router_id: "" + spf_timers: "" + summary_address: + - + advertise: "disable" + id: "63" + prefix6: "" + tag: "65" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_ospf6_data(json): + option_list = ['abr_type', 'area', 'auto_cost_ref_bandwidth', + 'bfd', 'default_information_metric', 'default_information_metric_type', + 'default_information_originate', 'default_information_route_map', 'default_metric', + 'log_neighbour_changes', 'ospf6_interface', 'passive_interface', + 'redistribute', 'router_id', 'spf_timers', + 'summary_address'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_ospf6(data, fos): + vdom = data['vdom'] + router_ospf6_data = data['router_ospf6'] + filtered_data = underscore_to_hyphen(filter_router_ospf6_data(router_ospf6_data)) + + return fos.set('router', + 'ospf6', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_ospf6']: + resp = router_ospf6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_ospf6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_ospf6": { + "required": False, "type": "dict", "default": None, + "options": { + "abr_type": {"required": False, "type": "str", + "choices": ["cisco", + "ibm", + "standard"]}, + "area": {"required": False, "type": "list", + "options": { + "default_cost": {"required": False, "type": "int"}, + "id": {"required": True, "type": "str"}, + "nssa_default_information_originate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "nssa_default_information_originate_metric": {"required": False, "type": "int"}, + "nssa_default_information_originate_metric_type": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "nssa_redistribution": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "nssa_translator_role": {"required": False, "type": "str", + "choices": ["candidate", + "never", + "always"]}, + "range": {"required": False, "type": "list", + "options": { + "advertise": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "id": {"required": True, "type": "int"}, + "prefix6": {"required": False, "type": "str"} + }}, + "stub_type": {"required": False, "type": "str", + "choices": ["no-summary", + "summary"]}, + "type": {"required": False, "type": "str", + "choices": ["regular", + "nssa", + "stub"]}, + "virtual_link": {"required": False, "type": "list", + "options": { + "dead_interval": {"required": False, "type": "int"}, + "hello_interval": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "peer": {"required": False, "type": "str"}, + "retransmit_interval": {"required": False, "type": "int"}, + "transmit_delay": {"required": False, "type": "int"} + }} + }}, + "auto_cost_ref_bandwidth": {"required": False, "type": "int"}, + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_information_metric": {"required": False, "type": "int"}, + "default_information_metric_type": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "default_information_originate": {"required": False, "type": "str", + "choices": ["enable", + "always", + "disable"]}, + "default_information_route_map": {"required": False, "type": "str"}, + "default_metric": {"required": False, "type": "int"}, + "log_neighbour_changes": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ospf6_interface": {"required": False, "type": "list", + "options": { + "area_id": {"required": False, "type": "str"}, + "bfd": {"required": False, "type": "str", + "choices": ["global", + "enable", + "disable"]}, + "cost": {"required": False, "type": "int"}, + "dead_interval": {"required": False, "type": "int"}, + "hello_interval": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "neighbor": {"required": False, "type": "list", + "options": { + "cost": {"required": False, "type": "int"}, + "ip6": {"required": True, "type": "str"}, + "poll_interval": {"required": False, "type": "int"}, + "priority": {"required": False, "type": "int"} + }}, + "network_type": {"required": False, "type": "str", + "choices": ["broadcast", + "point-to-point", + "non-broadcast", + "point-to-multipoint", + "point-to-multipoint-non-broadcast"]}, + "priority": {"required": False, "type": "int"}, + "retransmit_interval": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "transmit_delay": {"required": False, "type": "int"} + }}, + "passive_interface": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "redistribute": {"required": False, "type": "list", + "options": { + "metric": {"required": False, "type": "int"}, + "metric_type": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "name": {"required": True, "type": "str"}, + "routemap": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "router_id": {"required": False, "type": "str"}, + "spf_timers": {"required": False, "type": "str"}, + "summary_address": {"required": False, "type": "list", + "options": { + "advertise": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "id": {"required": True, "type": "int"}, + "prefix6": {"required": False, "type": "str"}, + "tag": {"required": False, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py new file mode 100644 index 00000000..c0b537a8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py @@ -0,0 +1,496 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_policy +short_description: Configure IPv4 routing policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + router_policy: + description: + - Configure IPv4 routing policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + action: + description: + - Action of the policy route. + type: str + choices: + - deny + - permit + comments: + description: + - Optional comments. + type: str + dst: + description: + - Destination IP and mask (x.x.x.x/x). + type: list + suboptions: + subnet: + description: + - IP and mask. + required: true + type: str + dst_negate: + description: + - Enable/disable negating destination address match. + type: str + choices: + - enable + - disable + dstaddr: + description: + - Destination address name. + type: list + suboptions: + name: + description: + - Address/group name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + end_port: + description: + - End destination port number (0 - 65535). + type: int + end_source_port: + description: + - End source port number (0 - 65535). + type: int + gateway: + description: + - IP address of the gateway. + type: str + input_device: + description: + - Incoming interface name. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name. + required: true + type: str + output_device: + description: + - Outgoing interface name. Source system.interface.name. + type: str + protocol: + description: + - Protocol number (0 - 255). + type: int + seq_num: + description: + - Sequence number. + type: int + src: + description: + - Source IP and mask (x.x.x.x/x). + type: list + suboptions: + subnet: + description: + - IP and mask. + required: true + type: str + src_negate: + description: + - Enable/disable negating source address match. + type: str + choices: + - enable + - disable + srcaddr: + description: + - Source address name. + type: list + suboptions: + name: + description: + - Address/group name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + start_port: + description: + - Start destination port number (0 - 65535). + type: int + start_source_port: + description: + - Start source port number (0 - 65535). + type: int + status: + description: + - Enable/disable this policy route. + type: str + choices: + - enable + - disable + tos: + description: + - Type of service bit pattern. + type: str + tos_mask: + description: + - Type of service evaluated bits. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 routing policies. + fortios_router_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_policy: + action: "deny" + comments: "" + dst: + - + subnet: "" + dst_negate: "enable" + dstaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + end_port: "10" + end_source_port: "11" + gateway: "" + input_device: + - + name: "default_name_14 (source system.interface.name)" + output_device: " (source system.interface.name)" + protocol: "16" + seq_num: "17" + src: + - + subnet: "" + src_negate: "enable" + srcaddr: + - + name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" + start_port: "23" + start_source_port: "24" + status: "enable" + tos: "" + tos_mask: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_policy_data(json): + option_list = ['action', 'comments', 'dst', + 'dst_negate', 'dstaddr', 'end_port', + 'end_source_port', 'gateway', 'input_device', + 'output_device', 'protocol', 'seq_num', + 'src', 'src_negate', 'srcaddr', + 'start_port', 'start_source_port', 'status', + 'tos', 'tos_mask'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_policy(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['router_policy'] and data['router_policy']['state']: + state = data['router_policy']['state'] + else: + state = True + router_policy_data = data['router_policy'] + filtered_data = underscore_to_hyphen(filter_router_policy_data(router_policy_data)) + + if state == "present": + return fos.set('router', + 'policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'policy', + mkey=filtered_data['seq-num'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_policy']: + resp = router_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'seq-num' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "router_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "action": {"required": False, "type": "str", + "choices": ["deny", + "permit"]}, + "comments": {"required": False, "type": "str"}, + "dst": {"required": False, "type": "list", + "options": { + "subnet": {"required": True, "type": "str"} + }}, + "dst_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "end_port": {"required": False, "type": "int"}, + "end_source_port": {"required": False, "type": "int"}, + "gateway": {"required": False, "type": "str"}, + "input_device": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "output_device": {"required": False, "type": "str"}, + "protocol": {"required": False, "type": "int"}, + "seq_num": {"required": False, "type": "int"}, + "src": {"required": False, "type": "list", + "options": { + "subnet": {"required": True, "type": "str"} + }}, + "src_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "start_port": {"required": False, "type": "int"}, + "start_source_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tos": {"required": False, "type": "str"}, + "tos_mask": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy6.py new file mode 100644 index 00000000..6285688f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy6.py @@ -0,0 +1,382 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_policy6 +short_description: Configure IPv6 routing policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and policy6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + router_policy6: + description: + - Configure IPv6 routing policies. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comments: + description: + - Optional comments. + type: str + dst: + description: + - Destination IPv6 prefix. + type: str + end_port: + description: + - End destination port number (1 - 65535). + type: int + gateway: + description: + - IPv6 address of the gateway. + type: str + input_device: + description: + - Incoming interface name. Source system.interface.name. + type: str + output_device: + description: + - Outgoing interface name. Source system.interface.name. + type: str + protocol: + description: + - Protocol number (0 - 255). + type: int + seq_num: + description: + - Sequence number. + type: int + src: + description: + - Source IPv6 prefix. + type: str + start_port: + description: + - Start destination port number (1 - 65535). + type: int + status: + description: + - Enable/disable this policy route. + type: str + choices: + - enable + - disable + tos: + description: + - Type of service bit pattern. + type: str + tos_mask: + description: + - Type of service evaluated bits. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 routing policies. + fortios_router_policy6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_policy6: + comments: "" + dst: "" + end_port: "5" + gateway: "" + input_device: " (source system.interface.name)" + output_device: " (source system.interface.name)" + protocol: "9" + seq_num: "10" + src: "" + start_port: "12" + status: "enable" + tos: "" + tos_mask: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_policy6_data(json): + option_list = ['comments', 'dst', 'end_port', + 'gateway', 'input_device', 'output_device', + 'protocol', 'seq_num', 'src', + 'start_port', 'status', 'tos', + 'tos_mask'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_policy6(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['router_policy6'] and data['router_policy6']['state']: + state = data['router_policy6']['state'] + else: + state = True + router_policy6_data = data['router_policy6'] + filtered_data = underscore_to_hyphen(filter_router_policy6_data(router_policy6_data)) + + if state == "present": + return fos.set('router', + 'policy6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'policy6', + mkey=filtered_data['seq-num'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_policy6']: + resp = router_policy6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_policy6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'seq-num' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "router_policy6": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comments": {"required": False, "type": "str"}, + "dst": {"required": False, "type": "str"}, + "end_port": {"required": False, "type": "int"}, + "gateway": {"required": False, "type": "str"}, + "input_device": {"required": False, "type": "str"}, + "output_device": {"required": False, "type": "str"}, + "protocol": {"required": False, "type": "int"}, + "seq_num": {"required": False, "type": "int"}, + "src": {"required": False, "type": "str"}, + "start_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tos": {"required": False, "type": "str"}, + "tos_mask": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list.py new file mode 100644 index 00000000..f7d64547 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list.py @@ -0,0 +1,360 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_prefix_list +short_description: Configure IPv4 prefix lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and prefix_list category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + router_prefix_list: + description: + - Configure IPv4 prefix lists. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comments: + description: + - Comment. + type: str + name: + description: + - Name. + required: true + type: str + rule: + description: + - IPv4 prefix list rule. + type: list + suboptions: + action: + description: + - Permit or deny this IP address and netmask prefix. + type: str + choices: + - permit + - deny + flags: + description: + - Flags. + type: int + ge: + description: + - Minimum prefix length to be matched (0 - 32). + type: int + id: + description: + - Rule ID. + required: true + type: int + le: + description: + - Maximum prefix length to be matched (0 - 32). + type: int + prefix: + description: + - IPv4 prefix to define regular filter criteria, such as "any" or subnets. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 prefix lists. + fortios_router_prefix_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_prefix_list: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + flags: "7" + ge: "8" + id: "9" + le: "10" + prefix: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_prefix_list_data(json): + option_list = ['comments', 'name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_prefix_list(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['router_prefix_list'] and data['router_prefix_list']['state']: + state = data['router_prefix_list']['state'] + else: + state = True + router_prefix_list_data = data['router_prefix_list'] + filtered_data = underscore_to_hyphen(filter_router_prefix_list_data(router_prefix_list_data)) + + if state == "present": + return fos.set('router', + 'prefix-list', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'prefix-list', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_prefix_list']: + resp = router_prefix_list(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_prefix_list')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "router_prefix_list": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comments": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["permit", + "deny"]}, + "flags": {"required": False, "type": "int"}, + "ge": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "le": {"required": False, "type": "int"}, + "prefix": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list6.py new file mode 100644 index 00000000..59b3b1d3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list6.py @@ -0,0 +1,339 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_prefix_list6 +short_description: Configure IPv6 prefix lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and prefix_list6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + router_prefix_list6: + description: + - Configure IPv6 prefix lists. + default: null + type: dict + suboptions: + comments: + description: + - Comment. + type: str + name: + description: + - Name. + required: true + type: str + rule: + description: + - IPv6 prefix list rule. + type: list + suboptions: + action: + description: + - Permit or deny packets that match this rule. + type: str + choices: + - permit + - deny + flags: + description: + - Flags. + type: int + ge: + description: + - Minimum prefix length to be matched (0 - 128). + type: int + id: + description: + - Rule ID. + required: true + type: int + le: + description: + - Maximum prefix length to be matched (0 - 128). + type: int + prefix6: + description: + - IPv6 prefix to define regular filter criteria, such as "any" or subnets. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 prefix lists. + fortios_router_prefix_list6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_prefix_list6: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + flags: "7" + ge: "8" + id: "9" + le: "10" + prefix6: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_prefix_list6_data(json): + option_list = ['comments', 'name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_prefix_list6(data, fos): + vdom = data['vdom'] + state = data['state'] + router_prefix_list6_data = data['router_prefix_list6'] + filtered_data = underscore_to_hyphen(filter_router_prefix_list6_data(router_prefix_list6_data)) + + if state == "present": + return fos.set('router', + 'prefix-list6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'prefix-list6', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_prefix_list6']: + resp = router_prefix_list6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_prefix_list6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "router_prefix_list6": { + "required": False, "type": "dict", "default": None, + "options": { + "comments": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["permit", + "deny"]}, + "flags": {"required": False, "type": "int"}, + "ge": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "le": {"required": False, "type": "int"}, + "prefix6": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_rip.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_rip.py new file mode 100644 index 00000000..fcecb665 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_rip.py @@ -0,0 +1,664 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_rip +short_description: Configure RIP in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and rip category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_rip: + description: + - Configure RIP. + default: null + type: dict + suboptions: + default_information_originate: + description: + - Enable/disable generation of default route. + type: str + choices: + - enable + - disable + default_metric: + description: + - Default metric. + type: int + distance: + description: + - distance + type: list + suboptions: + access_list: + description: + - Access list for route destination. Source router.access-list.name. + type: str + distance: + description: + - Distance (1 - 255). + type: int + id: + description: + - Distance ID. + required: true + type: int + prefix: + description: + - Distance prefix. + type: str + distribute_list: + description: + - Distribute list. + type: list + suboptions: + direction: + description: + - Distribute list direction. + type: str + choices: + - in + - out + id: + description: + - Distribute list ID. + required: true + type: int + interface: + description: + - Distribute list interface name. Source system.interface.name. + type: str + listname: + description: + - Distribute access/prefix list name. Source router.access-list.name router.prefix-list.name. + type: str + status: + description: + - status + type: str + choices: + - enable + - disable + garbage_timer: + description: + - Garbage timer in seconds. + type: int + interface: + description: + - RIP interface configuration. + type: list + suboptions: + auth_keychain: + description: + - Authentication key-chain name. Source router.key-chain.name. + type: str + auth_mode: + description: + - Authentication mode. + type: str + choices: + - none + - text + - md5 + auth_string: + description: + - Authentication string/password. + type: str + flags: + description: + - flags + type: int + name: + description: + - Interface name. Source system.interface.name. + required: true + type: str + receive_version: + description: + - Receive version. + type: str + choices: + - 1 + - 2 + send_version: + description: + - Send version. + type: str + choices: + - 1 + - 2 + send_version2_broadcast: + description: + - Enable/disable broadcast version 1 compatible packets. + type: str + choices: + - disable + - enable + split_horizon: + description: + - Enable/disable split horizon. + type: str + choices: + - poisoned + - regular + split_horizon_status: + description: + - Enable/disable split horizon. + type: str + choices: + - enable + - disable + max_out_metric: + description: + - Maximum metric allowed to output(0 means "not set"). + type: int + neighbor: + description: + - neighbor + type: list + suboptions: + id: + description: + - Neighbor entry ID. + required: true + type: int + ip: + description: + - IP address. + type: str + network: + description: + - network + type: list + suboptions: + id: + description: + - Network entry ID. + required: true + type: int + prefix: + description: + - Network prefix. + type: str + offset_list: + description: + - Offset list. + type: list + suboptions: + access_list: + description: + - Access list name. Source router.access-list.name. + type: str + direction: + description: + - Offset list direction. + type: str + choices: + - in + - out + id: + description: + - Offset-list ID. + required: true + type: int + interface: + description: + - Interface name. Source system.interface.name. + type: str + offset: + description: + - offset + type: int + status: + description: + - status + type: str + choices: + - enable + - disable + passive_interface: + description: + - Passive interface configuration. + type: list + suboptions: + name: + description: + - Passive interface name. Source system.interface.name. + required: true + type: str + recv_buffer_size: + description: + - Receiving buffer size. + type: int + redistribute: + description: + - Redistribute configuration. + type: list + suboptions: + metric: + description: + - Redistribute metric setting. + type: int + name: + description: + - Redistribute name. + required: true + type: str + routemap: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - status + type: str + choices: + - enable + - disable + timeout_timer: + description: + - Timeout timer in seconds. + type: int + update_timer: + description: + - Update timer in seconds. + type: int + version: + description: + - RIP version. + type: str + choices: + - 1 + - 2 +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure RIP. + fortios_router_rip: + vdom: "{{ vdom }}" + router_rip: + default_information_originate: "enable" + default_metric: "4" + distance: + - + access_list: " (source router.access-list.name)" + distance: "7" + id: "8" + prefix: "" + distribute_list: + - + direction: "in" + id: "12" + interface: " (source system.interface.name)" + listname: " (source router.access-list.name router.prefix-list.name)" + status: "enable" + garbage_timer: "16" + interface: + - + auth_keychain: " (source router.key-chain.name)" + auth_mode: "none" + auth_string: "" + flags: "21" + name: "default_name_22 (source system.interface.name)" + receive_version: "1" + send_version: "1" + send_version2_broadcast: "disable" + split_horizon: "poisoned" + split_horizon_status: "enable" + max_out_metric: "28" + neighbor: + - + id: "30" + ip: "" + network: + - + id: "33" + prefix: "" + offset_list: + - + access_list: " (source router.access-list.name)" + direction: "in" + id: "38" + interface: " (source system.interface.name)" + offset: "40" + status: "enable" + passive_interface: + - + name: "default_name_43 (source system.interface.name)" + recv_buffer_size: "44" + redistribute: + - + metric: "46" + name: "default_name_47" + routemap: " (source router.route-map.name)" + status: "enable" + timeout_timer: "50" + update_timer: "51" + version: "1" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_rip_data(json): + option_list = ['default_information_originate', 'default_metric', 'distance', + 'distribute_list', 'garbage_timer', 'interface', + 'max_out_metric', 'neighbor', 'network', + 'offset_list', 'passive_interface', 'recv_buffer_size', + 'redistribute', 'timeout_timer', 'update_timer', + 'version'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_rip(data, fos): + vdom = data['vdom'] + router_rip_data = data['router_rip'] + filtered_data = underscore_to_hyphen(filter_router_rip_data(router_rip_data)) + + return fos.set('router', + 'rip', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_rip']: + resp = router_rip(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_rip')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_rip": { + "required": False, "type": "dict", "default": None, + "options": { + "default_information_originate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_metric": {"required": False, "type": "int"}, + "distance": {"required": False, "type": "list", + "options": { + "access_list": {"required": False, "type": "str"}, + "distance": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"} + }}, + "distribute_list": {"required": False, "type": "list", + "options": { + "direction": {"required": False, "type": "str", + "choices": ["in", + "out"]}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "listname": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "garbage_timer": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "list", + "options": { + "auth_keychain": {"required": False, "type": "str"}, + "auth_mode": {"required": False, "type": "str", + "choices": ["none", + "text", + "md5"]}, + "auth_string": {"required": False, "type": "str"}, + "flags": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "receive_version": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "send_version": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "send_version2_broadcast": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "split_horizon": {"required": False, "type": "str", + "choices": ["poisoned", + "regular"]}, + "split_horizon_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "max_out_metric": {"required": False, "type": "int"}, + "neighbor": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"} + }}, + "network": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"} + }}, + "offset_list": {"required": False, "type": "list", + "options": { + "access_list": {"required": False, "type": "str"}, + "direction": {"required": False, "type": "str", + "choices": ["in", + "out"]}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "offset": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "passive_interface": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "recv_buffer_size": {"required": False, "type": "int"}, + "redistribute": {"required": False, "type": "list", + "options": { + "metric": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "routemap": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "timeout_timer": {"required": False, "type": "int"}, + "update_timer": {"required": False, "type": "int"}, + "version": {"required": False, "type": "str", + "choices": ["1", + "2"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ripng.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ripng.py new file mode 100644 index 00000000..41b449dc --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_ripng.py @@ -0,0 +1,617 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_ripng +short_description: Configure RIPng in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and ripng category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_ripng: + description: + - Configure RIPng. + default: null + type: dict + suboptions: + aggregate_address: + description: + - Aggregate address. + type: list + suboptions: + id: + description: + - Aggregate address entry ID. + required: true + type: int + prefix6: + description: + - Aggregate address prefix. + type: str + default_information_originate: + description: + - Enable/disable generation of default route. + type: str + choices: + - enable + - disable + default_metric: + description: + - Default metric. + type: int + distance: + description: + - distance + type: list + suboptions: + access_list6: + description: + - Access list for route destination. Source router.access-list6.name. + type: str + distance: + description: + - Distance (1 - 255). + type: int + id: + description: + - Distance ID. + required: true + type: int + prefix6: + description: + - Distance prefix6. + type: str + distribute_list: + description: + - Distribute list. + type: list + suboptions: + direction: + description: + - Distribute list direction. + type: str + choices: + - in + - out + id: + description: + - Distribute list ID. + required: true + type: int + interface: + description: + - Distribute list interface name. Source system.interface.name. + type: str + listname: + description: + - Distribute access/prefix list name. Source router.access-list6.name router.prefix-list6.name. + type: str + status: + description: + - status + type: str + choices: + - enable + - disable + garbage_timer: + description: + - Garbage timer. + type: int + interface: + description: + - RIPng interface configuration. + type: list + suboptions: + flags: + description: + - Flags. + type: int + name: + description: + - Interface name. Source system.interface.name. + required: true + type: str + split_horizon: + description: + - Enable/disable split horizon. + type: str + choices: + - poisoned + - regular + split_horizon_status: + description: + - Enable/disable split horizon. + type: str + choices: + - enable + - disable + max_out_metric: + description: + - Maximum metric allowed to output(0 means "not set"). + type: int + neighbor: + description: + - neighbor + type: list + suboptions: + id: + description: + - Neighbor entry ID. + required: true + type: int + interface: + description: + - Interface name. Source system.interface.name. + type: str + ip6: + description: + - IPv6 link-local address. + type: str + network: + description: + - Network. + type: list + suboptions: + id: + description: + - Network entry ID. + required: true + type: int + prefix: + description: + - Network IPv6 link-local prefix. + type: str + offset_list: + description: + - Offset list. + type: list + suboptions: + access_list6: + description: + - IPv6 access list name. Source router.access-list6.name. + type: str + direction: + description: + - Offset list direction. + type: str + choices: + - in + - out + id: + description: + - Offset-list ID. + required: true + type: int + interface: + description: + - Interface name. Source system.interface.name. + type: str + offset: + description: + - offset + type: int + status: + description: + - status + type: str + choices: + - enable + - disable + passive_interface: + description: + - Passive interface configuration. + type: list + suboptions: + name: + description: + - Passive interface name. Source system.interface.name. + required: true + type: str + redistribute: + description: + - Redistribute configuration. + type: list + suboptions: + metric: + description: + - Redistribute metric setting. + type: int + name: + description: + - Redistribute name. + required: true + type: str + routemap: + description: + - Route map name. Source router.route-map.name. + type: str + status: + description: + - status + type: str + choices: + - enable + - disable + timeout_timer: + description: + - Timeout timer. + type: int + update_timer: + description: + - Update timer. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure RIPng. + fortios_router_ripng: + vdom: "{{ vdom }}" + router_ripng: + aggregate_address: + - + id: "4" + prefix6: "" + default_information_originate: "enable" + default_metric: "7" + distance: + - + access_list6: " (source router.access-list6.name)" + distance: "10" + id: "11" + prefix6: "" + distribute_list: + - + direction: "in" + id: "15" + interface: " (source system.interface.name)" + listname: " (source router.access-list6.name router.prefix-list6.name)" + status: "enable" + garbage_timer: "19" + interface: + - + flags: "21" + name: "default_name_22 (source system.interface.name)" + split_horizon: "poisoned" + split_horizon_status: "enable" + max_out_metric: "25" + neighbor: + - + id: "27" + interface: " (source system.interface.name)" + ip6: "" + network: + - + id: "31" + prefix: "" + offset_list: + - + access_list6: " (source router.access-list6.name)" + direction: "in" + id: "36" + interface: " (source system.interface.name)" + offset: "38" + status: "enable" + passive_interface: + - + name: "default_name_41 (source system.interface.name)" + redistribute: + - + metric: "43" + name: "default_name_44" + routemap: " (source router.route-map.name)" + status: "enable" + timeout_timer: "47" + update_timer: "48" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_ripng_data(json): + option_list = ['aggregate_address', 'default_information_originate', 'default_metric', + 'distance', 'distribute_list', 'garbage_timer', + 'interface', 'max_out_metric', 'neighbor', + 'network', 'offset_list', 'passive_interface', + 'redistribute', 'timeout_timer', 'update_timer'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_ripng(data, fos): + vdom = data['vdom'] + router_ripng_data = data['router_ripng'] + filtered_data = underscore_to_hyphen(filter_router_ripng_data(router_ripng_data)) + + return fos.set('router', + 'ripng', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_ripng']: + resp = router_ripng(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_ripng')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_ripng": { + "required": False, "type": "dict", "default": None, + "options": { + "aggregate_address": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "prefix6": {"required": False, "type": "str"} + }}, + "default_information_originate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_metric": {"required": False, "type": "int"}, + "distance": {"required": False, "type": "list", + "options": { + "access_list6": {"required": False, "type": "str"}, + "distance": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "prefix6": {"required": False, "type": "str"} + }}, + "distribute_list": {"required": False, "type": "list", + "options": { + "direction": {"required": False, "type": "str", + "choices": ["in", + "out"]}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "listname": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "garbage_timer": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "list", + "options": { + "flags": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "split_horizon": {"required": False, "type": "str", + "choices": ["poisoned", + "regular"]}, + "split_horizon_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "max_out_metric": {"required": False, "type": "int"}, + "neighbor": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip6": {"required": False, "type": "str"} + }}, + "network": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "prefix": {"required": False, "type": "str"} + }}, + "offset_list": {"required": False, "type": "list", + "options": { + "access_list6": {"required": False, "type": "str"}, + "direction": {"required": False, "type": "str", + "choices": ["in", + "out"]}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "offset": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "passive_interface": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "redistribute": {"required": False, "type": "list", + "options": { + "metric": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "routemap": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "timeout_timer": {"required": False, "type": "int"}, + "update_timer": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_route_map.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_route_map.py new file mode 100644 index 00000000..6569a8a1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_route_map.py @@ -0,0 +1,651 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_route_map +short_description: Configure route maps in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and route_map category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + router_route_map: + description: + - Configure route maps. + default: null + type: dict + suboptions: + comments: + description: + - Optional comments. + type: str + name: + description: + - Name. + required: true + type: str + rule: + description: + - Rule. + type: list + suboptions: + action: + description: + - Action. + type: str + choices: + - permit + - deny + id: + description: + - Rule ID. + required: true + type: int + match_as_path: + description: + - Match BGP AS path list. Source router.aspath-list.name. + type: str + match_community: + description: + - Match BGP community list. Source router.community-list.name. + type: str + match_community_exact: + description: + - Enable/disable exact matching of communities. + type: str + choices: + - enable + - disable + match_flags: + description: + - BGP flag value to match (0 - 65535) + type: int + match_interface: + description: + - Match interface configuration. Source system.interface.name. + type: str + match_ip_address: + description: + - Match IP address permitted by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. + type: str + match_ip_nexthop: + description: + - Match next hop IP address passed by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. + type: str + match_ip6_address: + description: + - Match IPv6 address permitted by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. + type: str + match_ip6_nexthop: + description: + - Match next hop IPv6 address passed by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. + type: str + match_metric: + description: + - Match metric for redistribute routes. + type: int + match_origin: + description: + - Match BGP origin code. + type: str + choices: + - none + - egp + - igp + - incomplete + match_route_type: + description: + - Match route type. + type: str + choices: + - 1 + - 2 + - none + match_tag: + description: + - Match tag. + type: int + set_aggregator_as: + description: + - BGP aggregator AS. + type: int + set_aggregator_ip: + description: + - BGP aggregator IP. + type: str + set_aspath: + description: + - Prepend BGP AS path attribute. + type: list + suboptions: + as: + description: + - 'AS number (0 - 42949672). NOTE: Use quotes for repeating numbers, e.g.: "1 1 2"' + required: true + type: str + set_aspath_action: + description: + - Specify preferred action of set-aspath. + type: str + choices: + - prepend + - replace + set_atomic_aggregate: + description: + - Enable/disable BGP atomic aggregate attribute. + type: str + choices: + - enable + - disable + set_community: + description: + - BGP community attribute. + type: list + suboptions: + community: + description: + - 'Attribute: AA|AA:NN|internet|local-AS|no-advertise|no-export.' + required: true + type: str + set_community_additive: + description: + - Enable/disable adding set-community to existing community. + type: str + choices: + - enable + - disable + set_community_delete: + description: + - Delete communities matching community list. Source router.community-list.name. + type: str + set_dampening_max_suppress: + description: + - Maximum duration to suppress a route (1 - 255 min, 0 = unset). + type: int + set_dampening_reachability_half_life: + description: + - Reachability half-life time for the penalty (1 - 45 min, 0 = unset). + type: int + set_dampening_reuse: + description: + - Value to start reusing a route (1 - 20000, 0 = unset). + type: int + set_dampening_suppress: + description: + - Value to start suppressing a route (1 - 20000, 0 = unset). + type: int + set_dampening_unreachability_half_life: + description: + - Unreachability Half-life time for the penalty (1 - 45 min, 0 = unset) + type: int + set_extcommunity_rt: + description: + - Route Target extended community. + type: list + suboptions: + community: + description: + - 'AA:NN.' + required: true + type: str + set_extcommunity_soo: + description: + - Site-of-Origin extended community. + type: list + suboptions: + community: + description: + - 'AA:NN' + required: true + type: str + set_flags: + description: + - BGP flags value (0 - 65535) + type: int + set_ip_nexthop: + description: + - IP address of next hop. + type: str + set_ip6_nexthop: + description: + - IPv6 global address of next hop. + type: str + set_ip6_nexthop_local: + description: + - IPv6 local address of next hop. + type: str + set_local_preference: + description: + - BGP local preference path attribute. + type: int + set_metric: + description: + - Metric value. + type: int + set_metric_type: + description: + - Metric type. + type: str + choices: + - 1 + - 2 + - none + set_origin: + description: + - BGP origin code. + type: str + choices: + - none + - egp + - igp + - incomplete + set_originator_id: + description: + - BGP originator ID attribute. + type: str + set_route_tag: + description: + - Route tag for routing table. + type: int + set_tag: + description: + - Tag value. + type: int + set_weight: + description: + - BGP weight for routing table. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure route maps. + fortios_router_route_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_route_map: + comments: "" + name: "default_name_4" + rule: + - + action: "permit" + id: "7" + match_as_path: " (source router.aspath-list.name)" + match_community: " (source router.community-list.name)" + match_community_exact: "enable" + match_flags: "11" + match_interface: " (source system.interface.name)" + match_ip_address: " (source router.access-list.name router.prefix-list.name)" + match_ip_nexthop: " (source router.access-list.name router.prefix-list.name)" + match_ip6_address: " (source router.access-list6.name router.prefix-list6.name)" + match_ip6_nexthop: " (source router.access-list6.name router.prefix-list6.name)" + match_metric: "17" + match_origin: "none" + match_route_type: "1" + match_tag: "20" + set_aggregator_as: "21" + set_aggregator_ip: "" + set_aspath: + - + as: "" + set_aspath_action: "prepend" + set_atomic_aggregate: "enable" + set_community: + - + community: "" + set_community_additive: "enable" + set_community_delete: " (source router.community-list.name)" + set_dampening_max_suppress: "31" + set_dampening_reachability_half_life: "32" + set_dampening_reuse: "33" + set_dampening_suppress: "34" + set_dampening_unreachability_half_life: "35" + set_extcommunity_rt: + - + community: "" + set_extcommunity_soo: + - + community: "" + set_flags: "40" + set_ip_nexthop: "" + set_ip6_nexthop: "" + set_ip6_nexthop_local: "" + set_local_preference: "44" + set_metric: "45" + set_metric_type: "1" + set_origin: "none" + set_originator_id: "" + set_route_tag: "49" + set_tag: "50" + set_weight: "51" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_route_map_data(json): + option_list = ['comments', 'name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_route_map(data, fos): + vdom = data['vdom'] + state = data['state'] + router_route_map_data = data['router_route_map'] + filtered_data = underscore_to_hyphen(filter_router_route_map_data(router_route_map_data)) + + if state == "present": + return fos.set('router', + 'route-map', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'route-map', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_route_map']: + resp = router_route_map(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_route_map')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "router_route_map": { + "required": False, "type": "dict", "default": None, + "options": { + "comments": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["permit", + "deny"]}, + "id": {"required": True, "type": "int"}, + "match_as_path": {"required": False, "type": "str"}, + "match_community": {"required": False, "type": "str"}, + "match_community_exact": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "match_flags": {"required": False, "type": "int"}, + "match_interface": {"required": False, "type": "str"}, + "match_ip_address": {"required": False, "type": "str"}, + "match_ip_nexthop": {"required": False, "type": "str"}, + "match_ip6_address": {"required": False, "type": "str"}, + "match_ip6_nexthop": {"required": False, "type": "str"}, + "match_metric": {"required": False, "type": "int"}, + "match_origin": {"required": False, "type": "str", + "choices": ["none", + "egp", + "igp", + "incomplete"]}, + "match_route_type": {"required": False, "type": "str", + "choices": ["1", + "2", + "none"]}, + "match_tag": {"required": False, "type": "int"}, + "set_aggregator_as": {"required": False, "type": "int"}, + "set_aggregator_ip": {"required": False, "type": "str"}, + "set_aspath": {"required": False, "type": "list", + "options": { + "as": {"required": True, "type": "str"} + }}, + "set_aspath_action": {"required": False, "type": "str", + "choices": ["prepend", + "replace"]}, + "set_atomic_aggregate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "set_community": {"required": False, "type": "list", + "options": { + "community": {"required": True, "type": "str"} + }}, + "set_community_additive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "set_community_delete": {"required": False, "type": "str"}, + "set_dampening_max_suppress": {"required": False, "type": "int"}, + "set_dampening_reachability_half_life": {"required": False, "type": "int"}, + "set_dampening_reuse": {"required": False, "type": "int"}, + "set_dampening_suppress": {"required": False, "type": "int"}, + "set_dampening_unreachability_half_life": {"required": False, "type": "int"}, + "set_extcommunity_rt": {"required": False, "type": "list", + "options": { + "community": {"required": True, "type": "str"} + }}, + "set_extcommunity_soo": {"required": False, "type": "list", + "options": { + "community": {"required": True, "type": "str"} + }}, + "set_flags": {"required": False, "type": "int"}, + "set_ip_nexthop": {"required": False, "type": "str"}, + "set_ip6_nexthop": {"required": False, "type": "str"}, + "set_ip6_nexthop_local": {"required": False, "type": "str"}, + "set_local_preference": {"required": False, "type": "int"}, + "set_metric": {"required": False, "type": "int"}, + "set_metric_type": {"required": False, "type": "str", + "choices": ["1", + "2", + "none"]}, + "set_origin": {"required": False, "type": "str", + "choices": ["none", + "egp", + "igp", + "incomplete"]}, + "set_originator_id": {"required": False, "type": "str"}, + "set_route_tag": {"required": False, "type": "int"}, + "set_tag": {"required": False, "type": "int"}, + "set_weight": {"required": False, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_setting.py new file mode 100644 index 00000000..2eefbaae --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_setting.py @@ -0,0 +1,264 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_setting +short_description: Configure router settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + router_setting: + description: + - Configure router settings. + default: null + type: dict + suboptions: + hostname: + description: + - Hostname for this virtual domain router. + type: str + show_filter: + description: + - Prefix-list as filter for showing routes. Source router.prefix-list.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure router settings. + fortios_router_setting: + vdom: "{{ vdom }}" + router_setting: + hostname: "myhostname" + show_filter: " (source router.prefix-list.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_setting_data(json): + option_list = ['hostname', 'show_filter'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_setting(data, fos): + vdom = data['vdom'] + router_setting_data = data['router_setting'] + filtered_data = underscore_to_hyphen(filter_router_setting_data(router_setting_data)) + + return fos.set('router', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_setting']: + resp = router_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "router_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "hostname": {"required": False, "type": "str"}, + "show_filter": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static.py new file mode 100644 index 00000000..5662e159 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static.py @@ -0,0 +1,445 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_static +short_description: Configure IPv4 static routing tables in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and static category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + router_static: + description: + - Configure IPv4 static routing tables. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + bfd: + description: + - Enable/disable Bidirectional Forwarding Detection (BFD). + type: str + choices: + - enable + - disable + blackhole: + description: + - Enable/disable black hole. + type: str + choices: + - enable + - disable + comment: + description: + - Optional comments. + type: str + device: + description: + - Gateway out interface or tunnel. Source system.interface.name. + type: str + distance: + description: + - Administrative distance (1 - 255). + type: int + dst: + description: + - Destination IP and mask for this route. + type: str + dstaddr: + description: + - Name of firewall address or address group. Source firewall.address.name firewall.addrgrp.name. + type: str + dynamic_gateway: + description: + - Enable use of dynamic gateway retrieved from a DHCP or PPP server. + type: str + choices: + - enable + - disable + gateway: + description: + - Gateway IP for this route. + type: str + internet_service: + description: + - Application ID in the Internet service database. Source firewall.internet-service.id. + type: int + internet_service_custom: + description: + - Application name in the Internet service custom database. Source firewall.internet-service-custom.name. + type: str + link_monitor_exempt: + description: + - Enable/disable withdrawing this route when link monitor or health check is down. + type: str + choices: + - enable + - disable + priority: + description: + - Administrative priority (0 - 4294967295). + type: int + seq_num: + description: + - Sequence number. + type: int + src: + description: + - Source prefix for this route. + type: str + status: + description: + - Enable/disable this static route. + type: str + choices: + - enable + - disable + virtual_wan_link: + description: + - Enable/disable egress through the virtual-wan-link. + type: str + choices: + - enable + - disable + vrf: + description: + - Virtual Routing Forwarding ID. + type: int + weight: + description: + - Administrative weight (0 - 255). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv4 static routing tables. + fortios_router_static: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_static: + bfd: "enable" + blackhole: "enable" + comment: "Optional comments." + device: " (source system.interface.name)" + distance: "7" + dst: "" + dstaddr: " (source firewall.address.name firewall.addrgrp.name)" + dynamic_gateway: "enable" + gateway: "" + internet_service: "12 (source firewall.internet-service.id)" + internet_service_custom: " (source firewall.internet-service-custom.name)" + link_monitor_exempt: "enable" + priority: "15" + seq_num: "16" + src: "" + status: "enable" + virtual_wan_link: "enable" + vrf: "20" + weight: "21" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_static_data(json): + option_list = ['bfd', 'blackhole', 'comment', + 'device', 'distance', 'dst', + 'dstaddr', 'dynamic_gateway', 'gateway', + 'internet_service', 'internet_service_custom', 'link_monitor_exempt', + 'priority', 'seq_num', 'src', + 'status', 'virtual_wan_link', 'vrf', + 'weight'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_static(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['router_static'] and data['router_static']['state']: + state = data['router_static']['state'] + else: + state = True + router_static_data = data['router_static'] + filtered_data = underscore_to_hyphen(filter_router_static_data(router_static_data)) + + if state == "present": + return fos.set('router', + 'static', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'static', + mkey=filtered_data['seq-num'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_static']: + resp = router_static(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_static')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'seq-num' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "router_static": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "blackhole": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comment": {"required": False, "type": "str"}, + "device": {"required": False, "type": "str"}, + "distance": {"required": False, "type": "int"}, + "dst": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "str"}, + "dynamic_gateway": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gateway": {"required": False, "type": "str"}, + "internet_service": {"required": False, "type": "int"}, + "internet_service_custom": {"required": False, "type": "str"}, + "link_monitor_exempt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "priority": {"required": False, "type": "int"}, + "seq_num": {"required": False, "type": "int"}, + "src": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "virtual_wan_link": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vrf": {"required": False, "type": "int"}, + "weight": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static6.py new file mode 100644 index 00000000..8e870129 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_static6.py @@ -0,0 +1,369 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_router_static6 +short_description: Configure IPv6 static routing tables in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify router feature and static6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + router_static6: + description: + - Configure IPv6 static routing tables. + default: null + type: dict + suboptions: + bfd: + description: + - Enable/disable Bidirectional Forwarding Detection (BFD). + type: str + choices: + - enable + - disable + blackhole: + description: + - Enable/disable black hole. + type: str + choices: + - enable + - disable + comment: + description: + - Optional comments. + type: str + device: + description: + - Gateway out interface or tunnel. Source system.interface.name. + type: str + devindex: + description: + - Device index (0 - 4294967295). + type: int + distance: + description: + - Administrative distance (1 - 255). + type: int + dst: + description: + - Destination IPv6 prefix. + type: str + gateway: + description: + - IPv6 address of the gateway. + type: str + priority: + description: + - Administrative priority (0 - 4294967295). + type: int + seq_num: + description: + - Sequence number. + type: int + status: + description: + - Enable/disable this static route. + type: str + choices: + - enable + - disable + virtual_wan_link: + description: + - Enable/disable egress through the virtual-wan-link. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 static routing tables. + fortios_router_static6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + router_static6: + bfd: "enable" + blackhole: "enable" + comment: "Optional comments." + device: " (source system.interface.name)" + devindex: "7" + distance: "8" + dst: "" + gateway: "" + priority: "11" + seq_num: "12" + status: "enable" + virtual_wan_link: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_router_static6_data(json): + option_list = ['bfd', 'blackhole', 'comment', + 'device', 'devindex', 'distance', + 'dst', 'gateway', 'priority', + 'seq_num', 'status', 'virtual_wan_link'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def router_static6(data, fos): + vdom = data['vdom'] + state = data['state'] + router_static6_data = data['router_static6'] + filtered_data = underscore_to_hyphen(filter_router_static6_data(router_static6_data)) + + if state == "present": + return fos.set('router', + 'static6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('router', + 'static6', + mkey=filtered_data['seq-num'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_router(data, fos): + + if data['router_static6']: + resp = router_static6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('router_static6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'seq-num' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "router_static6": { + "required": False, "type": "dict", "default": None, + "options": { + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "blackhole": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comment": {"required": False, "type": "str"}, + "device": {"required": False, "type": "str"}, + "devindex": {"required": False, "type": "int"}, + "distance": {"required": False, "type": "int"}, + "dst": {"required": False, "type": "str"}, + "gateway": {"required": False, "type": "str"}, + "priority": {"required": False, "type": "int"}, + "seq_num": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "virtual_wan_link": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_router(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bwl.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bwl.py new file mode 100644 index 00000000..feea54eb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bwl.py @@ -0,0 +1,386 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_bwl +short_description: Configure anti-spam black/white list in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and bwl category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + spamfilter_bwl: + description: + - Configure anti-spam black/white list. + default: null + type: dict + suboptions: + comment: + description: + - Optional comments. + type: str + entries: + description: + - Anti-spam black/white list entries. + type: list + suboptions: + action: + description: + - Reject, mark as spam or good email. + type: str + choices: + - reject + - spam + - clear + addr_type: + description: + - IP address type. + type: str + choices: + - ipv4 + - ipv6 + email_pattern: + description: + - Email address pattern. + type: str + id: + description: + - Entry ID. + required: true + type: int + ip4_subnet: + description: + - IPv4 network address/subnet mask bits. + type: str + ip6_subnet: + description: + - IPv6 network address/subnet mask bits. + type: str + pattern_type: + description: + - Wildcard pattern or regular expression. + type: str + choices: + - wildcard + - regexp + status: + description: + - Enable/disable status. + type: str + choices: + - enable + - disable + type: + description: + - Entry type. + type: str + choices: + - ip + - email + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure anti-spam black/white list. + fortios_spamfilter_bwl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_bwl: + comment: "Optional comments." + entries: + - + action: "reject" + addr_type: "ipv4" + email_pattern: "" + id: "8" + ip4_subnet: "" + ip6_subnet: "" + pattern_type: "wildcard" + status: "enable" + type: "ip" + id: "14" + name: "default_name_15" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_bwl_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_bwl(data, fos): + vdom = data['vdom'] + state = data['state'] + spamfilter_bwl_data = data['spamfilter_bwl'] + filtered_data = underscore_to_hyphen(filter_spamfilter_bwl_data(spamfilter_bwl_data)) + + if state == "present": + return fos.set('spamfilter', + 'bwl', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('spamfilter', + 'bwl', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_bwl']: + resp = spamfilter_bwl(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_bwl')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "spamfilter_bwl": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["reject", + "spam", + "clear"]}, + "addr_type": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "email_pattern": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ip4_subnet": {"required": False, "type": "str"}, + "ip6_subnet": {"required": False, "type": "str"}, + "pattern_type": {"required": False, "type": "str", + "choices": ["wildcard", + "regexp"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "type": {"required": False, "type": "str", + "choices": ["ip", + "email"]} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bword.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bword.py new file mode 100644 index 00000000..b7721a74 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_bword.py @@ -0,0 +1,392 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_bword +short_description: Configure AntiSpam banned word list in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and bword category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + spamfilter_bword: + description: + - Configure AntiSpam banned word list. + default: null + type: dict + suboptions: + comment: + description: + - Optional comments. + type: str + entries: + description: + - Spam filter banned word. + type: list + suboptions: + action: + description: + - Mark spam or good. + type: str + choices: + - spam + - clear + id: + description: + - Banned word entry ID. + required: true + type: int + language: + description: + - Language for the banned word. + type: str + choices: + - western + - simch + - trach + - japanese + - korean + - french + - thai + - spanish + pattern: + description: + - Pattern for the banned word. + type: str + pattern_type: + description: + - Wildcard pattern or regular expression. + type: str + choices: + - wildcard + - regexp + score: + description: + - Score value. + type: int + status: + description: + - Enable/disable status. + type: str + choices: + - enable + - disable + where: + description: + - Component of the email to be scanned. + type: str + choices: + - subject + - body + - all + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam banned word list. + fortios_spamfilter_bword: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_bword: + comment: "Optional comments." + entries: + - + action: "spam" + id: "6" + language: "western" + pattern: "" + pattern_type: "wildcard" + score: "10" + status: "enable" + where: "subject" + id: "13" + name: "default_name_14" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_bword_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_bword(data, fos): + vdom = data['vdom'] + state = data['state'] + spamfilter_bword_data = data['spamfilter_bword'] + filtered_data = underscore_to_hyphen(filter_spamfilter_bword_data(spamfilter_bword_data)) + + if state == "present": + return fos.set('spamfilter', + 'bword', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('spamfilter', + 'bword', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_bword']: + resp = spamfilter_bword(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_bword')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "spamfilter_bword": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["spam", + "clear"]}, + "id": {"required": True, "type": "int"}, + "language": {"required": False, "type": "str", + "choices": ["western", + "simch", + "trach", + "japanese", + "korean", + "french", + "thai", + "spanish"]}, + "pattern": {"required": False, "type": "str"}, + "pattern_type": {"required": False, "type": "str", + "choices": ["wildcard", + "regexp"]}, + "score": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "where": {"required": False, "type": "str", + "choices": ["subject", + "body", + "all"]} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_dnsbl.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_dnsbl.py new file mode 100644 index 00000000..cac7d248 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_dnsbl.py @@ -0,0 +1,339 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_dnsbl +short_description: Configure AntiSpam DNSBL/ORBL in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and dnsbl category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + spamfilter_dnsbl: + description: + - Configure AntiSpam DNSBL/ORBL. + default: null + type: dict + suboptions: + comment: + description: + - Optional comments. + type: str + entries: + description: + - Spam filter DNSBL and ORBL server. + type: list + suboptions: + action: + description: + - Reject connection or mark as spam email. + type: str + choices: + - reject + - spam + id: + description: + - DNSBL/ORBL entry ID. + required: true + type: int + server: + description: + - DNSBL or ORBL server name. + type: str + status: + description: + - Enable/disable status. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam DNSBL/ORBL. + fortios_spamfilter_dnsbl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_dnsbl: + comment: "Optional comments." + entries: + - + action: "reject" + id: "6" + server: "192.168.100.40" + status: "enable" + id: "9" + name: "default_name_10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_dnsbl_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_dnsbl(data, fos): + vdom = data['vdom'] + state = data['state'] + spamfilter_dnsbl_data = data['spamfilter_dnsbl'] + filtered_data = underscore_to_hyphen(filter_spamfilter_dnsbl_data(spamfilter_dnsbl_data)) + + if state == "present": + return fos.set('spamfilter', + 'dnsbl', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('spamfilter', + 'dnsbl', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_dnsbl']: + resp = spamfilter_dnsbl(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_dnsbl')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "spamfilter_dnsbl": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["reject", + "spam"]}, + "id": {"required": True, "type": "int"}, + "server": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_fortishield.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_fortishield.py new file mode 100644 index 00000000..8311b2d0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_fortishield.py @@ -0,0 +1,280 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_fortishield +short_description: Configure FortiGuard - AntiSpam in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and fortishield category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + spamfilter_fortishield: + description: + - Configure FortiGuard - AntiSpam. + default: null + type: dict + suboptions: + spam_submit_force: + description: + - Enable/disable force insertion of a new mime entity for the submission text. + type: str + choices: + - enable + - disable + spam_submit_srv: + description: + - Hostname of the spam submission server. + type: str + spam_submit_txt2htm: + description: + - Enable/disable conversion of text email to HTML email. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard - AntiSpam. + fortios_spamfilter_fortishield: + vdom: "{{ vdom }}" + spamfilter_fortishield: + spam_submit_force: "enable" + spam_submit_srv: "" + spam_submit_txt2htm: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_fortishield_data(json): + option_list = ['spam_submit_force', 'spam_submit_srv', 'spam_submit_txt2htm'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_fortishield(data, fos): + vdom = data['vdom'] + spamfilter_fortishield_data = data['spamfilter_fortishield'] + filtered_data = underscore_to_hyphen(filter_spamfilter_fortishield_data(spamfilter_fortishield_data)) + + return fos.set('spamfilter', + 'fortishield', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_fortishield']: + resp = spamfilter_fortishield(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_fortishield')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "spamfilter_fortishield": { + "required": False, "type": "dict", "default": None, + "options": { + "spam_submit_force": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "spam_submit_srv": {"required": False, "type": "str"}, + "spam_submit_txt2htm": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_iptrust.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_iptrust.py new file mode 100644 index 00000000..1996a295 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_iptrust.py @@ -0,0 +1,345 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_iptrust +short_description: Configure AntiSpam IP trust in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and iptrust category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + spamfilter_iptrust: + description: + - Configure AntiSpam IP trust. + default: null + type: dict + suboptions: + comment: + description: + - Optional comments. + type: str + entries: + description: + - Spam filter trusted IP addresses. + type: list + suboptions: + addr_type: + description: + - Type of address. + type: str + choices: + - ipv4 + - ipv6 + id: + description: + - Trusted IP entry ID. + required: true + type: int + ip4_subnet: + description: + - IPv4 network address or network address/subnet mask bits. + type: str + ip6_subnet: + description: + - IPv6 network address/subnet mask bits. + type: str + status: + description: + - Enable/disable status. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam IP trust. + fortios_spamfilter_iptrust: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_iptrust: + comment: "Optional comments." + entries: + - + addr_type: "ipv4" + id: "6" + ip4_subnet: "" + ip6_subnet: "" + status: "enable" + id: "10" + name: "default_name_11" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_iptrust_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_iptrust(data, fos): + vdom = data['vdom'] + state = data['state'] + spamfilter_iptrust_data = data['spamfilter_iptrust'] + filtered_data = underscore_to_hyphen(filter_spamfilter_iptrust_data(spamfilter_iptrust_data)) + + if state == "present": + return fos.set('spamfilter', + 'iptrust', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('spamfilter', + 'iptrust', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_iptrust']: + resp = spamfilter_iptrust(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_iptrust')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "spamfilter_iptrust": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "addr_type": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "id": {"required": True, "type": "int"}, + "ip4_subnet": {"required": False, "type": "str"}, + "ip6_subnet": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_mheader.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_mheader.py new file mode 100644 index 00000000..3d7611dc --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_mheader.py @@ -0,0 +1,356 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_mheader +short_description: Configure AntiSpam MIME header in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and mheader category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + spamfilter_mheader: + description: + - Configure AntiSpam MIME header. + default: null + type: dict + suboptions: + comment: + description: + - Optional comments. + type: str + entries: + description: + - Spam filter mime header content. + type: list + suboptions: + action: + description: + - Mark spam or good. + type: str + choices: + - spam + - clear + fieldbody: + description: + - Pattern for the header field body. + type: str + fieldname: + description: + - Pattern for header field name. + type: str + id: + description: + - Mime header entry ID. + required: true + type: int + pattern_type: + description: + - Wildcard pattern or regular expression. + type: str + choices: + - wildcard + - regexp + status: + description: + - Enable/disable status. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam MIME header. + fortios_spamfilter_mheader: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_mheader: + comment: "Optional comments." + entries: + - + action: "spam" + fieldbody: "" + fieldname: "" + id: "8" + pattern_type: "wildcard" + status: "enable" + id: "11" + name: "default_name_12" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_mheader_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_mheader(data, fos): + vdom = data['vdom'] + state = data['state'] + spamfilter_mheader_data = data['spamfilter_mheader'] + filtered_data = underscore_to_hyphen(filter_spamfilter_mheader_data(spamfilter_mheader_data)) + + if state == "present": + return fos.set('spamfilter', + 'mheader', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('spamfilter', + 'mheader', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_mheader']: + resp = spamfilter_mheader(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_mheader')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "spamfilter_mheader": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["spam", + "clear"]}, + "fieldbody": {"required": False, "type": "str"}, + "fieldname": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "pattern_type": {"required": False, "type": "str", + "choices": ["wildcard", + "regexp"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_options.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_options.py new file mode 100644 index 00000000..41f64fa0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_options.py @@ -0,0 +1,258 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_options +short_description: Configure AntiSpam options in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and options category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + spamfilter_options: + description: + - Configure AntiSpam options. + default: null + type: dict + suboptions: + dns_timeout: + description: + - DNS query time out (1 - 30 sec). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam options. + fortios_spamfilter_options: + vdom: "{{ vdom }}" + spamfilter_options: + dns_timeout: "3" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_options_data(json): + option_list = ['dns_timeout'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_options(data, fos): + vdom = data['vdom'] + spamfilter_options_data = data['spamfilter_options'] + filtered_data = underscore_to_hyphen(filter_spamfilter_options_data(spamfilter_options_data)) + + return fos.set('spamfilter', + 'options', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_options']: + resp = spamfilter_options(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_options')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "spamfilter_options": { + "required": False, "type": "dict", "default": None, + "options": { + "dns_timeout": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_profile.py new file mode 100644 index 00000000..8f7146a6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_spamfilter_profile.py @@ -0,0 +1,722 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_spamfilter_profile +short_description: Configure AntiSpam profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify spamfilter feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + spamfilter_profile: + description: + - Configure AntiSpam profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Comment. + type: str + external: + description: + - Enable/disable external Email inspection. + type: str + choices: + - enable + - disable + flow_based: + description: + - Enable/disable flow-based spam filtering. + type: str + choices: + - enable + - disable + gmail: + description: + - Gmail. + type: dict + suboptions: + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + imap: + description: + - IMAP. + type: dict + suboptions: + action: + description: + - Action for spam email. + type: str + choices: + - pass + - tag + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + tag_msg: + description: + - Subject text or header added to spam email. + type: str + tag_type: + description: + - Tag subject or header for spam email. + type: list + choices: + - subject + - header + - spaminfo + mapi: + description: + - MAPI. + type: dict + suboptions: + action: + description: + - Action for spam email. + type: str + choices: + - pass + - discard + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + msn_hotmail: + description: + - MSN Hotmail. + type: dict + suboptions: + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + name: + description: + - Profile name. + required: true + type: str + options: + description: + - Options. + type: list + choices: + - bannedword + - spambwl + - spamfsip + - spamfssubmit + - spamfschksum + - spamfsurl + - spamhelodns + - spamraddrdns + - spamrbl + - spamhdrcheck + - spamfsphish + pop3: + description: + - POP3. + type: dict + suboptions: + action: + description: + - Action for spam email. + type: str + choices: + - pass + - tag + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + tag_msg: + description: + - Subject text or header added to spam email. + type: str + tag_type: + description: + - Tag subject or header for spam email. + type: list + choices: + - subject + - header + - spaminfo + replacemsg_group: + description: + - Replacement message group. Source system.replacemsg-group.name. + type: str + smtp: + description: + - SMTP. + type: dict + suboptions: + action: + description: + - Action for spam email. + type: str + choices: + - pass + - tag + - discard + hdrip: + description: + - Enable/disable SMTP email header IP checks for spamfsip, spamrbl and spambwl filters. + type: str + choices: + - disable + - enable + local_override: + description: + - Enable/disable local filter to override SMTP remote check result. + type: str + choices: + - disable + - enable + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + tag_msg: + description: + - Subject text or header added to spam email. + type: str + tag_type: + description: + - Tag subject or header for spam email. + type: list + choices: + - subject + - header + - spaminfo + spam_bwl_table: + description: + - Anti-spam black/white list table ID. Source spamfilter.bwl.id. + type: int + spam_bword_table: + description: + - Anti-spam banned word table ID. Source spamfilter.bword.id. + type: int + spam_bword_threshold: + description: + - Spam banned word threshold. + type: int + spam_filtering: + description: + - Enable/disable spam filtering. + type: str + choices: + - enable + - disable + spam_iptrust_table: + description: + - Anti-spam IP trust table ID. Source spamfilter.iptrust.id. + type: int + spam_log: + description: + - Enable/disable spam logging for email filtering. + type: str + choices: + - disable + - enable + spam_log_fortiguard_response: + description: + - Enable/disable logging FortiGuard spam response. + type: str + choices: + - disable + - enable + spam_mheader_table: + description: + - Anti-spam MIME header table ID. Source spamfilter.mheader.id. + type: int + spam_rbl_table: + description: + - Anti-spam DNSBL table ID. Source spamfilter.dnsbl.id. + type: int + yahoo_mail: + description: + - Yahoo! Mail. + type: dict + suboptions: + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure AntiSpam profiles. + fortios_spamfilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + spamfilter_profile: + comment: "Comment." + external: "enable" + flow_based: "enable" + gmail: + log: "enable" + imap: + action: "pass" + log: "enable" + tag_msg: "" + tag_type: "subject" + mapi: + action: "pass" + log: "enable" + msn_hotmail: + log: "enable" + name: "default_name_18" + options: "bannedword" + pop3: + action: "pass" + log: "enable" + tag_msg: "" + tag_type: "subject" + replacemsg_group: " (source system.replacemsg-group.name)" + smtp: + action: "pass" + hdrip: "disable" + local_override: "disable" + log: "enable" + tag_msg: "" + tag_type: "subject" + spam_bwl_table: "33 (source spamfilter.bwl.id)" + spam_bword_table: "34 (source spamfilter.bword.id)" + spam_bword_threshold: "35" + spam_filtering: "enable" + spam_iptrust_table: "37 (source spamfilter.iptrust.id)" + spam_log: "disable" + spam_log_fortiguard_response: "disable" + spam_mheader_table: "40 (source spamfilter.mheader.id)" + spam_rbl_table: "41 (source spamfilter.dnsbl.id)" + yahoo_mail: + log: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_spamfilter_profile_data(json): + option_list = ['comment', 'external', 'flow_based', + 'gmail', 'imap', 'mapi', + 'msn_hotmail', 'name', 'options', + 'pop3', 'replacemsg_group', 'smtp', + 'spam_bwl_table', 'spam_bword_table', 'spam_bword_threshold', + 'spam_filtering', 'spam_iptrust_table', 'spam_log', + 'spam_log_fortiguard_response', 'spam_mheader_table', 'spam_rbl_table', + 'yahoo_mail'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'options'], [u'imap', u'tag_type'], [u'pop3', u'tag_type'], [u'smtp', u'tag_type']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def spamfilter_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['spamfilter_profile'] and data['spamfilter_profile']['state']: + state = data['spamfilter_profile']['state'] + else: + state = True + spamfilter_profile_data = data['spamfilter_profile'] + spamfilter_profile_data = flatten_multilists_attributes(spamfilter_profile_data) + filtered_data = underscore_to_hyphen(filter_spamfilter_profile_data(spamfilter_profile_data)) + + if state == "present": + return fos.set('spamfilter', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('spamfilter', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_spamfilter(data, fos): + + if data['spamfilter_profile']: + resp = spamfilter_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('spamfilter_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "spamfilter_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "external": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "flow_based": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gmail": {"required": False, "type": "dict", + "options": { + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "imap": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "tag"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tag_msg": {"required": False, "type": "str"}, + "tag_type": {"required": False, "type": "list", + "choices": ["subject", + "header", + "spaminfo"]} + }}, + "mapi": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "discard"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "msn_hotmail": {"required": False, "type": "dict", + "options": { + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "name": {"required": True, "type": "str"}, + "options": {"required": False, "type": "list", + "choices": ["bannedword", + "spambwl", + "spamfsip", + "spamfssubmit", + "spamfschksum", + "spamfsurl", + "spamhelodns", + "spamraddrdns", + "spamrbl", + "spamhdrcheck", + "spamfsphish"]}, + "pop3": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "tag"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tag_msg": {"required": False, "type": "str"}, + "tag_type": {"required": False, "type": "list", + "choices": ["subject", + "header", + "spaminfo"]} + }}, + "replacemsg_group": {"required": False, "type": "str"}, + "smtp": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["pass", + "tag", + "discard"]}, + "hdrip": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "local_override": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tag_msg": {"required": False, "type": "str"}, + "tag_type": {"required": False, "type": "list", + "choices": ["subject", + "header", + "spaminfo"]} + }}, + "spam_bwl_table": {"required": False, "type": "int"}, + "spam_bword_table": {"required": False, "type": "int"}, + "spam_bword_threshold": {"required": False, "type": "int"}, + "spam_filtering": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "spam_iptrust_table": {"required": False, "type": "int"}, + "spam_log": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "spam_log_fortiguard_response": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "spam_mheader_table": {"required": False, "type": "int"}, + "spam_rbl_table": {"required": False, "type": "int"}, + "yahoo_mail": {"required": False, "type": "dict", + "options": { + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_spamfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ssh_filter_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ssh_filter_profile.py new file mode 100644 index 00000000..c6751b01 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_ssh_filter_profile.py @@ -0,0 +1,438 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_ssh_filter_profile +short_description: SSH filter profile in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify ssh_filter feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + ssh_filter_profile: + description: + - SSH filter profile. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + block: + description: + - SSH blocking options. + type: str + choices: + - x11 + - shell + - exec + - port-forward + - tun-forward + - sftp + - unknown + default_command_log: + description: + - Enable/disable logging unmatched shell commands. + type: str + choices: + - enable + - disable + log: + description: + - SSH logging options. + type: str + choices: + - x11 + - shell + - exec + - port-forward + - tun-forward + - sftp + - unknown + name: + description: + - SSH filter profile name. + required: true + type: str + shell_commands: + description: + - SSH command filter. + type: list + suboptions: + action: + description: + - Action to take for URL filter matches. + type: str + choices: + - block + - allow + alert: + description: + - Enable/disable alert. + type: str + choices: + - enable + - disable + id: + description: + - Id. + required: true + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + pattern: + description: + - SSH shell command pattern. + type: str + severity: + description: + - Log severity. + type: str + choices: + - low + - medium + - high + - critical + type: + description: + - Matching type. + type: str + choices: + - simple + - regex +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSH filter profile. + fortios_ssh_filter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + ssh_filter_profile: + block: "x11" + default_command_log: "enable" + log: "x11" + name: "default_name_6" + shell_commands: + - + action: "block" + alert: "enable" + id: "10" + log: "enable" + pattern: "" + severity: "low" + type: "simple" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_ssh_filter_profile_data(json): + option_list = ['block', 'default_command_log', 'log', + 'name', 'shell_commands'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def ssh_filter_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['ssh_filter_profile'] and data['ssh_filter_profile']['state']: + state = data['ssh_filter_profile']['state'] + else: + state = True + ssh_filter_profile_data = data['ssh_filter_profile'] + filtered_data = underscore_to_hyphen(filter_ssh_filter_profile_data(ssh_filter_profile_data)) + + if state == "present": + return fos.set('ssh-filter', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('ssh-filter', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_ssh_filter(data, fos): + + if data['ssh_filter_profile']: + resp = ssh_filter_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('ssh_filter_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ssh_filter_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "block": {"required": False, "type": "str", + "choices": ["x11", + "shell", + "exec", + "port-forward", + "tun-forward", + "sftp", + "unknown"]}, + "default_command_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log": {"required": False, "type": "str", + "choices": ["x11", + "shell", + "exec", + "port-forward", + "tun-forward", + "sftp", + "unknown"]}, + "name": {"required": True, "type": "str"}, + "shell_commands": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["block", + "allow"]}, + "alert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pattern": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["low", + "medium", + "high", + "critical"]}, + "type": {"required": False, "type": "str", + "choices": ["simple", + "regex"]} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_ssh_filter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_802_1x_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_802_1x_settings.py new file mode 100644 index 00000000..2a6aa6d9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_802_1x_settings.py @@ -0,0 +1,275 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_802_1x_settings +short_description: Configure global 802.1X settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and 802_1x_settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_802_1x_settings: + description: + - Configure global 802.1X settings. + default: null + type: dict + suboptions: + link_down_auth: + description: + - Interface-reauthentication state to set if a link is down. + type: str + choices: + - set-unauth + - no-action + max_reauth_attempt: + description: + - Maximum number of authentication attempts (0 - 15). + type: int + reauth_period: + description: + - Period of time to allow for reauthentication (1 - 1440 sec). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global 802.1X settings. + fortios_switch_controller_802_1x_settings: + vdom: "{{ vdom }}" + switch_controller_802_1x_settings: + link_down_auth: "set-unauth" + max_reauth_attempt: "4" + reauth_period: "5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_802_1x_settings_data(json): + option_list = ['link_down_auth', 'max_reauth_attempt', 'reauth_period'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_802_1x_settings(data, fos): + vdom = data['vdom'] + switch_controller_802_1x_settings_data = data['switch_controller_802_1x_settings'] + filtered_data = underscore_to_hyphen(filter_switch_controller_802_1x_settings_data(switch_controller_802_1x_settings_data)) + + return fos.set('switch-controller', + '802-1X-settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_802_1x_settings']: + resp = switch_controller_802_1x_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_802_1x_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_802_1x_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "link_down_auth": {"required": False, "type": "str", + "choices": ["set-unauth", + "no-action"]}, + "max_reauth_attempt": {"required": False, "type": "int"}, + "reauth_period": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_custom_command.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_custom_command.py new file mode 100644 index 00000000..11ba8cca --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_custom_command.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_custom_command +short_description: Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and custom_command category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_custom_command: + description: + - Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices. + default: null + type: dict + suboptions: + command: + description: + - 'String of commands to send to FortiSwitch devices (For example (%0a = return key): config switch trunk %0a edit myTrunk %0a set members + port1 port2 %0a end %0a).' + type: str + command_name: + description: + - Command name called by the FortiGate switch controller in the execute command. + type: str + description: + description: + - Description. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices. + fortios_switch_controller_custom_command: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_custom_command: + command: "" + command_name: "" + description: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_custom_command_data(json): + option_list = ['command', 'command_name', 'description'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_custom_command(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_custom_command_data = data['switch_controller_custom_command'] + filtered_data = underscore_to_hyphen(filter_switch_controller_custom_command_data(switch_controller_custom_command_data)) + + if state == "present": + return fos.set('switch-controller', + 'custom-command', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'custom-command', + mkey=filtered_data['command-name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_custom_command']: + resp = switch_controller_custom_command(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_custom_command')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'command-name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_custom_command": { + "required": False, "type": "dict", "default": None, + "options": { + "command": {"required": False, "type": "str"}, + "command_name": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_global.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_global.py new file mode 100644 index 00000000..e5b1bd42 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_global.py @@ -0,0 +1,310 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_global +short_description: Configure FortiSwitch global settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and global category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_global: + description: + - Configure FortiSwitch global settings. + default: null + type: dict + suboptions: + allow_multiple_interfaces: + description: + - Enable/disable multiple FortiLink interfaces for redundant connections between a managed FortiSwitch and FortiGate. + type: str + choices: + - enable + - disable + default_virtual_switch_vlan: + description: + - Default VLAN for ports when added to the virtual-switch. Source system.interface.name. + type: str + disable_discovery: + description: + - Prevent this FortiSwitch from discovering. + type: list + suboptions: + name: + description: + - Managed device ID. + required: true + type: str + https_image_push: + description: + - Enable/disable image push to FortiSwitch using HTTPS. + type: str + choices: + - enable + - disable + mac_aging_interval: + description: + - Time after which an inactive MAC is aged out (10 - 1000000 sec). + type: int + mac_retention_period: + description: + - Time in hours after which an inactive MAC is removed from client DB. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch global settings. + fortios_switch_controller_global: + vdom: "{{ vdom }}" + switch_controller_global: + allow_multiple_interfaces: "enable" + default_virtual_switch_vlan: " (source system.interface.name)" + disable_discovery: + - + name: "default_name_6" + https_image_push: "enable" + mac_aging_interval: "8" + mac_retention_period: "9" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_global_data(json): + option_list = ['allow_multiple_interfaces', 'default_virtual_switch_vlan', 'disable_discovery', + 'https_image_push', 'mac_aging_interval', 'mac_retention_period'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_global(data, fos): + vdom = data['vdom'] + switch_controller_global_data = data['switch_controller_global'] + filtered_data = underscore_to_hyphen(filter_switch_controller_global_data(switch_controller_global_data)) + + return fos.set('switch-controller', + 'global', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_global']: + resp = switch_controller_global(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_global')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_global": { + "required": False, "type": "dict", "default": None, + "options": { + "allow_multiple_interfaces": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_virtual_switch_vlan": {"required": False, "type": "str"}, + "disable_discovery": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "https_image_push": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mac_aging_interval": {"required": False, "type": "int"}, + "mac_retention_period": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_igmp_snooping.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_igmp_snooping.py new file mode 100644 index 00000000..45ee43aa --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_igmp_snooping.py @@ -0,0 +1,269 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_igmp_snooping +short_description: Configure FortiSwitch IGMP snooping global settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and igmp_snooping category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_igmp_snooping: + description: + - Configure FortiSwitch IGMP snooping global settings. + default: null + type: dict + suboptions: + aging_time: + description: + - Maximum number of seconds to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). + type: int + flood_unknown_multicast: + description: + - Enable/disable unknown multicast flooding. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch IGMP snooping global settings. + fortios_switch_controller_igmp_snooping: + vdom: "{{ vdom }}" + switch_controller_igmp_snooping: + aging_time: "3" + flood_unknown_multicast: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_igmp_snooping_data(json): + option_list = ['aging_time', 'flood_unknown_multicast'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_igmp_snooping(data, fos): + vdom = data['vdom'] + switch_controller_igmp_snooping_data = data['switch_controller_igmp_snooping'] + filtered_data = underscore_to_hyphen(filter_switch_controller_igmp_snooping_data(switch_controller_igmp_snooping_data)) + + return fos.set('switch-controller', + 'igmp-snooping', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_igmp_snooping']: + resp = switch_controller_igmp_snooping(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_igmp_snooping')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_igmp_snooping": { + "required": False, "type": "dict", "default": None, + "options": { + "aging_time": {"required": False, "type": "int"}, + "flood_unknown_multicast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_profile.py new file mode 100644 index 00000000..5010c76b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_profile.py @@ -0,0 +1,469 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_lldp_profile +short_description: Configure FortiSwitch LLDP profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and lldp_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + switch_controller_lldp_profile: + description: + - Configure FortiSwitch LLDP profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + tlvs_802dot1: + description: + - Transmitted IEEE 802.1 TLVs. + type: str + choices: + - port-vlan-id + tlvs_802dot3: + description: + - Transmitted IEEE 802.3 TLVs. + type: str + choices: + - max-frame-size + auto_isl: + description: + - Enable/disable auto inter-switch LAG. + type: str + choices: + - disable + - enable + auto_isl_hello_timer: + description: + - Auto inter-switch LAG hello timer duration (1 - 30 sec). + type: int + auto_isl_port_group: + description: + - Auto inter-switch LAG port group ID (0 - 9). + type: int + auto_isl_receive_timeout: + description: + - Auto inter-switch LAG timeout if no response is received (3 - 90 sec). + type: int + custom_tlvs: + description: + - Configuration method to edit custom TLV entries. + type: list + suboptions: + information_string: + description: + - Organizationally defined information string (0 - 507 hexadecimal bytes). + type: str + name: + description: + - TLV name (not sent). + required: true + type: str + oui: + description: + - Organizationally unique identifier (OUI), a 3-byte hexadecimal number, for this TLV. + type: str + subtype: + description: + - Organizationally defined subtype (0 - 255). + type: int + med_network_policy: + description: + - Configuration method to edit Media Endpoint Discovery (MED) network policy type-length-value (TLV) categories. + type: list + suboptions: + dscp: + description: + - Advertised Differentiated Services Code Point (DSCP) value, a packet header value indicating the level of service requested for + traffic, such as high priority or best effort delivery. + type: int + name: + description: + - Policy type name. + required: true + type: str + priority: + description: + - Advertised Layer 2 priority (0 - 7; from lowest to highest priority). + type: int + status: + description: + - Enable or disable this TLV. + type: str + choices: + - disable + - enable + vlan: + description: + - ID of VLAN to advertise, if configured on port (0 - 4094, 0 = priority tag). + type: int + med_tlvs: + description: + - 'Transmitted LLDP-MED TLVs (type-length-value descriptions): inventory management TLV and/or network policy TLV.' + type: str + choices: + - inventory-management + - network-policy + name: + description: + - Profile name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch LLDP profiles. + fortios_switch_controller_lldp_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_lldp_profile: + tlvs_802dot1: "port-vlan-id" + tlvs_802dot3: "max-frame-size" + auto_isl: "disable" + auto_isl_hello_timer: "6" + auto_isl_port_group: "7" + auto_isl_receive_timeout: "8" + custom_tlvs: + - + information_string: "" + name: "default_name_11" + oui: "" + subtype: "13" + med_network_policy: + - + dscp: "15" + name: "default_name_16" + priority: "17" + status: "disable" + vlan: "19" + med_tlvs: "inventory-management" + name: "default_name_21" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_lldp_profile_data(json): + option_list = ['tlvs_802dot1', 'tlvs_802dot3', 'auto_isl', + 'auto_isl_hello_timer', 'auto_isl_port_group', 'auto_isl_receive_timeout', + 'custom_tlvs', 'med_network_policy', 'med_tlvs', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def valid_attr_to_invalid_attr(data): + specillist = {"802.1_tlvs": "tlvs_802dot1", "802.3_tlvs": "tlvs_802dot3"} + + for k, v in specillist.items(): + if v == data: + return k + + return data + + +def valid_attr_to_invalid_attrs(data): + if isinstance(data, list): + for elem in data: + elem = valid_attr_to_invalid_attrs(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[valid_attr_to_invalid_attr(k)] = valid_attr_to_invalid_attrs(v) + data = new_data + + return data + + +def switch_controller_lldp_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['switch_controller_lldp_profile'] and data['switch_controller_lldp_profile']['state']: + state = data['switch_controller_lldp_profile']['state'] + else: + state = True + switch_controller_lldp_profile_data = data['switch_controller_lldp_profile'] + filtered_data = underscore_to_hyphen(filter_switch_controller_lldp_profile_data(switch_controller_lldp_profile_data)) + converted_data = valid_attr_to_invalid_attrs(filtered_data) + + if state == "present": + return fos.set('switch-controller', + 'lldp-profile', + data=converted_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'lldp-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_lldp_profile']: + resp = switch_controller_lldp_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_lldp_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_lldp_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "tlvs_802dot1": {"required": False, "type": "str", + "choices": ["port-vlan-id"]}, + "tlvs_802dot3": {"required": False, "type": "str", + "choices": ["max-frame-size"]}, + "auto_isl": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "auto_isl_hello_timer": {"required": False, "type": "int"}, + "auto_isl_port_group": {"required": False, "type": "int"}, + "auto_isl_receive_timeout": {"required": False, "type": "int"}, + "custom_tlvs": {"required": False, "type": "list", + "options": { + "information_string": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "oui": {"required": False, "type": "str"}, + "subtype": {"required": False, "type": "int"} + }}, + "med_network_policy": {"required": False, "type": "list", + "options": { + "dscp": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "priority": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "vlan": {"required": False, "type": "int"} + }}, + "med_tlvs": {"required": False, "type": "str", + "choices": ["inventory-management", + "network-policy"]}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_settings.py new file mode 100644 index 00000000..6637917a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_lldp_settings.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_lldp_settings +short_description: Configure FortiSwitch LLDP settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and lldp_settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_lldp_settings: + description: + - Configure FortiSwitch LLDP settings. + default: null + type: dict + suboptions: + fast_start_interval: + description: + - Frequency of LLDP PDU transmission from FortiSwitch for the first 4 packets when the link is up (2 - 5 sec). + type: int + management_interface: + description: + - Primary management interface to be advertised in LLDP and CDP PDUs. + type: str + choices: + - internal + - mgmt + status: + description: + - Enable/disable LLDP global settings. + type: str + choices: + - enable + - disable + tx_hold: + description: + - Number of tx-intervals before local LLDP data expires (1 - 16). Packet TTL is tx-hold * tx-interval. + type: int + tx_interval: + description: + - Frequency of LLDP PDU transmission from FortiSwitch (5 - 4095 sec). Packet TTL is tx-hold * tx-interval. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch LLDP settings. + fortios_switch_controller_lldp_settings: + vdom: "{{ vdom }}" + switch_controller_lldp_settings: + fast_start_interval: "3" + management_interface: "internal" + status: "enable" + tx_hold: "6" + tx_interval: "7" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_lldp_settings_data(json): + option_list = ['fast_start_interval', 'management_interface', 'status', + 'tx_hold', 'tx_interval'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_lldp_settings(data, fos): + vdom = data['vdom'] + switch_controller_lldp_settings_data = data['switch_controller_lldp_settings'] + filtered_data = underscore_to_hyphen(filter_switch_controller_lldp_settings_data(switch_controller_lldp_settings_data)) + + return fos.set('switch-controller', + 'lldp-settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_lldp_settings']: + resp = switch_controller_lldp_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_lldp_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_lldp_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "fast_start_interval": {"required": False, "type": "int"}, + "management_interface": {"required": False, "type": "str", + "choices": ["internal", + "mgmt"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tx_hold": {"required": False, "type": "int"}, + "tx_interval": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_mac_sync_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_mac_sync_settings.py new file mode 100644 index 00000000..c4707a66 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_mac_sync_settings.py @@ -0,0 +1,258 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_mac_sync_settings +short_description: Configure global MAC synchronization settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and mac_sync_settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_mac_sync_settings: + description: + - Configure global MAC synchronization settings. + default: null + type: dict + suboptions: + mac_sync_interval: + description: + - Time interval between MAC synchronizations (30 - 1800 sec). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global MAC synchronization settings. + fortios_switch_controller_mac_sync_settings: + vdom: "{{ vdom }}" + switch_controller_mac_sync_settings: + mac_sync_interval: "3" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_mac_sync_settings_data(json): + option_list = ['mac_sync_interval'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_mac_sync_settings(data, fos): + vdom = data['vdom'] + switch_controller_mac_sync_settings_data = data['switch_controller_mac_sync_settings'] + filtered_data = underscore_to_hyphen(filter_switch_controller_mac_sync_settings_data(switch_controller_mac_sync_settings_data)) + + return fos.set('switch-controller', + 'mac-sync-settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_mac_sync_settings']: + resp = switch_controller_mac_sync_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_mac_sync_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_mac_sync_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "mac_sync_interval": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_managed_switch.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_managed_switch.py new file mode 100644 index 00000000..e87d5740 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_managed_switch.py @@ -0,0 +1,1482 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_managed_switch +short_description: Configure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and managed_switch category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + switch_controller_managed_switch: + description: + - Configure FortiSwitch devices that are managed by this FortiGate. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + settings_802_1X: + description: + - Configuration method to edit FortiSwitch 802.1X global settings. + type: dict + suboptions: + link_down_auth: + description: + - Authentication state to set if a link is down. + type: str + choices: + - set-unauth + - no-action + local_override: + description: + - Enable to override global 802.1X settings on individual FortiSwitches. + type: str + choices: + - enable + - disable + max_reauth_attempt: + description: + - Maximum number of authentication attempts (0 - 15). + type: int + reauth_period: + description: + - Reauthentication time interval (1 - 1440 min). + type: int + connected: + description: + - CAPWAP connection. + type: int + custom_command: + description: + - Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller + or the FortiSwitch. + type: list + suboptions: + command_entry: + description: + - List of FortiSwitch commands. + type: str + command_name: + description: + - Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source + switch-controller.custom-command.command-name. + type: str + delayed_restart_trigger: + description: + - Delayed restart triggered for this FortiSwitch. + type: int + description: + description: + - Description. + type: str + directly_connected: + description: + - Directly connected FortiSwitch. + type: int + dynamic_capability: + description: + - List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration + initiated by the FortiGate device. + type: int + dynamically_discovered: + description: + - Dynamically discovered FortiSwitch. + type: int + fsw_wan1_admin: + description: + - FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. + type: str + choices: + - discovered + - disable + - enable + fsw_wan1_peer: + description: + - Fortiswitch WAN1 peer port. + type: str + fsw_wan2_admin: + description: + - FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. + type: str + choices: + - discovered + - disable + - enable + fsw_wan2_peer: + description: + - FortiSwitch WAN2 peer port. + type: str + igmp_snooping: + description: + - Configure FortiSwitch IGMP snooping global settings. + type: dict + suboptions: + aging_time: + description: + - Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). + type: int + flood_unknown_multicast: + description: + - Enable/disable unknown multicast flooding. + type: str + choices: + - enable + - disable + local_override: + description: + - Enable/disable overriding the global IGMP snooping configuration. + type: str + choices: + - enable + - disable + max_allowed_trunk_members: + description: + - FortiSwitch maximum allowed trunk members. + type: int + mirror: + description: + - Configuration method to edit FortiSwitch packet mirror. + type: list + suboptions: + dst: + description: + - Destination port. + type: str + name: + description: + - Mirror name. + required: true + type: str + src_egress: + description: + - Source egress interfaces. + type: list + suboptions: + name: + description: + - Interface name. + required: true + type: str + src_ingress: + description: + - Source ingress interfaces. + type: list + suboptions: + name: + description: + - Interface name. + required: true + type: str + status: + description: + - Active/inactive mirror configuration. + type: str + choices: + - active + - inactive + switching_packet: + description: + - Enable/disable switching functionality when mirroring. + type: str + choices: + - enable + - disable + name: + description: + - Managed-switch name. + type: str + owner_vdom: + description: + - VDOM which owner of port belongs to. + type: str + poe_pre_standard_detection: + description: + - Enable/disable PoE pre-standard detection. + type: str + choices: + - enable + - disable + ports: + description: + - Managed-switch port list. + type: list + suboptions: + allowed_vlans: + description: + - Configure switch port tagged vlans + type: list + suboptions: + vlan_name: + description: + - VLAN name. Source system.interface.name. + type: str + allowed_vlans_all: + description: + - Enable/disable all defined vlans on this port. + type: str + choices: + - enable + - disable + arp_inspection_trust: + description: + - Trusted or untrusted dynamic ARP inspection. + type: str + choices: + - untrusted + - trusted + bundle: + description: + - Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. + type: str + choices: + - enable + - disable + description: + description: + - Description for port. + type: str + dhcp_snoop_option82_trust: + description: + - Enable/disable allowance of DHCP with option-82 on untrusted interface. + type: str + choices: + - enable + - disable + dhcp_snooping: + description: + - Trusted or untrusted DHCP-snooping interface. + type: str + choices: + - untrusted + - trusted + discard_mode: + description: + - Configure discard mode for port. + type: str + choices: + - none + - all-untagged + - all-tagged + edge_port: + description: + - Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. + type: str + choices: + - enable + - disable + export_tags: + description: + - Switch controller export tag name. + type: list + suboptions: + tag_name: + description: + - Switch tag name. Source switch-controller.switch-interface-tag.name. + type: str + export_to: + description: + - Export managed-switch port to a tenant VDOM. Source system.vdom.name. + type: str + export_to_pool: + description: + - Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. + type: str + export_to_pool_flag: + description: + - Switch controller export port to pool-list. + type: int + fgt_peer_device_name: + description: + - FGT peer device name. + type: str + fgt_peer_port_name: + description: + - FGT peer port name. + type: str + fiber_port: + description: + - Fiber-port. + type: int + flags: + description: + - Port properties flags. + type: int + fortilink_port: + description: + - FortiLink uplink port. + type: int + igmp_snooping: + description: + - Set IGMP snooping mode for the physical port interface. + type: str + choices: + - enable + - disable + igmps_flood_reports: + description: + - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. + type: str + choices: + - enable + - disable + igmps_flood_traffic: + description: + - Enable/disable flooding of IGMP snooping traffic to this interface. + type: str + choices: + - enable + - disable + isl_local_trunk_name: + description: + - ISL local trunk name. + type: str + isl_peer_device_name: + description: + - ISL peer device name. + type: str + isl_peer_port_name: + description: + - ISL peer port name. + type: str + lacp_speed: + description: + - end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). + type: str + choices: + - slow + - fast + learning_limit: + description: + - Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). + type: int + lldp_profile: + description: + - LLDP port TLV profile. Source switch-controller.lldp-profile.name. + type: str + lldp_status: + description: + - LLDP transmit and receive status. + type: str + choices: + - disable + - rx-only + - tx-only + - tx-rx + loop_guard: + description: + - Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. + type: str + choices: + - enabled + - disabled + loop_guard_timeout: + description: + - Loop-guard timeout (0 - 120 min). + type: int + max_bundle: + description: + - Maximum size of LAG bundle (1 - 24) + type: int + mclag: + description: + - Enable/disable multi-chassis link aggregation (MCLAG). + type: str + choices: + - enable + - disable + member_withdrawal_behavior: + description: + - Port behavior after it withdraws because of loss of control packets. + type: str + choices: + - forward + - block + members: + description: + - Aggregated LAG bundle interfaces. + type: list + suboptions: + member_name: + description: + - Interface name from available options. + type: str + min_bundle: + description: + - Minimum size of LAG bundle (1 - 24) + type: int + mode: + description: + - 'LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively.' + type: str + choices: + - static + - lacp-passive + - lacp-active + poe_capable: + description: + - PoE capable. + type: int + poe_pre_standard_detection: + description: + - Enable/disable PoE pre-standard detection. + type: str + choices: + - enable + - disable + poe_status: + description: + - Enable/disable PoE status. + type: str + choices: + - enable + - disable + port_name: + description: + - Switch port name. + type: str + port_number: + description: + - Port number. + type: int + port_owner: + description: + - Switch port name. + type: str + port_prefix_type: + description: + - Port prefix type. + type: int + port_security_policy: + description: + - Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller + .security-policy.802-1X.name switch-controller.security-policy.captive-portal.name. + type: str + port_selection_criteria: + description: + - Algorithm for aggregate port selection. + type: str + choices: + - src-mac + - dst-mac + - src-dst-mac + - src-ip + - dst-ip + - src-dst-ip + qos_policy: + description: + - Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. + type: str + sample_direction: + description: + - sFlow sample direction. + type: str + choices: + - tx + - rx + - both + sflow_counter_interval: + description: + - sFlow sampler counter polling interval (1 - 255 sec). + type: int + sflow_sample_rate: + description: + - sFlow sampler sample rate (0 - 99999 p/sec). + type: int + sflow_sampler: + description: + - Enable/disable sFlow protocol on this interface. + type: str + choices: + - enabled + - disabled + speed: + description: + - Switch port speed; default and available settings depend on hardware. + type: str + choices: + - 10half + - 10full + - 100half + - 100full + - 1000auto + - 1000fiber + - 1000full + - 10000 + - 40000 + - auto + - auto-module + - 100FX-half + - 100FX-full + - 100000full + - 2500full + - 25000full + - 50000full + speed_mask: + description: + - Switch port speed mask. + type: int + stacking_port: + description: + - Stacking port. + type: int + status: + description: + - 'Switch port admin status: up or down.' + type: str + choices: + - up + - down + stp_bpdu_guard: + description: + - Enable/disable STP BPDU guard on this interface. + type: str + choices: + - enabled + - disabled + stp_bpdu_guard_timeout: + description: + - BPDU Guard disabling protection (0 - 120 min). + type: int + stp_root_guard: + description: + - Enable/disable STP root guard on this interface. + type: str + choices: + - enabled + - disabled + stp_state: + description: + - Enable/disable Spanning Tree Protocol (STP) on this interface. + type: str + choices: + - enabled + - disabled + switch_id: + description: + - Switch id. + type: str + type: + description: + - 'Interface type: physical or trunk port.' + type: str + choices: + - physical + - trunk + untagged_vlans: + description: + - Configure switch port untagged vlans + type: list + suboptions: + vlan_name: + description: + - VLAN name. Source system.interface.name. + type: str + virtual_port: + description: + - Virtualized switch port. + type: int + vlan: + description: + - Assign switch ports to a VLAN. Source system.interface.name. + type: str + pre_provisioned: + description: + - Pre-provisioned managed switch. + type: int + staged_image_version: + description: + - Staged image version for FortiSwitch. + type: str + storm_control: + description: + - Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. + type: dict + suboptions: + broadcast: + description: + - Enable/disable storm control to drop broadcast traffic. + type: str + choices: + - enable + - disable + local_override: + description: + - Enable to override global FortiSwitch storm control settings for this FortiSwitch. + type: str + choices: + - enable + - disable + rate: + description: + - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates + beyond this threshold. + type: int + unknown_multicast: + description: + - Enable/disable storm control to drop unknown multicast traffic. + type: str + choices: + - enable + - disable + unknown_unicast: + description: + - Enable/disable storm control to drop unknown unicast traffic. + type: str + choices: + - enable + - disable + stp_settings: + description: + - Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. + type: dict + suboptions: + forward_time: + description: + - Period of time a port is in listening and learning state (4 - 30 sec). + type: int + hello_time: + description: + - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). + type: int + local_override: + description: + - Enable to configure local STP settings that override global STP settings. + type: str + choices: + - enable + - disable + max_age: + description: + - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). + type: int + max_hops: + description: + - Maximum number of hops between the root bridge and the furthest bridge (1- 40). + type: int + name: + description: + - Name of local STP settings configuration. + type: str + pending_timer: + description: + - Pending time (1 - 15 sec). + type: int + revision: + description: + - STP revision number (0 - 65535). + type: int + status: + description: + - Enable/disable STP. + type: str + choices: + - enable + - disable + switch_device_tag: + description: + - User definable label/tag. + type: str + switch_id: + description: + - Managed-switch id. + type: str + switch_log: + description: + - Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). + type: dict + suboptions: + local_override: + description: + - Enable to configure local logging settings that override global logging settings. + type: str + choices: + - enable + - disable + severity: + description: + - Severity of FortiSwitch logs that are added to the FortiGate event log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + status: + description: + - Enable/disable adding FortiSwitch logs to the FortiGate event log. + type: str + choices: + - enable + - disable + switch_profile: + description: + - FortiSwitch profile. Source switch-controller.switch-profile.name. + type: str + switch_stp_settings: + description: + - Configure spanning tree protocol (STP). + type: dict + suboptions: + status: + description: + - Enable/disable STP. + type: str + choices: + - enable + - disable + type: + description: + - Indication of switch type, physical or virtual. + type: str + choices: + - virtual + - physical + version: + description: + - FortiSwitch version. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch devices that are managed by this FortiGate. + fortios_switch_controller_managed_switch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_managed_switch: + settings_802_1X: + link_down_auth: "set-unauth" + local_override: "enable" + max_reauth_attempt: "6" + reauth_period: "7" + connected: "8" + custom_command: + - + command_entry: "" + command_name: " (source switch-controller.custom-command.command-name)" + delayed_restart_trigger: "12" + description: "" + directly_connected: "14" + dynamic_capability: "15" + dynamically_discovered: "16" + fsw_wan1_admin: "discovered" + fsw_wan1_peer: "" + fsw_wan2_admin: "discovered" + fsw_wan2_peer: "" + igmp_snooping: + aging_time: "22" + flood_unknown_multicast: "enable" + local_override: "enable" + max_allowed_trunk_members: "25" + mirror: + - + dst: "" + name: "default_name_28" + src_egress: + - + name: "default_name_30" + src_ingress: + - + name: "default_name_32" + status: "active" + switching_packet: "enable" + name: "default_name_35" + owner_vdom: "" + poe_pre_standard_detection: "enable" + ports: + - + allowed_vlans: + - + vlan_name: " (source system.interface.name)" + allowed_vlans_all: "enable" + arp_inspection_trust: "untrusted" + bundle: "enable" + description: "" + dhcp_snoop_option82_trust: "enable" + dhcp_snooping: "untrusted" + discard_mode: "none" + edge_port: "enable" + export_tags: + - + tag_name: " (source switch-controller.switch-interface-tag.name)" + export_to: " (source system.vdom.name)" + export_to_pool: " (source switch-controller.virtual-port-pool.name)" + export_to_pool_flag: "53" + fgt_peer_device_name: "" + fgt_peer_port_name: "" + fiber_port: "56" + flags: "57" + fortilink_port: "58" + igmp_snooping: "enable" + igmps_flood_reports: "enable" + igmps_flood_traffic: "enable" + isl_local_trunk_name: "" + isl_peer_device_name: "" + isl_peer_port_name: "" + lacp_speed: "slow" + learning_limit: "66" + lldp_profile: " (source switch-controller.lldp-profile.name)" + lldp_status: "disable" + loop_guard: "enabled" + loop_guard_timeout: "70" + max_bundle: "71" + mclag: "enable" + member_withdrawal_behavior: "forward" + members: + - + member_name: "" + min_bundle: "76" + mode: "static" + poe_capable: "78" + poe_pre_standard_detection: "enable" + poe_status: "enable" + port_name: "" + port_number: "82" + port_owner: "" + port_prefix_type: "84" + port_security_policy: " (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal + .name)" + port_selection_criteria: "src-mac" + qos_policy: " (source switch-controller.qos.qos-policy.name)" + sample_direction: "tx" + sflow_counter_interval: "89" + sflow_sample_rate: "90" + sflow_sampler: "enabled" + speed: "10half" + speed_mask: "93" + stacking_port: "94" + status: "up" + stp_bpdu_guard: "enabled" + stp_bpdu_guard_timeout: "97" + stp_root_guard: "enabled" + stp_state: "enabled" + switch_id: "" + type: "physical" + untagged_vlans: + - + vlan_name: " (source system.interface.name)" + virtual_port: "104" + vlan: " (source system.interface.name)" + pre_provisioned: "106" + staged_image_version: "" + storm_control: + broadcast: "enable" + local_override: "enable" + rate: "111" + unknown_multicast: "enable" + unknown_unicast: "enable" + stp_settings: + forward_time: "115" + hello_time: "116" + local_override: "enable" + max_age: "118" + max_hops: "119" + name: "default_name_120" + pending_timer: "121" + revision: "122" + status: "enable" + switch_device_tag: "" + switch_id: "" + switch_log: + local_override: "enable" + severity: "emergency" + status: "enable" + switch_profile: " (source switch-controller.switch-profile.name)" + switch_stp_settings: + status: "enable" + type: "virtual" + version: "134" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_managed_switch_data(json): + option_list = ['settings_802_1X', 'connected', 'custom_command', + 'delayed_restart_trigger', 'description', 'directly_connected', + 'dynamic_capability', 'dynamically_discovered', 'fsw_wan1_admin', + 'fsw_wan1_peer', 'fsw_wan2_admin', 'fsw_wan2_peer', + 'igmp_snooping', 'max_allowed_trunk_members', 'mirror', + 'name', 'owner_vdom', 'poe_pre_standard_detection', + 'ports', 'pre_provisioned', 'staged_image_version', + 'storm_control', 'stp_settings', 'switch_device_tag', + 'switch_id', 'switch_log', 'switch_profile', + 'switch_stp_settings', 'type', 'version'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def valid_attr_to_invalid_attr(data): + specillist = {"802_1X_settings": "settings_802_1X"} + + for k, v in specillist.items(): + if v == data: + return k + + return data + + +def valid_attr_to_invalid_attrs(data): + if isinstance(data, list): + for elem in data: + elem = valid_attr_to_invalid_attrs(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[valid_attr_to_invalid_attr(k)] = valid_attr_to_invalid_attrs(v) + data = new_data + + return data + + +def switch_controller_managed_switch(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['switch_controller_managed_switch'] and data['switch_controller_managed_switch']['state']: + state = data['switch_controller_managed_switch']['state'] + else: + state = True + switch_controller_managed_switch_data = data['switch_controller_managed_switch'] + filtered_data = underscore_to_hyphen(filter_switch_controller_managed_switch_data(switch_controller_managed_switch_data)) + converted_data = valid_attr_to_invalid_attrs(filtered_data) + + if state == "present": + return fos.set('switch-controller', + 'managed-switch', + data=converted_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'managed-switch', + mkey=filtered_data['switch-id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_managed_switch']: + resp = switch_controller_managed_switch(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_managed_switch')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'switch-id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_managed_switch": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "settings_802_1X": {"required": False, "type": "dict", + "options": { + "link_down_auth": {"required": False, "type": "str", + "choices": ["set-unauth", + "no-action"]}, + "local_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_reauth_attempt": {"required": False, "type": "int"}, + "reauth_period": {"required": False, "type": "int"} + }}, + "connected": {"required": False, "type": "int"}, + "custom_command": {"required": False, "type": "list", + "options": { + "command_entry": {"required": False, "type": "str"}, + "command_name": {"required": False, "type": "str"} + }}, + "delayed_restart_trigger": {"required": False, "type": "int"}, + "description": {"required": False, "type": "str"}, + "directly_connected": {"required": False, "type": "int"}, + "dynamic_capability": {"required": False, "type": "int"}, + "dynamically_discovered": {"required": False, "type": "int"}, + "fsw_wan1_admin": {"required": False, "type": "str", + "choices": ["discovered", + "disable", + "enable"]}, + "fsw_wan1_peer": {"required": False, "type": "str"}, + "fsw_wan2_admin": {"required": False, "type": "str", + "choices": ["discovered", + "disable", + "enable"]}, + "fsw_wan2_peer": {"required": False, "type": "str"}, + "igmp_snooping": {"required": False, "type": "dict", + "options": { + "aging_time": {"required": False, "type": "int"}, + "flood_unknown_multicast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "max_allowed_trunk_members": {"required": False, "type": "int"}, + "mirror": {"required": False, "type": "list", + "options": { + "dst": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "src_egress": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "src_ingress": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["active", + "inactive"]}, + "switching_packet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "name": {"required": False, "type": "str"}, + "owner_vdom": {"required": False, "type": "str"}, + "poe_pre_standard_detection": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ports": {"required": False, "type": "list", + "options": { + "allowed_vlans": {"required": False, "type": "list", + "options": { + "vlan_name": {"required": False, "type": "str"} + }}, + "allowed_vlans_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "arp_inspection_trust": {"required": False, "type": "str", + "choices": ["untrusted", + "trusted"]}, + "bundle": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "description": {"required": False, "type": "str"}, + "dhcp_snoop_option82_trust": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp_snooping": {"required": False, "type": "str", + "choices": ["untrusted", + "trusted"]}, + "discard_mode": {"required": False, "type": "str", + "choices": ["none", + "all-untagged", + "all-tagged"]}, + "edge_port": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "export_tags": {"required": False, "type": "list", + "options": { + "tag_name": {"required": False, "type": "str"} + }}, + "export_to": {"required": False, "type": "str"}, + "export_to_pool": {"required": False, "type": "str"}, + "export_to_pool_flag": {"required": False, "type": "int"}, + "fgt_peer_device_name": {"required": False, "type": "str"}, + "fgt_peer_port_name": {"required": False, "type": "str"}, + "fiber_port": {"required": False, "type": "int"}, + "flags": {"required": False, "type": "int"}, + "fortilink_port": {"required": False, "type": "int"}, + "igmp_snooping": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "igmps_flood_reports": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "igmps_flood_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "isl_local_trunk_name": {"required": False, "type": "str"}, + "isl_peer_device_name": {"required": False, "type": "str"}, + "isl_peer_port_name": {"required": False, "type": "str"}, + "lacp_speed": {"required": False, "type": "str", + "choices": ["slow", + "fast"]}, + "learning_limit": {"required": False, "type": "int"}, + "lldp_profile": {"required": False, "type": "str"}, + "lldp_status": {"required": False, "type": "str", + "choices": ["disable", + "rx-only", + "tx-only", + "tx-rx"]}, + "loop_guard": {"required": False, "type": "str", + "choices": ["enabled", + "disabled"]}, + "loop_guard_timeout": {"required": False, "type": "int"}, + "max_bundle": {"required": False, "type": "int"}, + "mclag": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "member_withdrawal_behavior": {"required": False, "type": "str", + "choices": ["forward", + "block"]}, + "members": {"required": False, "type": "list", + "options": { + "member_name": {"required": False, "type": "str"} + }}, + "min_bundle": {"required": False, "type": "int"}, + "mode": {"required": False, "type": "str", + "choices": ["static", + "lacp-passive", + "lacp-active"]}, + "poe_capable": {"required": False, "type": "int"}, + "poe_pre_standard_detection": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "poe_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port_name": {"required": False, "type": "str"}, + "port_number": {"required": False, "type": "int"}, + "port_owner": {"required": False, "type": "str"}, + "port_prefix_type": {"required": False, "type": "int"}, + "port_security_policy": {"required": False, "type": "str"}, + "port_selection_criteria": {"required": False, "type": "str", + "choices": ["src-mac", + "dst-mac", + "src-dst-mac", + "src-ip", + "dst-ip", + "src-dst-ip"]}, + "qos_policy": {"required": False, "type": "str"}, + "sample_direction": {"required": False, "type": "str", + "choices": ["tx", + "rx", + "both"]}, + "sflow_counter_interval": {"required": False, "type": "int"}, + "sflow_sample_rate": {"required": False, "type": "int"}, + "sflow_sampler": {"required": False, "type": "str", + "choices": ["enabled", + "disabled"]}, + "speed": {"required": False, "type": "str", + "choices": ["10half", + "10full", + "100half", + "100full", + "1000auto", + "1000fiber", + "1000full", + "10000", + "40000", + "auto", + "auto-module", + "100FX-half", + "100FX-full", + "100000full", + "2500full", + "25000full", + "50000full"]}, + "speed_mask": {"required": False, "type": "int"}, + "stacking_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["up", + "down"]}, + "stp_bpdu_guard": {"required": False, "type": "str", + "choices": ["enabled", + "disabled"]}, + "stp_bpdu_guard_timeout": {"required": False, "type": "int"}, + "stp_root_guard": {"required": False, "type": "str", + "choices": ["enabled", + "disabled"]}, + "stp_state": {"required": False, "type": "str", + "choices": ["enabled", + "disabled"]}, + "switch_id": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["physical", + "trunk"]}, + "untagged_vlans": {"required": False, "type": "list", + "options": { + "vlan_name": {"required": False, "type": "str"} + }}, + "virtual_port": {"required": False, "type": "int"}, + "vlan": {"required": False, "type": "str"} + }}, + "pre_provisioned": {"required": False, "type": "int"}, + "staged_image_version": {"required": False, "type": "str"}, + "storm_control": {"required": False, "type": "dict", + "options": { + "broadcast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rate": {"required": False, "type": "int"}, + "unknown_multicast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unknown_unicast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "stp_settings": {"required": False, "type": "dict", + "options": { + "forward_time": {"required": False, "type": "int"}, + "hello_time": {"required": False, "type": "int"}, + "local_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_age": {"required": False, "type": "int"}, + "max_hops": {"required": False, "type": "int"}, + "name": {"required": False, "type": "str"}, + "pending_timer": {"required": False, "type": "int"}, + "revision": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "switch_device_tag": {"required": False, "type": "str"}, + "switch_id": {"required": False, "type": "str"}, + "switch_log": {"required": False, "type": "dict", + "options": { + "local_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "switch_profile": {"required": False, "type": "str"}, + "switch_stp_settings": {"required": False, "type": "dict", + "options": { + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "type": {"required": False, "type": "str", + "choices": ["virtual", + "physical"]}, + "version": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_network_monitor_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_network_monitor_settings.py new file mode 100644 index 00000000..b1f0d1e5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_network_monitor_settings.py @@ -0,0 +1,263 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_network_monitor_settings +short_description: Configure network monitor settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and network_monitor_settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_network_monitor_settings: + description: + - Configure network monitor settings. + default: null + type: dict + suboptions: + network_monitoring: + description: + - Enable/disable passive gathering of information by FortiSwitch units concerning other network devices. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network monitor settings. + fortios_switch_controller_network_monitor_settings: + vdom: "{{ vdom }}" + switch_controller_network_monitor_settings: + network_monitoring: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_network_monitor_settings_data(json): + option_list = ['network_monitoring'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_network_monitor_settings(data, fos): + vdom = data['vdom'] + switch_controller_network_monitor_settings_data = data['switch_controller_network_monitor_settings'] + filtered_data = underscore_to_hyphen(filter_switch_controller_network_monitor_settings_data(switch_controller_network_monitor_settings_data)) + + return fos.set('switch-controller', + 'network-monitor-settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_network_monitor_settings']: + resp = switch_controller_network_monitor_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_network_monitor_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_network_monitor_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "network_monitoring": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_dot1p_map.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_dot1p_map.py new file mode 100644 index 00000000..c31dfb22 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_dot1p_map.py @@ -0,0 +1,474 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_qos_dot1p_map +short_description: Configure FortiSwitch QoS 802.1p in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller_qos feature and dot1p_map category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_qos_dot1p_map: + description: + - Configure FortiSwitch QoS 802.1p. + default: null + type: dict + suboptions: + description: + description: + - Description of the 802.1p name. + type: str + name: + description: + - Dot1p map name. + required: true + type: str + priority_0: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 + priority_1: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 + priority_2: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 + priority_3: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 + priority_4: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 + priority_5: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 + priority_6: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 + priority_7: + description: + - COS queue mapped to dot1p priority number. + type: str + choices: + - queue-0 + - queue-1 + - queue-2 + - queue-3 + - queue-4 + - queue-5 + - queue-6 + - queue-7 +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS 802.1p. + fortios_switch_controller_qos_dot1p_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_dot1p_map: + description: "" + name: "default_name_4" + priority_0: "queue-0" + priority_1: "queue-0" + priority_2: "queue-0" + priority_3: "queue-0" + priority_4: "queue-0" + priority_5: "queue-0" + priority_6: "queue-0" + priority_7: "queue-0" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_qos_dot1p_map_data(json): + option_list = ['description', 'name', 'priority_0', + 'priority_1', 'priority_2', 'priority_3', + 'priority_4', 'priority_5', 'priority_6', + 'priority_7'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_qos_dot1p_map(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_qos_dot1p_map_data = data['switch_controller_qos_dot1p_map'] + filtered_data = underscore_to_hyphen(filter_switch_controller_qos_dot1p_map_data(switch_controller_qos_dot1p_map_data)) + + if state == "present": + return fos.set('switch-controller.qos', + 'dot1p-map', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller.qos', + 'dot1p-map', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller_qos(data, fos): + + if data['switch_controller_qos_dot1p_map']: + resp = switch_controller_qos_dot1p_map(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_qos_dot1p_map')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_qos_dot1p_map": { + "required": False, "type": "dict", "default": None, + "options": { + "description": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "priority_0": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]}, + "priority_1": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]}, + "priority_2": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]}, + "priority_3": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]}, + "priority_4": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]}, + "priority_5": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]}, + "priority_6": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]}, + "priority_7": {"required": False, "type": "str", + "choices": ["queue-0", + "queue-1", + "queue-2", + "queue-3", + "queue-4", + "queue-5", + "queue-6", + "queue-7"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_ip_dscp_map.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_ip_dscp_map.py new file mode 100644 index 00000000..fe953ce7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_ip_dscp_map.py @@ -0,0 +1,388 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_qos_ip_dscp_map +short_description: Configure FortiSwitch QoS IP precedence/DSCP in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller_qos feature and ip_dscp_map category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_qos_ip_dscp_map: + description: + - Configure FortiSwitch QoS IP precedence/DSCP. + default: null + type: dict + suboptions: + description: + description: + - Description of the ip-dscp map name. + type: str + map: + description: + - Maps between IP-DSCP value to COS queue. + type: list + suboptions: + cos_queue: + description: + - COS queue number. + type: int + diffserv: + description: + - Differentiated service. + type: str + choices: + - CS0 + - CS1 + - AF11 + - AF12 + - AF13 + - CS2 + - AF21 + - AF22 + - AF23 + - CS3 + - AF31 + - AF32 + - AF33 + - CS4 + - AF41 + - AF42 + - AF43 + - CS5 + - EF + - CS6 + - CS7 + ip_precedence: + description: + - IP Precedence. + type: str + choices: + - network-control + - internetwork-control + - critic-ecp + - flashoverride + - flash + - immediate + - priority + - routine + name: + description: + - Dscp mapping entry name. + required: true + type: str + value: + description: + - Raw values of DSCP (0 - 63). + type: str + name: + description: + - Dscp map name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS IP precedence/DSCP. + fortios_switch_controller_qos_ip_dscp_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_ip_dscp_map: + description: "" + map: + - + cos_queue: "5" + diffserv: "CS0" + ip_precedence: "network-control" + name: "default_name_8" + value: "" + name: "default_name_10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_qos_ip_dscp_map_data(json): + option_list = ['description', 'map', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_qos_ip_dscp_map(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_qos_ip_dscp_map_data = data['switch_controller_qos_ip_dscp_map'] + filtered_data = underscore_to_hyphen(filter_switch_controller_qos_ip_dscp_map_data(switch_controller_qos_ip_dscp_map_data)) + + if state == "present": + return fos.set('switch-controller.qos', + 'ip-dscp-map', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller.qos', + 'ip-dscp-map', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller_qos(data, fos): + + if data['switch_controller_qos_ip_dscp_map']: + resp = switch_controller_qos_ip_dscp_map(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_qos_ip_dscp_map')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_qos_ip_dscp_map": { + "required": False, "type": "dict", "default": None, + "options": { + "description": {"required": False, "type": "str"}, + "map": {"required": False, "type": "list", + "options": { + "cos_queue": {"required": False, "type": "int"}, + "diffserv": {"required": False, "type": "str", + "choices": ["CS0", + "CS1", + "AF11", + "AF12", + "AF13", + "CS2", + "AF21", + "AF22", + "AF23", + "CS3", + "AF31", + "AF32", + "AF33", + "CS4", + "AF41", + "AF42", + "AF43", + "CS5", + "EF", + "CS6", + "CS7"]}, + "ip_precedence": {"required": False, "type": "str", + "choices": ["network-control", + "internetwork-control", + "critic-ecp", + "flashoverride", + "flash", + "immediate", + "priority", + "routine"]}, + "name": {"required": True, "type": "str"}, + "value": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_qos_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_qos_policy.py new file mode 100644 index 00000000..e567d927 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_qos_policy.py @@ -0,0 +1,306 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_qos_qos_policy +short_description: Configure FortiSwitch QoS policy in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller_qos feature and qos_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_qos_qos_policy: + description: + - Configure FortiSwitch QoS policy. + default: null + type: dict + suboptions: + default_cos: + description: + - Default cos queue for untagged packets. + type: int + name: + description: + - QoS policy name. + required: true + type: str + queue_policy: + description: + - QoS egress queue policy. Source switch-controller.qos.queue-policy.name. + type: str + trust_dot1p_map: + description: + - QoS trust 802.1p map. Source switch-controller.qos.dot1p-map.name. + type: str + trust_ip_dscp_map: + description: + - QoS trust ip dscp map. Source switch-controller.qos.ip-dscp-map.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS policy. + fortios_switch_controller_qos_qos_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_qos_policy: + default_cos: "3" + name: "default_name_4" + queue_policy: " (source switch-controller.qos.queue-policy.name)" + trust_dot1p_map: " (source switch-controller.qos.dot1p-map.name)" + trust_ip_dscp_map: " (source switch-controller.qos.ip-dscp-map.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_qos_qos_policy_data(json): + option_list = ['default_cos', 'name', 'queue_policy', + 'trust_dot1p_map', 'trust_ip_dscp_map'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_qos_qos_policy(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_qos_qos_policy_data = data['switch_controller_qos_qos_policy'] + filtered_data = underscore_to_hyphen(filter_switch_controller_qos_qos_policy_data(switch_controller_qos_qos_policy_data)) + + if state == "present": + return fos.set('switch-controller.qos', + 'qos-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller.qos', + 'qos-policy', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller_qos(data, fos): + + if data['switch_controller_qos_qos_policy']: + resp = switch_controller_qos_qos_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_qos_qos_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_qos_qos_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "default_cos": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "queue_policy": {"required": False, "type": "str"}, + "trust_dot1p_map": {"required": False, "type": "str"}, + "trust_ip_dscp_map": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_queue_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_queue_policy.py new file mode 100644 index 00000000..bb9cc4c5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_qos_queue_policy.py @@ -0,0 +1,346 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_qos_queue_policy +short_description: Configure FortiSwitch QoS egress queue policy in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller_qos feature and queue_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_qos_queue_policy: + description: + - Configure FortiSwitch QoS egress queue policy. + default: null + type: dict + suboptions: + cos_queue: + description: + - COS queue configuration. + type: list + suboptions: + description: + description: + - Description of the COS queue. + type: str + drop_policy: + description: + - COS queue drop policy. + type: str + choices: + - taildrop + - weighted-random-early-detection + max_rate: + description: + - Maximum rate (0 - 4294967295 kbps, 0 to disable). + type: int + min_rate: + description: + - Minimum rate (0 - 4294967295 kbps, 0 to disable). + type: int + name: + description: + - Cos queue ID. + required: true + type: str + weight: + description: + - Weight of weighted round robin scheduling. + type: int + name: + description: + - QoS policy name + required: true + type: str + schedule: + description: + - COS queue scheduling. + type: str + choices: + - strict + - round-robin + - weighted +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch QoS egress queue policy. + fortios_switch_controller_qos_queue_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_qos_queue_policy: + cos_queue: + - + description: "" + drop_policy: "taildrop" + max_rate: "6" + min_rate: "7" + name: "default_name_8" + weight: "9" + name: "default_name_10" + schedule: "strict" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_qos_queue_policy_data(json): + option_list = ['cos_queue', 'name', 'schedule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_qos_queue_policy(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_qos_queue_policy_data = data['switch_controller_qos_queue_policy'] + filtered_data = underscore_to_hyphen(filter_switch_controller_qos_queue_policy_data(switch_controller_qos_queue_policy_data)) + + if state == "present": + return fos.set('switch-controller.qos', + 'queue-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller.qos', + 'queue-policy', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller_qos(data, fos): + + if data['switch_controller_qos_queue_policy']: + resp = switch_controller_qos_queue_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_qos_queue_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_qos_queue_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "cos_queue": {"required": False, "type": "list", + "options": { + "description": {"required": False, "type": "str"}, + "drop_policy": {"required": False, "type": "str", + "choices": ["taildrop", + "weighted-random-early-detection"]}, + "max_rate": {"required": False, "type": "int"}, + "min_rate": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "weight": {"required": False, "type": "int"} + }}, + "name": {"required": True, "type": "str"}, + "schedule": {"required": False, "type": "str", + "choices": ["strict", + "round-robin", + "weighted"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_quarantine.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_quarantine.py new file mode 100644 index 00000000..99ec745a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_quarantine.py @@ -0,0 +1,309 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_quarantine +short_description: Configure FortiSwitch quarantine support in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and quarantine category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_quarantine: + description: + - Configure FortiSwitch quarantine support. + default: null + type: dict + suboptions: + quarantine: + description: + - Enable/disable quarantine. + type: str + choices: + - enable + - disable + targets: + description: + - Quarantine MACs. + type: list + suboptions: + description: + description: + - Description for the quarantine MAC. + type: str + entry_id: + description: + - FSW entry id for the quarantine MAC. + type: int + mac: + description: + - Quarantine MAC. + required: true + type: str + tag: + description: + - Tags for the quarantine MAC. + type: list + suboptions: + tags: + description: + - Tag string(eg. string1 string2 string3). + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch quarantine support. + fortios_switch_controller_quarantine: + vdom: "{{ vdom }}" + switch_controller_quarantine: + quarantine: "enable" + targets: + - + description: "" + entry_id: "6" + mac: "" + tag: + - + tags: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_quarantine_data(json): + option_list = ['quarantine', 'targets'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_quarantine(data, fos): + vdom = data['vdom'] + switch_controller_quarantine_data = data['switch_controller_quarantine'] + filtered_data = underscore_to_hyphen(filter_switch_controller_quarantine_data(switch_controller_quarantine_data)) + + return fos.set('switch-controller', + 'quarantine', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_quarantine']: + resp = switch_controller_quarantine(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_quarantine')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_quarantine": { + "required": False, "type": "dict", "default": None, + "options": { + "quarantine": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "targets": {"required": False, "type": "list", + "options": { + "description": {"required": False, "type": "str"}, + "entry_id": {"required": False, "type": "int"}, + "mac": {"required": True, "type": "str"}, + "tag": {"required": False, "type": "list", + "options": { + "tags": {"required": True, "type": "str"} + }} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_802_1x.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_802_1x.py new file mode 100644 index 00000000..35349dc2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_802_1x.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_security_policy_802_1x +short_description: Configure 802.1x MAC Authentication Bypass (MAB) policies in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller_security_policy feature and 802_1x category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_security_policy_802_1x: + description: + - Configure 802.1x MAC Authentication Bypass (MAB) policies. + default: null + type: dict + suboptions: + auth_fail_vlan: + description: + - Enable to allow limited access to clients that cannot authenticate. + type: str + choices: + - disable + - enable + auth_fail_vlan_id: + description: + - VLAN ID on which authentication failed. Source system.interface.name. + type: str + auth_fail_vlanid: + description: + - VLAN ID on which authentication failed. + type: int + eap_passthru: + description: + - Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. + type: str + choices: + - disable + - enable + guest_auth_delay: + description: + - Guest authentication delay (1 - 900 sec). + type: int + guest_vlan: + description: + - Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. + type: str + choices: + - disable + - enable + guest_vlan_id: + description: + - Guest VLAN name. Source system.interface.name. + type: str + guest_vlanid: + description: + - Guest VLAN ID. + type: int + mac_auth_bypass: + description: + - Enable/disable MAB for this policy. + type: str + choices: + - disable + - enable + name: + description: + - Policy name. + required: true + type: str + policy_type: + description: + - Policy type. + type: str + choices: + - 802.1X + radius_timeout_overwrite: + description: + - Enable to override the global RADIUS session timeout. + type: str + choices: + - disable + - enable + security_mode: + description: + - Port or MAC based 802.1X security mode. + type: str + choices: + - 802.1X + - 802.1X-mac-based + user_group: + description: + - Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure 802.1x MAC Authentication Bypass (MAB) policies. + fortios_switch_controller_security_policy_802_1x: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_security_policy_802_1x: + auth_fail_vlan: "disable" + auth_fail_vlan_id: " (source system.interface.name)" + auth_fail_vlanid: "5" + eap_passthru: "disable" + guest_auth_delay: "7" + guest_vlan: "disable" + guest_vlan_id: " (source system.interface.name)" + guest_vlanid: "10" + mac_auth_bypass: "disable" + name: "default_name_12" + policy_type: "802.1X" + radius_timeout_overwrite: "disable" + security_mode: "802.1X" + user_group: + - + name: "default_name_17 (source user.group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_security_policy_802_1x_data(json): + option_list = ['auth_fail_vlan', 'auth_fail_vlan_id', 'auth_fail_vlanid', + 'eap_passthru', 'guest_auth_delay', 'guest_vlan', + 'guest_vlan_id', 'guest_vlanid', 'mac_auth_bypass', + 'name', 'policy_type', 'radius_timeout_overwrite', + 'security_mode', 'user_group'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_security_policy_802_1x(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_security_policy_802_1x_data = data['switch_controller_security_policy_802_1x'] + filtered_data = underscore_to_hyphen(filter_switch_controller_security_policy_802_1x_data(switch_controller_security_policy_802_1x_data)) + + if state == "present": + return fos.set('switch-controller.security-policy', + '802-1X', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller.security-policy', + '802-1X', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller_security_policy(data, fos): + + if data['switch_controller_security_policy_802_1x']: + resp = switch_controller_security_policy_802_1x(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_security_policy_802_1x')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_security_policy_802_1x": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_fail_vlan": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "auth_fail_vlan_id": {"required": False, "type": "str"}, + "auth_fail_vlanid": {"required": False, "type": "int"}, + "eap_passthru": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "guest_auth_delay": {"required": False, "type": "int"}, + "guest_vlan": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "guest_vlan_id": {"required": False, "type": "str"}, + "guest_vlanid": {"required": False, "type": "int"}, + "mac_auth_bypass": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "name": {"required": True, "type": "str"}, + "policy_type": {"required": False, "type": "str", + "choices": ["802.1X"]}, + "radius_timeout_overwrite": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "security_mode": {"required": False, "type": "str", + "choices": ["802.1X", + "802.1X-mac-based"]}, + "user_group": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller_security_policy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_captive_portal.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_captive_portal.py new file mode 100644 index 00000000..c11a5c5d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_security_policy_captive_portal.py @@ -0,0 +1,296 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_security_policy_captive_portal +short_description: Names of VLANs that use captive portal authentication in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller_security_policy feature and captive_portal category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_security_policy_captive_portal: + description: + - Names of VLANs that use captive portal authentication. + default: null + type: dict + suboptions: + name: + description: + - Policy name. + required: true + type: str + policy_type: + description: + - Policy type. + type: str + choices: + - captive-portal + vlan: + description: + - Names of VLANs that use captive portal authentication. Source system.interface.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Names of VLANs that use captive portal authentication. + fortios_switch_controller_security_policy_captive_portal: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_security_policy_captive_portal: + name: "default_name_3" + policy_type: "captive-portal" + vlan: " (source system.interface.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_security_policy_captive_portal_data(json): + option_list = ['name', 'policy_type', 'vlan'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_security_policy_captive_portal(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_security_policy_captive_portal_data = data['switch_controller_security_policy_captive_portal'] + filtered_data = underscore_to_hyphen(filter_switch_controller_security_policy_captive_portal_data(switch_controller_security_policy_captive_portal_data)) + + if state == "present": + return fos.set('switch-controller.security-policy', + 'captive-portal', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller.security-policy', + 'captive-portal', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller_security_policy(data, fos): + + if data['switch_controller_security_policy_captive_portal']: + resp = switch_controller_security_policy_captive_portal(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_security_policy_captive_portal')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_security_policy_captive_portal": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "policy_type": {"required": False, "type": "str", + "choices": ["captive-portal"]}, + "vlan": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller_security_policy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_sflow.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_sflow.py new file mode 100644 index 00000000..7225e39c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_sflow.py @@ -0,0 +1,264 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_sflow +short_description: Configure FortiSwitch sFlow in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and sflow category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_sflow: + description: + - Configure FortiSwitch sFlow. + default: null + type: dict + suboptions: + collector_ip: + description: + - Collector IP. + type: str + collector_port: + description: + - SFlow collector port (0 - 65535). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch sFlow. + fortios_switch_controller_sflow: + vdom: "{{ vdom }}" + switch_controller_sflow: + collector_ip: "" + collector_port: "4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_sflow_data(json): + option_list = ['collector_ip', 'collector_port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_sflow(data, fos): + vdom = data['vdom'] + switch_controller_sflow_data = data['switch_controller_sflow'] + filtered_data = underscore_to_hyphen(filter_switch_controller_sflow_data(switch_controller_sflow_data)) + + return fos.set('switch-controller', + 'sflow', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_sflow']: + resp = switch_controller_sflow(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_sflow')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_sflow": { + "required": False, "type": "dict", "default": None, + "options": { + "collector_ip": {"required": False, "type": "str"}, + "collector_port": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_storm_control.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_storm_control.py new file mode 100644 index 00000000..675444c8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_storm_control.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_storm_control +short_description: Configure FortiSwitch storm control in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and storm_control category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_storm_control: + description: + - Configure FortiSwitch storm control. + default: null + type: dict + suboptions: + broadcast: + description: + - Enable/disable storm control to drop broadcast traffic. + type: str + choices: + - enable + - disable + rate: + description: + - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond + this threshold. + type: int + unknown_multicast: + description: + - Enable/disable storm control to drop unknown multicast traffic. + type: str + choices: + - enable + - disable + unknown_unicast: + description: + - Enable/disable storm control to drop unknown unicast traffic. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch storm control. + fortios_switch_controller_storm_control: + vdom: "{{ vdom }}" + switch_controller_storm_control: + broadcast: "enable" + rate: "4" + unknown_multicast: "enable" + unknown_unicast: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_storm_control_data(json): + option_list = ['broadcast', 'rate', 'unknown_multicast', + 'unknown_unicast'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_storm_control(data, fos): + vdom = data['vdom'] + switch_controller_storm_control_data = data['switch_controller_storm_control'] + filtered_data = underscore_to_hyphen(filter_switch_controller_storm_control_data(switch_controller_storm_control_data)) + + return fos.set('switch-controller', + 'storm-control', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_storm_control']: + resp = switch_controller_storm_control(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_storm_control')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_storm_control": { + "required": False, "type": "dict", "default": None, + "options": { + "broadcast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rate": {"required": False, "type": "int"}, + "unknown_multicast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unknown_unicast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_stp_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_stp_settings.py new file mode 100644 index 00000000..b4f26ae9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_stp_settings.py @@ -0,0 +1,307 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_stp_settings +short_description: Configure FortiSwitch spanning tree protocol (STP) in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and stp_settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_stp_settings: + description: + - Configure FortiSwitch spanning tree protocol (STP). + default: null + type: dict + suboptions: + forward_time: + description: + - Period of time a port is in listening and learning state (4 - 30 sec). + type: int + hello_time: + description: + - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). + type: int + max_age: + description: + - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). + type: int + max_hops: + description: + - Maximum number of hops between the root bridge and the furthest bridge (1- 40). + type: int + name: + description: + - Name of global STP settings configuration. + type: str + pending_timer: + description: + - Pending time (1 - 15 sec). + type: int + revision: + description: + - STP revision number (0 - 65535). + type: int + status: + description: + - Enable/disable STP. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch spanning tree protocol (STP). + fortios_switch_controller_stp_settings: + vdom: "{{ vdom }}" + switch_controller_stp_settings: + forward_time: "3" + hello_time: "4" + max_age: "5" + max_hops: "6" + name: "default_name_7" + pending_timer: "8" + revision: "9" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_stp_settings_data(json): + option_list = ['forward_time', 'hello_time', 'max_age', + 'max_hops', 'name', 'pending_timer', + 'revision', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_stp_settings(data, fos): + vdom = data['vdom'] + switch_controller_stp_settings_data = data['switch_controller_stp_settings'] + filtered_data = underscore_to_hyphen(filter_switch_controller_stp_settings_data(switch_controller_stp_settings_data)) + + return fos.set('switch-controller', + 'stp-settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_stp_settings']: + resp = switch_controller_stp_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_stp_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_stp_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "forward_time": {"required": False, "type": "int"}, + "hello_time": {"required": False, "type": "int"}, + "max_age": {"required": False, "type": "int"}, + "max_hops": {"required": False, "type": "int"}, + "name": {"required": False, "type": "str"}, + "pending_timer": {"required": False, "type": "int"}, + "revision": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_group.py new file mode 100644 index 00000000..9c75b43e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_group.py @@ -0,0 +1,304 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_switch_group +short_description: Configure FortiSwitch switch groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and switch_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_switch_group: + description: + - Configure FortiSwitch switch groups. + default: null + type: dict + suboptions: + description: + description: + - Optional switch group description. + type: str + members: + description: + - FortiSwitch members belonging to this switch group. + type: list + suboptions: + name: + description: + - Managed device ID. Source switch-controller.managed-switch.switch-id. + required: true + type: str + name: + description: + - Switch group name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch switch groups. + fortios_switch_controller_switch_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_switch_group: + description: "" + members: + - + name: "default_name_5 (source switch-controller.managed-switch.switch-id)" + name: "default_name_6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_switch_group_data(json): + option_list = ['description', 'members', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_switch_group(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_switch_group_data = data['switch_controller_switch_group'] + filtered_data = underscore_to_hyphen(filter_switch_controller_switch_group_data(switch_controller_switch_group_data)) + + if state == "present": + return fos.set('switch-controller', + 'switch-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'switch-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_switch_group']: + resp = switch_controller_switch_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_switch_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_switch_group": { + "required": False, "type": "dict", "default": None, + "options": { + "description": {"required": False, "type": "str"}, + "members": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_interface_tag.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_interface_tag.py new file mode 100644 index 00000000..b0c61dee --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_interface_tag.py @@ -0,0 +1,281 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_switch_interface_tag +short_description: Configure switch object tags in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and switch_interface_tag category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_switch_interface_tag: + description: + - Configure switch object tags. + default: null + type: dict + suboptions: + name: + description: + - Tag name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure switch object tags. + fortios_switch_controller_switch_interface_tag: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_switch_interface_tag: + name: "default_name_3" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_switch_interface_tag_data(json): + option_list = ['name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_switch_interface_tag(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_switch_interface_tag_data = data['switch_controller_switch_interface_tag'] + filtered_data = underscore_to_hyphen(filter_switch_controller_switch_interface_tag_data(switch_controller_switch_interface_tag_data)) + + if state == "present": + return fos.set('switch-controller', + 'switch-interface-tag', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'switch-interface-tag', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_switch_interface_tag']: + resp = switch_controller_switch_interface_tag(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_switch_interface_tag')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_switch_interface_tag": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_log.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_log.py new file mode 100644 index 00000000..f82f04e0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_log.py @@ -0,0 +1,286 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_switch_log +short_description: Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log) in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and switch_log category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_switch_log: + description: + - Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log). + default: null + type: dict + suboptions: + severity: + description: + - Severity of FortiSwitch logs that are added to the FortiGate event log. + type: str + choices: + - emergency + - alert + - critical + - error + - warning + - notification + - information + - debug + status: + description: + - Enable/disable adding FortiSwitch logs to FortiGate event log. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log). + fortios_switch_controller_switch_log: + vdom: "{{ vdom }}" + switch_controller_switch_log: + severity: "emergency" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_switch_log_data(json): + option_list = ['severity', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_switch_log(data, fos): + vdom = data['vdom'] + switch_controller_switch_log_data = data['switch_controller_switch_log'] + filtered_data = underscore_to_hyphen(filter_switch_controller_switch_log_data(switch_controller_switch_log_data)) + + return fos.set('switch-controller', + 'switch-log', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_switch_log']: + resp = switch_controller_switch_log(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_switch_log')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_switch_log": { + "required": False, "type": "dict", "default": None, + "options": { + "severity": {"required": False, "type": "str", + "choices": ["emergency", + "alert", + "critical", + "error", + "warning", + "notification", + "information", + "debug"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_profile.py new file mode 100644 index 00000000..405edbc2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_switch_profile.py @@ -0,0 +1,299 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_switch_profile +short_description: Configure FortiSwitch switch profile in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and switch_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_switch_profile: + description: + - Configure FortiSwitch switch profile. + default: null + type: dict + suboptions: + login_passwd: + description: + - Login password of managed FortiSwitch. + type: str + login_passwd_override: + description: + - Enable/disable overriding the admin administrator password for a managed FortiSwitch with the FortiGate admin administrator account + password. + type: str + choices: + - enable + - disable + name: + description: + - FortiSwitch Profile name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSwitch switch profile. + fortios_switch_controller_switch_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_switch_profile: + login_passwd: "" + login_passwd_override: "enable" + name: "default_name_5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_switch_profile_data(json): + option_list = ['login_passwd', 'login_passwd_override', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_switch_profile(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_switch_profile_data = data['switch_controller_switch_profile'] + filtered_data = underscore_to_hyphen(filter_switch_controller_switch_profile_data(switch_controller_switch_profile_data)) + + if state == "present": + return fos.set('switch-controller', + 'switch-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'switch-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_switch_profile']: + resp = switch_controller_switch_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_switch_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_switch_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "login_passwd": {"required": False, "type": "str"}, + "login_passwd_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_system.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_system.py new file mode 100644 index 00000000..aa436368 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_system.py @@ -0,0 +1,269 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_system +short_description: Configure system-wide switch controller settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and system category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + switch_controller_system: + description: + - Configure system-wide switch controller settings. + default: null + type: dict + suboptions: + parallel_process: + description: + - Maximum number of parallel processes (1 - 300). + type: int + parallel_process_override: + description: + - Enable/disable parallel process override. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure system-wide switch controller settings. + fortios_switch_controller_system: + vdom: "{{ vdom }}" + switch_controller_system: + parallel_process: "3" + parallel_process_override: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_system_data(json): + option_list = ['parallel_process', 'parallel_process_override'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_system(data, fos): + vdom = data['vdom'] + switch_controller_system_data = data['switch_controller_system'] + filtered_data = underscore_to_hyphen(filter_switch_controller_system_data(switch_controller_system_data)) + + return fos.set('switch-controller', + 'system', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_system']: + resp = switch_controller_system(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_system')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "switch_controller_system": { + "required": False, "type": "dict", "default": None, + "options": { + "parallel_process": {"required": False, "type": "int"}, + "parallel_process_override": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_virtual_port_pool.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_virtual_port_pool.py new file mode 100644 index 00000000..a75e84eb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_virtual_port_pool.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_virtual_port_pool +short_description: Configure virtual pool in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and virtual_port_pool category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_virtual_port_pool: + description: + - Configure virtual pool. + default: null + type: dict + suboptions: + description: + description: + - Virtual switch pool description. + type: str + name: + description: + - Virtual switch pool name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual pool. + fortios_switch_controller_virtual_port_pool: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_virtual_port_pool: + description: "" + name: "default_name_4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_virtual_port_pool_data(json): + option_list = ['description', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_virtual_port_pool(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_virtual_port_pool_data = data['switch_controller_virtual_port_pool'] + filtered_data = underscore_to_hyphen(filter_switch_controller_virtual_port_pool_data(switch_controller_virtual_port_pool_data)) + + if state == "present": + return fos.set('switch-controller', + 'virtual-port-pool', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'virtual-port-pool', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_virtual_port_pool']: + resp = switch_controller_virtual_port_pool(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_virtual_port_pool')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_virtual_port_pool": { + "required": False, "type": "dict", "default": None, + "options": { + "description": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_vlan.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_vlan.py new file mode 100644 index 00000000..df68e063 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_switch_controller_vlan.py @@ -0,0 +1,400 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_switch_controller_vlan +short_description: Configure VLANs for switch controller in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify switch_controller feature and vlan category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + switch_controller_vlan: + description: + - Configure VLANs for switch controller. + default: null + type: dict + suboptions: + auth: + description: + - Authentication. + type: str + choices: + - radius + - usergroup + color: + description: + - Color of icon on the GUI. + type: int + comments: + description: + - Comment. + type: str + name: + description: + - Switch VLAN name. + required: true + type: str + portal_message_override_group: + description: + - Specify captive portal replacement message override group. + type: str + portal_message_overrides: + description: + - Individual message overrides. + type: dict + suboptions: + auth_disclaimer_page: + description: + - Override auth-disclaimer-page message with message from portal-message-overrides group. + type: str + auth_login_failed_page: + description: + - Override auth-login-failed-page message with message from portal-message-overrides group. + type: str + auth_login_page: + description: + - Override auth-login-page message with message from portal-message-overrides group. + type: str + auth_reject_page: + description: + - Override auth-reject-page message with message from portal-message-overrides group. + type: str + radius_server: + description: + - Authentication radius server. Source user.radius.name. + type: str + security: + description: + - Security. + type: str + choices: + - open + - captive-portal + - 8021x + selected_usergroups: + description: + - Selected user group. + type: list + suboptions: + name: + description: + - User group name. Source user.group.name. + required: true + type: str + usergroup: + description: + - Authentication usergroup. Source user.group.name. + type: str + vdom: + description: + - Virtual domain, + type: str + vlanid: + description: + - VLAN ID. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VLANs for switch controller. + fortios_switch_controller_vlan: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + switch_controller_vlan: + auth: "radius" + color: "4" + comments: "" + name: "default_name_6" + portal_message_override_group: "" + portal_message_overrides: + auth_disclaimer_page: "" + auth_login_failed_page: "" + auth_login_page: "" + auth_reject_page: "" + radius_server: " (source user.radius.name)" + security: "open" + selected_usergroups: + - + name: "default_name_16 (source user.group.name)" + usergroup: " (source user.group.name)" + vdom: "" + vlanid: "19" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_switch_controller_vlan_data(json): + option_list = ['auth', 'color', 'comments', + 'name', 'portal_message_override_group', 'portal_message_overrides', + 'radius_server', 'security', 'selected_usergroups', + 'usergroup', 'vdom', 'vlanid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def switch_controller_vlan(data, fos): + vdom = data['vdom'] + state = data['state'] + switch_controller_vlan_data = data['switch_controller_vlan'] + filtered_data = underscore_to_hyphen(filter_switch_controller_vlan_data(switch_controller_vlan_data)) + + if state == "present": + return fos.set('switch-controller', + 'vlan', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('switch-controller', + 'vlan', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_switch_controller(data, fos): + + if data['switch_controller_vlan']: + resp = switch_controller_vlan(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('switch_controller_vlan')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "switch_controller_vlan": { + "required": False, "type": "dict", "default": None, + "options": { + "auth": {"required": False, "type": "str", + "choices": ["radius", + "usergroup"]}, + "color": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "portal_message_override_group": {"required": False, "type": "str"}, + "portal_message_overrides": {"required": False, "type": "dict", + "options": { + "auth_disclaimer_page": {"required": False, "type": "str"}, + "auth_login_failed_page": {"required": False, "type": "str"}, + "auth_login_page": {"required": False, "type": "str"}, + "auth_reject_page": {"required": False, "type": "str"} + }}, + "radius_server": {"required": False, "type": "str"}, + "security": {"required": False, "type": "str", + "choices": ["open", + "captive-portal", + "8021x"]}, + "selected_usergroups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "usergroup": {"required": False, "type": "str"}, + "vdom": {"required": False, "type": "str"}, + "vlanid": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_switch_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_3g_modem_custom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_3g_modem_custom.py new file mode 100644 index 00000000..810ea1e3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_3g_modem_custom.py @@ -0,0 +1,319 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_3g_modem_custom +short_description: 3G MODEM custom in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_3g_modem feature and custom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_3g_modem_custom: + description: + - 3G MODEM custom. + default: null + type: dict + suboptions: + class_id: + description: + - USB interface class in hexadecimal format (00-ff). + type: str + id: + description: + - ID. + required: true + type: int + init_string: + description: + - Init string in hexadecimal format (even length). + type: str + model: + description: + - MODEM model name. + type: str + product_id: + description: + - USB product ID in hexadecimal format (0000-ffff). + type: str + vendor: + description: + - MODEM vendor name. + type: str + vendor_id: + description: + - USB vendor ID in hexadecimal format (0000-ffff). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: 3G MODEM custom. + fortios_system_3g_modem_custom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_3g_modem_custom: + class_id: "" + id: "4" + init_string: "" + model: "" + product_id: "" + vendor: "" + vendor_id: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_3g_modem_custom_data(json): + option_list = ['class_id', 'id', 'init_string', + 'model', 'product_id', 'vendor', + 'vendor_id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_3g_modem_custom(data, fos): + vdom = data['vdom'] + state = data['state'] + system_3g_modem_custom_data = data['system_3g_modem_custom'] + filtered_data = underscore_to_hyphen(filter_system_3g_modem_custom_data(system_3g_modem_custom_data)) + + if state == "present": + return fos.set('system.3g-modem', + 'custom', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.3g-modem', + 'custom', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_3g_modem(data, fos): + + if data['system_3g_modem_custom']: + resp = system_3g_modem_custom(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_3g_modem_custom')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_3g_modem_custom": { + "required": False, "type": "dict", "default": None, + "options": { + "class_id": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "init_string": {"required": False, "type": "str"}, + "model": {"required": False, "type": "str"}, + "product_id": {"required": False, "type": "str"}, + "vendor": {"required": False, "type": "str"}, + "vendor_id": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_3g_modem(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_accprofile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_accprofile.py new file mode 100644 index 00000000..90c5084d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_accprofile.py @@ -0,0 +1,878 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_accprofile +short_description: Configure access profiles for system administrators in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and accprofile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + system_accprofile: + description: + - Configure access profiles for system administrators. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + admintimeout: + description: + - Administrator timeout for this access profile (0 - 480 min). + type: int + admintimeout_override: + description: + - Enable/disable overriding the global administrator idle timeout. + type: str + choices: + - enable + - disable + authgrp: + description: + - Administrator access to Users and Devices. + type: str + choices: + - none + - read + - read-write + comments: + description: + - Comment. + type: str + ftviewgrp: + description: + - FortiView. + type: str + choices: + - none + - read + - read-write + fwgrp: + description: + - Administrator access to the Firewall configuration. + type: str + choices: + - none + - read + - read-write + - custom + fwgrp_permission: + description: + - Custom firewall permission. + type: dict + suboptions: + address: + description: + - Address Configuration. + type: str + choices: + - none + - read + - read-write + policy: + description: + - Policy Configuration. + type: str + choices: + - none + - read + - read-write + schedule: + description: + - Schedule Configuration. + type: str + choices: + - none + - read + - read-write + service: + description: + - Service Configuration. + type: str + choices: + - none + - read + - read-write + loggrp: + description: + - Administrator access to Logging and Reporting including viewing log messages. + type: str + choices: + - none + - read + - read-write + - custom + loggrp_permission: + description: + - Custom Log & Report permission. + type: dict + suboptions: + config: + description: + - Log & Report configuration. + type: str + choices: + - none + - read + - read-write + data_access: + description: + - Log & Report Data Access. + type: str + choices: + - none + - read + - read-write + report_access: + description: + - Log & Report Report Access. + type: str + choices: + - none + - read + - read-write + threat_weight: + description: + - Log & Report Threat Weight. + type: str + choices: + - none + - read + - read-write + name: + description: + - Profile name. + required: true + type: str + netgrp: + description: + - Network Configuration. + type: str + choices: + - none + - read + - read-write + - custom + netgrp_permission: + description: + - Custom network permission. + type: dict + suboptions: + cfg: + description: + - Network Configuration. + type: str + choices: + - none + - read + - read-write + packet_capture: + description: + - Packet Capture Configuration. + type: str + choices: + - none + - read + - read-write + route_cfg: + description: + - Router Configuration. + type: str + choices: + - none + - read + - read-write + scope: + description: + - 'Scope of admin access: global or specific VDOM(s).' + type: str + choices: + - vdom + - global + secfabgrp: + description: + - Security Fabric. + type: str + choices: + - none + - read + - read-write + sysgrp: + description: + - System Configuration. + type: str + choices: + - none + - read + - read-write + - custom + sysgrp_permission: + description: + - Custom system permission. + type: dict + suboptions: + admin: + description: + - Administrator Users. + type: str + choices: + - none + - read + - read-write + cfg: + description: + - System Configuration. + type: str + choices: + - none + - read + - read-write + mnt: + description: + - Maintenance. + type: str + choices: + - none + - read + - read-write + upd: + description: + - FortiGuard Updates. + type: str + choices: + - none + - read + - read-write + utmgrp: + description: + - Administrator access to Security Profiles. + type: str + choices: + - none + - read + - read-write + - custom + utmgrp_permission: + description: + - Custom Security Profile permissions. + type: dict + suboptions: + antivirus: + description: + - Antivirus profiles and settings. + type: str + choices: + - none + - read + - read-write + application_control: + description: + - Application Control profiles and settings. + type: str + choices: + - none + - read + - read-write + data_loss_prevention: + description: + - DLP profiles and settings. + type: str + choices: + - none + - read + - read-write + dnsfilter: + description: + - DNS Filter profiles and settings. + type: str + choices: + - none + - read + - read-write + endpoint_control: + description: + - FortiClient Profiles. + type: str + choices: + - none + - read + - read-write + icap: + description: + - ICAP profiles and settings. + type: str + choices: + - none + - read + - read-write + ips: + description: + - IPS profiles and settings. + type: str + choices: + - none + - read + - read-write + spamfilter: + description: + - AntiSpam filter and settings. + type: str + choices: + - none + - read + - read-write + voip: + description: + - VoIP profiles and settings. + type: str + choices: + - none + - read + - read-write + waf: + description: + - Web Application Firewall profiles and settings. + type: str + choices: + - none + - read + - read-write + webfilter: + description: + - Web Filter profiles and settings. + type: str + choices: + - none + - read + - read-write + vpngrp: + description: + - Administrator access to IPsec, SSL, PPTP, and L2TP VPN. + type: str + choices: + - none + - read + - read-write + wanoptgrp: + description: + - Administrator access to WAN Opt & Cache. + type: str + choices: + - none + - read + - read-write + wifi: + description: + - Administrator access to the WiFi controller and Switch controller. + type: str + choices: + - none + - read + - read-write +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure access profiles for system administrators. + fortios_system_accprofile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_accprofile: + admintimeout: "3" + admintimeout_override: "enable" + authgrp: "none" + comments: "" + ftviewgrp: "none" + fwgrp: "none" + fwgrp_permission: + address: "none" + policy: "none" + schedule: "none" + service: "none" + loggrp: "none" + loggrp_permission: + config: "none" + data_access: "none" + report_access: "none" + threat_weight: "none" + name: "default_name_20" + netgrp: "none" + netgrp_permission: + cfg: "none" + packet_capture: "none" + route_cfg: "none" + scope: "vdom" + secfabgrp: "none" + sysgrp: "none" + sysgrp_permission: + admin: "none" + cfg: "none" + mnt: "none" + upd: "none" + utmgrp: "none" + utmgrp_permission: + antivirus: "none" + application_control: "none" + data_loss_prevention: "none" + dnsfilter: "none" + endpoint_control: "none" + icap: "none" + ips: "none" + spamfilter: "none" + voip: "none" + waf: "none" + webfilter: "none" + vpngrp: "none" + wanoptgrp: "none" + wifi: "none" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_accprofile_data(json): + option_list = ['admintimeout', 'admintimeout_override', 'authgrp', + 'comments', 'ftviewgrp', 'fwgrp', + 'fwgrp_permission', 'loggrp', 'loggrp_permission', + 'name', 'netgrp', 'netgrp_permission', + 'scope', 'secfabgrp', 'sysgrp', + 'sysgrp_permission', 'utmgrp', 'utmgrp_permission', + 'vpngrp', 'wanoptgrp', 'wifi'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_accprofile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['system_accprofile'] and data['system_accprofile']['state']: + state = data['system_accprofile']['state'] + else: + state = True + system_accprofile_data = data['system_accprofile'] + filtered_data = underscore_to_hyphen(filter_system_accprofile_data(system_accprofile_data)) + + if state == "present": + return fos.set('system', + 'accprofile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'accprofile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_accprofile']: + resp = system_accprofile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_accprofile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "system_accprofile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "admintimeout": {"required": False, "type": "int"}, + "admintimeout_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "authgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "comments": {"required": False, "type": "str"}, + "ftviewgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "fwgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write", + "custom"]}, + "fwgrp_permission": {"required": False, "type": "dict", + "options": { + "address": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "policy": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "schedule": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "service": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]} + }}, + "loggrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write", + "custom"]}, + "loggrp_permission": {"required": False, "type": "dict", + "options": { + "config": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "data_access": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "report_access": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "threat_weight": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]} + }}, + "name": {"required": True, "type": "str"}, + "netgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write", + "custom"]}, + "netgrp_permission": {"required": False, "type": "dict", + "options": { + "cfg": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "packet_capture": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "route_cfg": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]} + }}, + "scope": {"required": False, "type": "str", + "choices": ["vdom", + "global"]}, + "secfabgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "sysgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write", + "custom"]}, + "sysgrp_permission": {"required": False, "type": "dict", + "options": { + "admin": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "cfg": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "mnt": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "upd": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]} + }}, + "utmgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write", + "custom"]}, + "utmgrp_permission": {"required": False, "type": "dict", + "options": { + "antivirus": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "application_control": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "data_loss_prevention": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "dnsfilter": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "endpoint_control": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "icap": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "ips": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "spamfilter": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "voip": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "waf": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "webfilter": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]} + }}, + "vpngrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "wanoptgrp": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]}, + "wifi": {"required": False, "type": "str", + "choices": ["none", + "read", + "read-write"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py new file mode 100644 index 00000000..aa1c645b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py @@ -0,0 +1,1080 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_admin +short_description: Configure admin users in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and admin category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + system_admin: + description: + - Configure admin users. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + accprofile: + description: + - Access profile for this administrator. Access profiles control administrator access to FortiGate features. Source system.accprofile.name. + type: str + accprofile_override: + description: + - Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this + administrator can access. + type: str + choices: + - enable + - disable + allow_remove_admin_session: + description: + - Enable/disable allow admin session to be removed by privileged admin users. + type: str + choices: + - enable + - disable + comments: + description: + - Comment. + type: str + email_to: + description: + - This administrator"s email address. + type: str + force_password_change: + description: + - Enable/disable force password change on next login. + type: str + choices: + - enable + - disable + fortitoken: + description: + - This administrator"s FortiToken serial number. + type: str + guest_auth: + description: + - Enable/disable guest authentication. + type: str + choices: + - disable + - enable + guest_lang: + description: + - Guest management portal language. Source system.custom-language.name. + type: str + guest_usergroups: + description: + - Select guest user groups. + type: list + suboptions: + name: + description: + - Select guest user groups. + required: true + type: str + gui_dashboard: + description: + - GUI dashboards. + type: list + suboptions: + columns: + description: + - Number of columns. + type: int + id: + description: + - Dashboard ID. + required: true + type: int + layout_type: + description: + - Layout type. + type: str + choices: + - responsive + - fixed + name: + description: + - Dashboard name. + type: str + scope: + description: + - Dashboard scope. + type: str + choices: + - global + - vdom + widget: + description: + - Dashboard widgets. + type: list + suboptions: + fabric_device: + description: + - Fabric device to monitor. + type: str + filters: + description: + - FortiView filters. + type: list + suboptions: + id: + description: + - FortiView Filter ID. + required: true + type: int + key: + description: + - Filter key. + type: str + value: + description: + - Filter value. + type: str + height: + description: + - Height. + type: int + id: + description: + - Widget ID. + required: true + type: int + industry: + description: + - Security Audit Rating industry. + type: str + choices: + - default + - custom + interface: + description: + - Interface to monitor. Source system.interface.name. + type: str + region: + description: + - Security Audit Rating region. + type: str + choices: + - default + - custom + report_by: + description: + - Field to aggregate the data by. + type: str + choices: + - source + - destination + - country + - intfpair + - srcintf + - dstintf + - policy + - wificlient + - shaper + - endpoint-vulnerability + - endpoint-device + - application + - cloud-app + - cloud-user + - web-domain + - web-category + - web-search-phrase + - threat + - system + - unauth + - admin + - vpn + sort_by: + description: + - Field to sort the data by. + type: str + timeframe: + description: + - Timeframe period of reported data. + type: str + choices: + - realtime + - 5min + - hour + - day + - week + title: + description: + - Widget title. + type: str + type: + description: + - Widget type. + type: str + choices: + - sysinfo + - licinfo + - vminfo + - forticloud + - cpu-usage + - memory-usage + - disk-usage + - log-rate + - sessions + - session-rate + - tr-history + - analytics + - usb-modem + - admins + - security-fabric + - security-fabric-ranking + - ha-status + - vulnerability-summary + - host-scan-summary + - fortiview + - botnet-activity + - fortimail + visualization: + description: + - Visualization to use. + type: str + choices: + - table + - bubble + - country + - chord + width: + description: + - Width. + type: int + x_pos: + description: + - X position. + type: int + y_pos: + description: + - Y position. + type: int + gui_global_menu_favorites: + description: + - Favorite GUI menu IDs for the global VDOM. + type: list + suboptions: + id: + description: + - Select menu ID. + required: true + type: str + gui_vdom_menu_favorites: + description: + - Favorite GUI menu IDs for VDOMs. + type: list + suboptions: + id: + description: + - Select menu ID. + required: true + type: str + hidden: + description: + - Admin user hidden attribute. + type: int + history0: + description: + - history0 + type: str + history1: + description: + - history1 + type: str + ip6_trusthost1: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost10: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost2: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost3: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost4: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost5: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost6: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost7: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost8: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + ip6_trusthost9: + description: + - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. + type: str + login_time: + description: + - Record user login time. + type: list + suboptions: + last_failed_login: + description: + - Last failed login time. + type: str + last_login: + description: + - Last successful login time. + type: str + usr_name: + description: + - User name. + type: str + name: + description: + - User name. + required: true + type: str + password: + description: + - Admin user password. + type: str + password_expire: + description: + - Password expire time. + type: str + peer_auth: + description: + - Set to enable peer certificate authentication (for HTTPS admin access). + type: str + choices: + - enable + - disable + peer_group: + description: + - Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin + access). + type: str + radius_vdom_override: + description: + - Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access. + type: str + choices: + - enable + - disable + remote_auth: + description: + - Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server. + type: str + choices: + - enable + - disable + remote_group: + description: + - User group name used for remote auth. + type: str + schedule: + description: + - Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions. + type: str + sms_custom_server: + description: + - Custom SMS server to send SMS messages to. Source system.sms-server.name. + type: str + sms_phone: + description: + - Phone number on which the administrator receives SMS messages. + type: str + sms_server: + description: + - Send SMS messages using the FortiGuard SMS server or a custom server. + type: str + choices: + - fortiguard + - custom + ssh_certificate: + description: + - Select the certificate to be used by the FortiGate for authentication with an SSH client. Source certificate.local.name. + type: str + ssh_public_key1: + description: + - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the + SSH client application. + type: str + ssh_public_key2: + description: + - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the + SSH client application. + type: str + ssh_public_key3: + description: + - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the + SSH client application. + type: str + trusthost1: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost10: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost2: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost3: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost4: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost5: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost6: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost7: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost8: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + trusthost9: + description: + - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access + from any IPv4 address. + type: str + two_factor: + description: + - Enable/disable two-factor authentication. + type: str + choices: + - disable + - fortitoken + - email + - sms + vdom: + description: + - Virtual domain(s) that the administrator can access. + type: list + suboptions: + name: + description: + - Virtual domain name. Source system.vdom.name. + required: true + type: str + wildcard: + description: + - Enable/disable wildcard RADIUS authentication. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure admin users. + fortios_system_admin: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_admin: + accprofile: " (source system.accprofile.name)" + accprofile_override: "enable" + allow_remove_admin_session: "enable" + comments: "" + email_to: "" + force_password_change: "enable" + fortitoken: "" + guest_auth: "disable" + guest_lang: " (source system.custom-language.name)" + guest_usergroups: + - + name: "default_name_13" + gui_dashboard: + - + columns: "15" + id: "16" + layout_type: "responsive" + name: "default_name_18" + scope: "global" + widget: + - + fabric_device: "" + filters: + - + id: "23" + key: "" + value: "" + height: "26" + id: "27" + industry: "default" + interface: " (source system.interface.name)" + region: "default" + report_by: "source" + sort_by: "" + timeframe: "realtime" + title: "" + type: "sysinfo" + visualization: "table" + width: "37" + x_pos: "38" + y_pos: "39" + gui_global_menu_favorites: + - + id: "41" + gui_vdom_menu_favorites: + - + id: "43" + hidden: "44" + history0: "" + history1: "" + ip6_trusthost1: "" + ip6_trusthost10: "" + ip6_trusthost2: "" + ip6_trusthost3: "" + ip6_trusthost4: "" + ip6_trusthost5: "" + ip6_trusthost6: "" + ip6_trusthost7: "" + ip6_trusthost8: "" + ip6_trusthost9: "" + login_time: + - + last_failed_login: "" + last_login: "" + usr_name: "" + name: "default_name_61" + password: "" + password_expire: "" + peer_auth: "enable" + peer_group: "" + radius_vdom_override: "enable" + remote_auth: "enable" + remote_group: "" + schedule: "" + sms_custom_server: " (source system.sms-server.name)" + sms_phone: "" + sms_server: "fortiguard" + ssh_certificate: " (source certificate.local.name)" + ssh_public_key1: "" + ssh_public_key2: "" + ssh_public_key3: "" + trusthost1: "" + trusthost10: "" + trusthost2: "" + trusthost3: "" + trusthost4: "" + trusthost5: "" + trusthost6: "" + trusthost7: "" + trusthost8: "" + trusthost9: "" + two_factor: "disable" + vdom: + - + name: "default_name_89 (source system.vdom.name)" + wildcard: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_admin_data(json): + option_list = ['accprofile', 'accprofile_override', 'allow_remove_admin_session', + 'comments', 'email_to', 'force_password_change', + 'fortitoken', 'guest_auth', 'guest_lang', + 'guest_usergroups', 'gui_dashboard', 'gui_global_menu_favorites', + 'gui_vdom_menu_favorites', 'hidden', 'history0', + 'history1', 'ip6_trusthost1', 'ip6_trusthost10', + 'ip6_trusthost2', 'ip6_trusthost3', 'ip6_trusthost4', + 'ip6_trusthost5', 'ip6_trusthost6', 'ip6_trusthost7', + 'ip6_trusthost8', 'ip6_trusthost9', 'login_time', + 'name', 'password', 'password_expire', + 'peer_auth', 'peer_group', 'radius_vdom_override', + 'remote_auth', 'remote_group', 'schedule', + 'sms_custom_server', 'sms_phone', 'sms_server', + 'ssh_certificate', 'ssh_public_key1', 'ssh_public_key2', + 'ssh_public_key3', 'trusthost1', 'trusthost10', + 'trusthost2', 'trusthost3', 'trusthost4', + 'trusthost5', 'trusthost6', 'trusthost7', + 'trusthost8', 'trusthost9', 'two_factor', + 'vdom', 'wildcard'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_admin(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['system_admin'] and data['system_admin']['state']: + state = data['system_admin']['state'] + else: + state = True + system_admin_data = data['system_admin'] + filtered_data = underscore_to_hyphen(filter_system_admin_data(system_admin_data)) + + if state == "present": + return fos.set('system', + 'admin', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'admin', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_admin']: + resp = system_admin(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_admin')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "system_admin": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "accprofile": {"required": False, "type": "str"}, + "accprofile_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allow_remove_admin_session": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comments": {"required": False, "type": "str"}, + "email_to": {"required": False, "type": "str"}, + "force_password_change": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortitoken": {"required": False, "type": "str"}, + "guest_auth": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "guest_lang": {"required": False, "type": "str"}, + "guest_usergroups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "gui_dashboard": {"required": False, "type": "list", + "options": { + "columns": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "layout_type": {"required": False, "type": "str", + "choices": ["responsive", + "fixed"]}, + "name": {"required": False, "type": "str"}, + "scope": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "widget": {"required": False, "type": "list", + "options": { + "fabric_device": {"required": False, "type": "str"}, + "filters": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "key": {"required": False, "type": "str"}, + "value": {"required": False, "type": "str"} + }}, + "height": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "industry": {"required": False, "type": "str", + "choices": ["default", + "custom"]}, + "interface": {"required": False, "type": "str"}, + "region": {"required": False, "type": "str", + "choices": ["default", + "custom"]}, + "report_by": {"required": False, "type": "str", + "choices": ["source", + "destination", + "country", + "intfpair", + "srcintf", + "dstintf", + "policy", + "wificlient", + "shaper", + "endpoint-vulnerability", + "endpoint-device", + "application", + "cloud-app", + "cloud-user", + "web-domain", + "web-category", + "web-search-phrase", + "threat", + "system", + "unauth", + "admin", + "vpn"]}, + "sort_by": {"required": False, "type": "str"}, + "timeframe": {"required": False, "type": "str", + "choices": ["realtime", + "5min", + "hour", + "day", + "week"]}, + "title": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["sysinfo", + "licinfo", + "vminfo", + "forticloud", + "cpu-usage", + "memory-usage", + "disk-usage", + "log-rate", + "sessions", + "session-rate", + "tr-history", + "analytics", + "usb-modem", + "admins", + "security-fabric", + "security-fabric-ranking", + "ha-status", + "vulnerability-summary", + "host-scan-summary", + "fortiview", + "botnet-activity", + "fortimail"]}, + "visualization": {"required": False, "type": "str", + "choices": ["table", + "bubble", + "country", + "chord"]}, + "width": {"required": False, "type": "int"}, + "x_pos": {"required": False, "type": "int"}, + "y_pos": {"required": False, "type": "int"} + }} + }}, + "gui_global_menu_favorites": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "str"} + }}, + "gui_vdom_menu_favorites": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "str"} + }}, + "hidden": {"required": False, "type": "int"}, + "history0": {"required": False, "type": "str"}, + "history1": {"required": False, "type": "str"}, + "ip6_trusthost1": {"required": False, "type": "str"}, + "ip6_trusthost10": {"required": False, "type": "str"}, + "ip6_trusthost2": {"required": False, "type": "str"}, + "ip6_trusthost3": {"required": False, "type": "str"}, + "ip6_trusthost4": {"required": False, "type": "str"}, + "ip6_trusthost5": {"required": False, "type": "str"}, + "ip6_trusthost6": {"required": False, "type": "str"}, + "ip6_trusthost7": {"required": False, "type": "str"}, + "ip6_trusthost8": {"required": False, "type": "str"}, + "ip6_trusthost9": {"required": False, "type": "str"}, + "login_time": {"required": False, "type": "list", + "options": { + "last_failed_login": {"required": False, "type": "str"}, + "last_login": {"required": False, "type": "str"}, + "usr_name": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str"}, + "password_expire": {"required": False, "type": "str"}, + "peer_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "peer_group": {"required": False, "type": "str"}, + "radius_vdom_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remote_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remote_group": {"required": False, "type": "str"}, + "schedule": {"required": False, "type": "str"}, + "sms_custom_server": {"required": False, "type": "str"}, + "sms_phone": {"required": False, "type": "str"}, + "sms_server": {"required": False, "type": "str", + "choices": ["fortiguard", + "custom"]}, + "ssh_certificate": {"required": False, "type": "str"}, + "ssh_public_key1": {"required": False, "type": "str"}, + "ssh_public_key2": {"required": False, "type": "str"}, + "ssh_public_key3": {"required": False, "type": "str"}, + "trusthost1": {"required": False, "type": "str"}, + "trusthost10": {"required": False, "type": "str"}, + "trusthost2": {"required": False, "type": "str"}, + "trusthost3": {"required": False, "type": "str"}, + "trusthost4": {"required": False, "type": "str"}, + "trusthost5": {"required": False, "type": "str"}, + "trusthost6": {"required": False, "type": "str"}, + "trusthost7": {"required": False, "type": "str"}, + "trusthost8": {"required": False, "type": "str"}, + "trusthost9": {"required": False, "type": "str"}, + "two_factor": {"required": False, "type": "str", + "choices": ["disable", + "fortitoken", + "email", + "sms"]}, + "vdom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "wildcard": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_interrupt.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_interrupt.py new file mode 100644 index 00000000..d5e4e80e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_interrupt.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_affinity_interrupt +short_description: Configure interrupt affinity in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and affinity_interrupt category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_affinity_interrupt: + description: + - Configure interrupt affinity. + default: null + type: dict + suboptions: + affinity_cpumask: + description: + - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). + type: str + id: + description: + - ID of the interrupt affinity setting. + required: true + type: int + interrupt: + description: + - Interrupt name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure interrupt affinity. + fortios_system_affinity_interrupt: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_affinity_interrupt: + affinity_cpumask: "" + id: "4" + interrupt: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_affinity_interrupt_data(json): + option_list = ['affinity_cpumask', 'id', 'interrupt'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_affinity_interrupt(data, fos): + vdom = data['vdom'] + state = data['state'] + system_affinity_interrupt_data = data['system_affinity_interrupt'] + filtered_data = underscore_to_hyphen(filter_system_affinity_interrupt_data(system_affinity_interrupt_data)) + + if state == "present": + return fos.set('system', + 'affinity-interrupt', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'affinity-interrupt', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_affinity_interrupt']: + resp = system_affinity_interrupt(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_affinity_interrupt')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_affinity_interrupt": { + "required": False, "type": "dict", "default": None, + "options": { + "affinity_cpumask": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "interrupt": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_packet_redistribution.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_packet_redistribution.py new file mode 100644 index 00000000..e136e21a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_affinity_packet_redistribution.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_affinity_packet_redistribution +short_description: Configure packet redistribution in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and affinity_packet_redistribution category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_affinity_packet_redistribution: + description: + - Configure packet redistribution. + default: null + type: dict + suboptions: + affinity_cpumask: + description: + - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). + type: str + id: + description: + - ID of the packet redistribution setting. + required: true + type: int + interface: + description: + - Physical interface name on which to perform packet redistribution. Source system.interface.name. + type: str + rxqid: + description: + - ID of the receive queue (when the interface has multiple queues) on which to perform packet redistribution. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure packet redistribution. + fortios_system_affinity_packet_redistribution: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_affinity_packet_redistribution: + affinity_cpumask: "" + id: "4" + interface: " (source system.interface.name)" + rxqid: "6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_affinity_packet_redistribution_data(json): + option_list = ['affinity_cpumask', 'id', 'interface', + 'rxqid'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_affinity_packet_redistribution(data, fos): + vdom = data['vdom'] + state = data['state'] + system_affinity_packet_redistribution_data = data['system_affinity_packet_redistribution'] + filtered_data = underscore_to_hyphen(filter_system_affinity_packet_redistribution_data(system_affinity_packet_redistribution_data)) + + if state == "present": + return fos.set('system', + 'affinity-packet-redistribution', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'affinity-packet-redistribution', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_affinity_packet_redistribution']: + resp = system_affinity_packet_redistribution(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_affinity_packet_redistribution')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_affinity_packet_redistribution": { + "required": False, "type": "dict", "default": None, + "options": { + "affinity_cpumask": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "rxqid": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alarm.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alarm.py new file mode 100644 index 00000000..974d720b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alarm.py @@ -0,0 +1,410 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_alarm +short_description: Configure alarm in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and alarm category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_alarm: + description: + - Configure alarm. + default: null + type: dict + suboptions: + audible: + description: + - Enable/disable audible alarm. + type: str + choices: + - enable + - disable + groups: + description: + - Alarm groups. + type: list + suboptions: + admin_auth_failure_threshold: + description: + - Admin authentication failure threshold. + type: int + admin_auth_lockout_threshold: + description: + - Admin authentication lockout threshold. + type: int + decryption_failure_threshold: + description: + - Decryption failure threshold. + type: int + encryption_failure_threshold: + description: + - Encryption failure threshold. + type: int + fw_policy_id: + description: + - Firewall policy ID. + type: int + fw_policy_id_threshold: + description: + - Firewall policy ID threshold. + type: int + fw_policy_violations: + description: + - Firewall policy violations. + type: list + suboptions: + dst_ip: + description: + - Destination IP (0=all). + type: str + dst_port: + description: + - Destination port (0=all). + type: int + id: + description: + - Firewall policy violations ID. + required: true + type: int + src_ip: + description: + - Source IP (0=all). + type: str + src_port: + description: + - Source port (0=all). + type: int + threshold: + description: + - Firewall policy violation threshold. + type: int + id: + description: + - Group ID. + required: true + type: int + log_full_warning_threshold: + description: + - Log full warning threshold. + type: int + period: + description: + - Time period in seconds (0 = from start up). + type: int + replay_attempt_threshold: + description: + - Replay attempt threshold. + type: int + self_test_failure_threshold: + description: + - Self-test failure threshold. + type: int + user_auth_failure_threshold: + description: + - User authentication failure threshold. + type: int + user_auth_lockout_threshold: + description: + - User authentication lockout threshold. + type: int + status: + description: + - Enable/disable alarm. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure alarm. + fortios_system_alarm: + vdom: "{{ vdom }}" + system_alarm: + audible: "enable" + groups: + - + admin_auth_failure_threshold: "5" + admin_auth_lockout_threshold: "6" + decryption_failure_threshold: "7" + encryption_failure_threshold: "8" + fw_policy_id: "9" + fw_policy_id_threshold: "10" + fw_policy_violations: + - + dst_ip: "" + dst_port: "13" + id: "14" + src_ip: "" + src_port: "16" + threshold: "17" + id: "18" + log_full_warning_threshold: "19" + period: "20" + replay_attempt_threshold: "21" + self_test_failure_threshold: "22" + user_auth_failure_threshold: "23" + user_auth_lockout_threshold: "24" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_alarm_data(json): + option_list = ['audible', 'groups', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_alarm(data, fos): + vdom = data['vdom'] + system_alarm_data = data['system_alarm'] + filtered_data = underscore_to_hyphen(filter_system_alarm_data(system_alarm_data)) + + return fos.set('system', + 'alarm', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_alarm']: + resp = system_alarm(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_alarm')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_alarm": { + "required": False, "type": "dict", "default": None, + "options": { + "audible": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "groups": {"required": False, "type": "list", + "options": { + "admin_auth_failure_threshold": {"required": False, "type": "int"}, + "admin_auth_lockout_threshold": {"required": False, "type": "int"}, + "decryption_failure_threshold": {"required": False, "type": "int"}, + "encryption_failure_threshold": {"required": False, "type": "int"}, + "fw_policy_id": {"required": False, "type": "int"}, + "fw_policy_id_threshold": {"required": False, "type": "int"}, + "fw_policy_violations": {"required": False, "type": "list", + "options": { + "dst_ip": {"required": False, "type": "str"}, + "dst_port": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "src_ip": {"required": False, "type": "str"}, + "src_port": {"required": False, "type": "int"}, + "threshold": {"required": False, "type": "int"} + }}, + "id": {"required": True, "type": "int"}, + "log_full_warning_threshold": {"required": False, "type": "int"}, + "period": {"required": False, "type": "int"}, + "replay_attempt_threshold": {"required": False, "type": "int"}, + "self_test_failure_threshold": {"required": False, "type": "int"}, + "user_auth_failure_threshold": {"required": False, "type": "int"}, + "user_auth_lockout_threshold": {"required": False, "type": "int"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alias.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alias.py new file mode 100644 index 00000000..a09f139e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_alias.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_alias +short_description: Configure alias command in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and alias category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_alias: + description: + - Configure alias command. + default: null + type: dict + suboptions: + command: + description: + - Command list to execute. + type: str + name: + description: + - Alias command name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure alias command. + fortios_system_alias: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_alias: + command: "" + name: "default_name_4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_alias_data(json): + option_list = ['command', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_alias(data, fos): + vdom = data['vdom'] + state = data['state'] + system_alias_data = data['system_alias'] + filtered_data = underscore_to_hyphen(filter_system_alias_data(system_alias_data)) + + if state == "present": + return fos.set('system', + 'alias', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'alias', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_alias']: + resp = system_alias(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_alias')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_alias": { + "required": False, "type": "dict", "default": None, + "options": { + "command": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_api_user.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_api_user.py new file mode 100644 index 00000000..a23e6c7c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_api_user.py @@ -0,0 +1,409 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_api_user +short_description: Configure API users in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and api_user category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + system_api_user: + description: + - Configure API users. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + accprofile: + description: + - Admin user access profile. Source system.accprofile.name. + type: str + api_key: + description: + - Admin user password. + type: str + comments: + description: + - Comment. + type: str + cors_allow_origin: + description: + - Value for Access-Control-Allow-Origin on API responses. Avoid using "*" if possible. + type: str + name: + description: + - User name. + required: true + type: str + peer_auth: + description: + - Enable/disable peer authentication. + type: str + choices: + - enable + - disable + peer_group: + description: + - Peer group name. + type: str + schedule: + description: + - Schedule name. + type: str + trusthost: + description: + - Trusthost. + type: list + suboptions: + id: + description: + - Table ID. + required: true + type: int + ipv4_trusthost: + description: + - IPv4 trusted host address. + type: str + ipv6_trusthost: + description: + - IPv6 trusted host address. + type: str + type: + description: + - Trusthost type. + type: str + choices: + - ipv4-trusthost + - ipv6-trusthost + vdom: + description: + - Virtual domains. + type: list + suboptions: + name: + description: + - Virtual domain name. Source system.vdom.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure API users. + fortios_system_api_user: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_api_user: + accprofile: " (source system.accprofile.name)" + api_key: "" + comments: "" + cors_allow_origin: "" + name: "default_name_7" + peer_auth: "enable" + peer_group: "" + schedule: "" + trusthost: + - + id: "12" + ipv4_trusthost: "" + ipv6_trusthost: "" + type: "ipv4-trusthost" + vdom: + - + name: "default_name_17 (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_api_user_data(json): + option_list = ['accprofile', 'api_key', 'comments', + 'cors_allow_origin', 'name', 'peer_auth', + 'peer_group', 'schedule', 'trusthost', + 'vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_api_user(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['system_api_user'] and data['system_api_user']['state']: + state = data['system_api_user']['state'] + else: + state = True + system_api_user_data = data['system_api_user'] + filtered_data = underscore_to_hyphen(filter_system_api_user_data(system_api_user_data)) + + if state == "present": + return fos.set('system', + 'api-user', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'api-user', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_api_user']: + resp = system_api_user(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_api_user')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "system_api_user": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "accprofile": {"required": False, "type": "str"}, + "api_key": {"required": False, "type": "str"}, + "comments": {"required": False, "type": "str"}, + "cors_allow_origin": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "peer_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "peer_group": {"required": False, "type": "str"}, + "schedule": {"required": False, "type": "str"}, + "trusthost": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "ipv4_trusthost": {"required": False, "type": "str"}, + "ipv6_trusthost": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["ipv4-trusthost", + "ipv6-trusthost"]} + }}, + "vdom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_arp_table.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_arp_table.py new file mode 100644 index 00000000..7922eaab --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_arp_table.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_arp_table +short_description: Configure ARP table in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and arp_table category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_arp_table: + description: + - Configure ARP table. + default: null + type: dict + suboptions: + id: + description: + - Unique integer ID of the entry. + required: true + type: int + interface: + description: + - Interface name. Source system.interface.name. + type: str + ip: + description: + - IP address. + type: str + mac: + description: + - MAC address. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure ARP table. + fortios_system_arp_table: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_arp_table: + id: "3" + interface: " (source system.interface.name)" + ip: "" + mac: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_arp_table_data(json): + option_list = ['id', 'interface', 'ip', + 'mac'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_arp_table(data, fos): + vdom = data['vdom'] + state = data['state'] + system_arp_table_data = data['system_arp_table'] + filtered_data = underscore_to_hyphen(filter_system_arp_table_data(system_arp_table_data)) + + if state == "present": + return fos.set('system', + 'arp-table', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'arp-table', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_arp_table']: + resp = system_arp_table(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_arp_table')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_arp_table": { + "required": False, "type": "dict", "default": None, + "options": { + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip": {"required": False, "type": "str"}, + "mac": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_install.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_install.py new file mode 100644 index 00000000..f530f937 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_install.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_auto_install +short_description: Configure USB auto installation in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and auto_install category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_auto_install: + description: + - Configure USB auto installation. + default: null + type: dict + suboptions: + auto_install_config: + description: + - Enable/disable auto install the config in USB disk. + type: str + choices: + - enable + - disable + auto_install_image: + description: + - Enable/disable auto install the image in USB disk. + type: str + choices: + - enable + - disable + default_config_file: + description: + - Default config file name in USB disk. + type: str + default_image_file: + description: + - Default image file name in USB disk. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure USB auto installation. + fortios_system_auto_install: + vdom: "{{ vdom }}" + system_auto_install: + auto_install_config: "enable" + auto_install_image: "enable" + default_config_file: "" + default_image_file: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_auto_install_data(json): + option_list = ['auto_install_config', 'auto_install_image', 'default_config_file', + 'default_image_file'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_auto_install(data, fos): + vdom = data['vdom'] + system_auto_install_data = data['system_auto_install'] + filtered_data = underscore_to_hyphen(filter_system_auto_install_data(system_auto_install_data)) + + return fos.set('system', + 'auto-install', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_auto_install']: + resp = system_auto_install(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_auto_install')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_auto_install": { + "required": False, "type": "dict", "default": None, + "options": { + "auto_install_config": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_install_image": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_config_file": {"required": False, "type": "str"}, + "default_image_file": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_script.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_script.py new file mode 100644 index 00000000..83d07473 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_auto_script.py @@ -0,0 +1,317 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_auto_script +short_description: Configure auto script in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and auto_script category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_auto_script: + description: + - Configure auto script. + default: null + type: dict + suboptions: + interval: + description: + - Repeat interval in seconds. + type: int + name: + description: + - Auto script name. + required: true + type: str + output_size: + description: + - Number of megabytes to limit script output to (10 - 1024). + type: int + repeat: + description: + - Number of times to repeat this script (0 = infinite). + type: int + script: + description: + - List of FortiOS CLI commands to repeat. + type: str + start: + description: + - Script starting mode. + type: str + choices: + - manual + - auto +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure auto script. + fortios_system_auto_script: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_auto_script: + interval: "3" + name: "default_name_4" + output_size: "5" + repeat: "6" + script: "" + start: "manual" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_auto_script_data(json): + option_list = ['interval', 'name', 'output_size', + 'repeat', 'script', 'start'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_auto_script(data, fos): + vdom = data['vdom'] + state = data['state'] + system_auto_script_data = data['system_auto_script'] + filtered_data = underscore_to_hyphen(filter_system_auto_script_data(system_auto_script_data)) + + if state == "present": + return fos.set('system', + 'auto-script', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'auto-script', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_auto_script']: + resp = system_auto_script(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_auto_script')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_auto_script": { + "required": False, "type": "dict", "default": None, + "options": { + "interval": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "output_size": {"required": False, "type": "int"}, + "repeat": {"required": False, "type": "int"}, + "script": {"required": False, "type": "str"}, + "start": {"required": False, "type": "str", + "choices": ["manual", + "auto"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_action.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_action.py new file mode 100644 index 00000000..32fefca9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_action.py @@ -0,0 +1,429 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_automation_action +short_description: Action for automation stitches in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and automation_action category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_automation_action: + description: + - Action for automation stitches. + default: null + type: dict + suboptions: + action_type: + description: + - Action type. + type: str + choices: + - email + - ios-notification + - alert + - disable-ssid + - quarantine + - quarantine-forticlient + - ban-ip + - aws-lambda + - webhook + aws_api_id: + description: + - AWS API Gateway ID. + type: str + aws_api_key: + description: + - AWS API Gateway API key. + type: str + aws_api_path: + description: + - AWS API Gateway path. + type: str + aws_api_stage: + description: + - AWS API Gateway deployment stage name. + type: str + aws_region: + description: + - AWS region. + type: str + email_subject: + description: + - Email subject. + type: str + email_to: + description: + - Email addresses. + type: list + suboptions: + name: + description: + - Email address. + required: true + type: str + headers: + description: + - Request headers. + type: list + suboptions: + header: + description: + - Request header. + required: true + type: str + http_body: + description: + - Request body (if necessary). Should be serialized json string. + type: str + method: + description: + - Request method (GET, POST or PUT). + type: str + choices: + - post + - put + - get + minimum_interval: + description: + - Limit execution to no more than once in this interval (in seconds). + type: int + name: + description: + - Name. + required: true + type: str + port: + description: + - Protocol port. + type: int + protocol: + description: + - Request protocol. + type: str + choices: + - http + - https + uri: + description: + - Request API URI. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Action for automation stitches. + fortios_system_automation_action: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_action: + action_type: "email" + aws_api_id: "" + aws_api_key: "" + aws_api_path: "" + aws_api_stage: "" + aws_region: "" + email_subject: "" + email_to: + - + name: "default_name_11" + headers: + - + header: "" + http_body: "" + method: "post" + minimum_interval: "16" + name: "default_name_17" + port: "18" + protocol: "http" + uri: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_automation_action_data(json): + option_list = ['action_type', 'aws_api_id', 'aws_api_key', + 'aws_api_path', 'aws_api_stage', 'aws_region', + 'email_subject', 'email_to', 'headers', + 'http_body', 'method', 'minimum_interval', + 'name', 'port', 'protocol', + 'uri'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_automation_action(data, fos): + vdom = data['vdom'] + state = data['state'] + system_automation_action_data = data['system_automation_action'] + filtered_data = underscore_to_hyphen(filter_system_automation_action_data(system_automation_action_data)) + + if state == "present": + return fos.set('system', + 'automation-action', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'automation-action', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_automation_action']: + resp = system_automation_action(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_automation_action')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_automation_action": { + "required": False, "type": "dict", "default": None, + "options": { + "action_type": {"required": False, "type": "str", + "choices": ["email", + "ios-notification", + "alert", + "disable-ssid", + "quarantine", + "quarantine-forticlient", + "ban-ip", + "aws-lambda", + "webhook"]}, + "aws_api_id": {"required": False, "type": "str"}, + "aws_api_key": {"required": False, "type": "str"}, + "aws_api_path": {"required": False, "type": "str"}, + "aws_api_stage": {"required": False, "type": "str"}, + "aws_region": {"required": False, "type": "str"}, + "email_subject": {"required": False, "type": "str"}, + "email_to": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "headers": {"required": False, "type": "list", + "options": { + "header": {"required": True, "type": "str"} + }}, + "http_body": {"required": False, "type": "str"}, + "method": {"required": False, "type": "str", + "choices": ["post", + "put", + "get"]}, + "minimum_interval": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "str", + "choices": ["http", + "https"]}, + "uri": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_destination.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_destination.py new file mode 100644 index 00000000..54a598cf --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_destination.py @@ -0,0 +1,316 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_automation_destination +short_description: Automation destinations in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and automation_destination category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_automation_destination: + description: + - Automation destinations. + default: null + type: dict + suboptions: + destination: + description: + - Destinations. + type: list + suboptions: + name: + description: + - Destination. + required: true + type: str + ha_group_id: + description: + - Cluster group ID set for this destination . + type: int + name: + description: + - Name. + required: true + type: str + type: + description: + - Destination type. + type: str + choices: + - fortigate + - ha-cluster +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Automation destinations. + fortios_system_automation_destination: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_destination: + destination: + - + name: "default_name_4" + ha_group_id: "5" + name: "default_name_6" + type: "fortigate" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_automation_destination_data(json): + option_list = ['destination', 'ha_group_id', 'name', + 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_automation_destination(data, fos): + vdom = data['vdom'] + state = data['state'] + system_automation_destination_data = data['system_automation_destination'] + filtered_data = underscore_to_hyphen(filter_system_automation_destination_data(system_automation_destination_data)) + + if state == "present": + return fos.set('system', + 'automation-destination', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'automation-destination', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_automation_destination']: + resp = system_automation_destination(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_automation_destination')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_automation_destination": { + "required": False, "type": "dict", "default": None, + "options": { + "destination": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ha_group_id": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["fortigate", + "ha-cluster"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_stitch.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_stitch.py new file mode 100644 index 00000000..645de6b4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_stitch.py @@ -0,0 +1,333 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_automation_stitch +short_description: Automation stitches in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and automation_stitch category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_automation_stitch: + description: + - Automation stitches. + default: null + type: dict + suboptions: + action: + description: + - Action names. + type: list + suboptions: + name: + description: + - Action name. Source system.automation-action.name. + required: true + type: str + destination: + description: + - Serial number/HA group-name of destination devices. + type: list + suboptions: + name: + description: + - Destination name. Source system.automation-destination.name. + required: true + type: str + name: + description: + - Name. + required: true + type: str + status: + description: + - Enable/disable this stitch. + type: str + choices: + - enable + - disable + trigger: + description: + - Trigger name. Source system.automation-trigger.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Automation stitches. + fortios_system_automation_stitch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_stitch: + action: + - + name: "default_name_4 (source system.automation-action.name)" + destination: + - + name: "default_name_6 (source system.automation-destination.name)" + name: "default_name_7" + status: "enable" + trigger: " (source system.automation-trigger.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_automation_stitch_data(json): + option_list = ['action', 'destination', 'name', + 'status', 'trigger'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_automation_stitch(data, fos): + vdom = data['vdom'] + state = data['state'] + system_automation_stitch_data = data['system_automation_stitch'] + filtered_data = underscore_to_hyphen(filter_system_automation_stitch_data(system_automation_stitch_data)) + + if state == "present": + return fos.set('system', + 'automation-stitch', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'automation-stitch', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_automation_stitch']: + resp = system_automation_stitch(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_automation_stitch')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_automation_stitch": { + "required": False, "type": "dict", "default": None, + "options": { + "action": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "destination": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trigger": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_trigger.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_trigger.py new file mode 100644 index 00000000..eced14aa --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_automation_trigger.py @@ -0,0 +1,410 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_automation_trigger +short_description: Trigger for automation stitches in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and automation_trigger category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_automation_trigger: + description: + - Trigger for automation stitches. + default: null + type: dict + suboptions: + event_type: + description: + - Event type. + type: str + choices: + - ioc + - event-log + - reboot + - low-memory + - high-cpu + - license-near-expiry + - ha-failover + - config-change + ioc_level: + description: + - IOC threat level. + type: str + choices: + - medium + - high + license_type: + description: + - License type. + type: str + choices: + - forticare-support + - fortiguard-webfilter + - fortiguard-antispam + - fortiguard-antivirus + - fortiguard-ips + - fortiguard-management + - forticloud + logid: + description: + - Log ID to trigger event. + type: int + name: + description: + - Name. + required: true + type: str + trigger_day: + description: + - Day within a month to trigger. + type: int + trigger_frequency: + description: + - Scheduled trigger frequency . + type: str + choices: + - hourly + - daily + - weekly + - monthly + trigger_hour: + description: + - Hour of the day on which to trigger (0 - 23). + type: int + trigger_minute: + description: + - Minute of the hour on which to trigger (0 - 59, 60 to randomize). + type: int + trigger_type: + description: + - Trigger type. + type: str + choices: + - event-based + - scheduled + trigger_weekday: + description: + - Day of week for trigger. + type: str + choices: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Trigger for automation stitches. + fortios_system_automation_trigger: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_automation_trigger: + event_type: "ioc" + ioc_level: "medium" + license_type: "forticare-support" + logid: "6" + name: "default_name_7" + trigger_day: "8" + trigger_frequency: "hourly" + trigger_hour: "10" + trigger_minute: "11" + trigger_type: "event-based" + trigger_weekday: "sunday" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_automation_trigger_data(json): + option_list = ['event_type', 'ioc_level', 'license_type', + 'logid', 'name', 'trigger_day', + 'trigger_frequency', 'trigger_hour', 'trigger_minute', + 'trigger_type', 'trigger_weekday'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_automation_trigger(data, fos): + vdom = data['vdom'] + state = data['state'] + system_automation_trigger_data = data['system_automation_trigger'] + filtered_data = underscore_to_hyphen(filter_system_automation_trigger_data(system_automation_trigger_data)) + + if state == "present": + return fos.set('system', + 'automation-trigger', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'automation-trigger', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_automation_trigger']: + resp = system_automation_trigger(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_automation_trigger')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_automation_trigger": { + "required": False, "type": "dict", "default": None, + "options": { + "event_type": {"required": False, "type": "str", + "choices": ["ioc", + "event-log", + "reboot", + "low-memory", + "high-cpu", + "license-near-expiry", + "ha-failover", + "config-change"]}, + "ioc_level": {"required": False, "type": "str", + "choices": ["medium", + "high"]}, + "license_type": {"required": False, "type": "str", + "choices": ["forticare-support", + "fortiguard-webfilter", + "fortiguard-antispam", + "fortiguard-antivirus", + "fortiguard-ips", + "fortiguard-management", + "forticloud"]}, + "logid": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "trigger_day": {"required": False, "type": "int"}, + "trigger_frequency": {"required": False, "type": "str", + "choices": ["hourly", + "daily", + "weekly", + "monthly"]}, + "trigger_hour": {"required": False, "type": "int"}, + "trigger_minute": {"required": False, "type": "int"}, + "trigger_type": {"required": False, "type": "str", + "choices": ["event-based", + "scheduled"]}, + "trigger_weekday": {"required": False, "type": "str", + "choices": ["sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_push_update.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_push_update.py new file mode 100644 index 00000000..c56c2278 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_push_update.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_autoupdate_push_update +short_description: Configure push updates in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_autoupdate feature and push_update category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_autoupdate_push_update: + description: + - Configure push updates. + default: null + type: dict + suboptions: + address: + description: + - Push update override server. + type: str + override: + description: + - Enable/disable push update override server. + type: str + choices: + - enable + - disable + port: + description: + - Push update override port. (Do not overlap with other service ports) + type: int + status: + description: + - Enable/disable push updates. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure push updates. + fortios_system_autoupdate_push_update: + vdom: "{{ vdom }}" + system_autoupdate_push_update: + address: "" + override: "enable" + port: "5" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_autoupdate_push_update_data(json): + option_list = ['address', 'override', 'port', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_autoupdate_push_update(data, fos): + vdom = data['vdom'] + system_autoupdate_push_update_data = data['system_autoupdate_push_update'] + filtered_data = underscore_to_hyphen(filter_system_autoupdate_push_update_data(system_autoupdate_push_update_data)) + + return fos.set('system.autoupdate', + 'push-update', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_autoupdate(data, fos): + + if data['system_autoupdate_push_update']: + resp = system_autoupdate_push_update(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_autoupdate_push_update')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_autoupdate_push_update": { + "required": False, "type": "dict", "default": None, + "options": { + "address": {"required": False, "type": "str"}, + "override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_schedule.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_schedule.py new file mode 100644 index 00000000..5d28c38d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_schedule.py @@ -0,0 +1,304 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_autoupdate_schedule +short_description: Configure update schedule in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_autoupdate feature and schedule category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_autoupdate_schedule: + description: + - Configure update schedule. + default: null + type: dict + suboptions: + day: + description: + - Update day. + type: str + choices: + - Sunday + - Monday + - Tuesday + - Wednesday + - Thursday + - Friday + - Saturday + frequency: + description: + - Update frequency. + type: str + choices: + - every + - daily + - weekly + status: + description: + - Enable/disable scheduled updates. + type: str + choices: + - enable + - disable + time: + description: + - Update time. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure update schedule. + fortios_system_autoupdate_schedule: + vdom: "{{ vdom }}" + system_autoupdate_schedule: + day: "Sunday" + frequency: "every" + status: "enable" + time: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_autoupdate_schedule_data(json): + option_list = ['day', 'frequency', 'status', + 'time'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_autoupdate_schedule(data, fos): + vdom = data['vdom'] + system_autoupdate_schedule_data = data['system_autoupdate_schedule'] + filtered_data = underscore_to_hyphen(filter_system_autoupdate_schedule_data(system_autoupdate_schedule_data)) + + return fos.set('system.autoupdate', + 'schedule', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_autoupdate(data, fos): + + if data['system_autoupdate_schedule']: + resp = system_autoupdate_schedule(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_autoupdate_schedule')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_autoupdate_schedule": { + "required": False, "type": "dict", "default": None, + "options": { + "day": {"required": False, "type": "str", + "choices": ["Sunday", + "Monday", + "Tuesday", + "Wednesday", + "Thursday", + "Friday", + "Saturday"]}, + "frequency": {"required": False, "type": "str", + "choices": ["every", + "daily", + "weekly"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "time": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_tunneling.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_tunneling.py new file mode 100644 index 00000000..8c66f938 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_autoupdate_tunneling.py @@ -0,0 +1,288 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_autoupdate_tunneling +short_description: Configure web proxy tunnelling for the FDN in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_autoupdate feature and tunneling category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_autoupdate_tunneling: + description: + - Configure web proxy tunnelling for the FDN. + default: null + type: dict + suboptions: + address: + description: + - Web proxy IP address or FQDN. + type: str + password: + description: + - Web proxy password. + type: str + port: + description: + - Web proxy port. + type: int + status: + description: + - Enable/disable web proxy tunnelling. + type: str + choices: + - enable + - disable + username: + description: + - Web proxy username. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web proxy tunnelling for the FDN. + fortios_system_autoupdate_tunneling: + vdom: "{{ vdom }}" + system_autoupdate_tunneling: + address: "" + password: "" + port: "5" + status: "enable" + username: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_autoupdate_tunneling_data(json): + option_list = ['address', 'password', 'port', + 'status', 'username'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_autoupdate_tunneling(data, fos): + vdom = data['vdom'] + system_autoupdate_tunneling_data = data['system_autoupdate_tunneling'] + filtered_data = underscore_to_hyphen(filter_system_autoupdate_tunneling_data(system_autoupdate_tunneling_data)) + + return fos.set('system.autoupdate', + 'tunneling', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_autoupdate(data, fos): + + if data['system_autoupdate_tunneling']: + resp = system_autoupdate_tunneling(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_autoupdate_tunneling')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_autoupdate_tunneling": { + "required": False, "type": "dict", "default": None, + "options": { + "address": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "username": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_central_management.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_central_management.py new file mode 100644 index 00000000..9fb16555 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_central_management.py @@ -0,0 +1,461 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_central_management +short_description: Configure central management in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and central_management category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_central_management: + description: + - Configure central management. + default: null + type: dict + suboptions: + allow_monitor: + description: + - Enable/disable allowing the central management server to remotely monitor this FortiGate + type: str + choices: + - enable + - disable + allow_push_configuration: + description: + - Enable/disable allowing the central management server to push configuration changes to this FortiGate. + type: str + choices: + - enable + - disable + allow_push_firmware: + description: + - Enable/disable allowing the central management server to push firmware updates to this FortiGate. + type: str + choices: + - enable + - disable + allow_remote_firmware_upgrade: + description: + - Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. + type: str + choices: + - enable + - disable + enc_algorithm: + description: + - Encryption strength for communications between the FortiGate and central management. + type: str + choices: + - default + - high + - low + fmg: + description: + - IP address or FQDN of the FortiManager. + type: str + fmg_source_ip: + description: + - IPv4 source address that this FortiGate uses when communicating with FortiManager. + type: str + fmg_source_ip6: + description: + - IPv6 source address that this FortiGate uses when communicating with FortiManager. + type: str + include_default_servers: + description: + - Enable/disable inclusion of public FortiGuard servers in the override server list. + type: str + choices: + - enable + - disable + mode: + description: + - Central management mode. + type: str + choices: + - normal + - backup + schedule_config_restore: + description: + - Enable/disable allowing the central management server to restore the configuration of this FortiGate. + type: str + choices: + - enable + - disable + schedule_script_restore: + description: + - Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. + type: str + choices: + - enable + - disable + serial_number: + description: + - Serial number. + type: str + server_list: + description: + - Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) + servers. + type: list + suboptions: + addr_type: + description: + - Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. + type: str + choices: + - ipv4 + - ipv6 + - fqdn + fqdn: + description: + - FQDN address of override server. + type: str + id: + description: + - ID. + required: true + type: int + server_address: + description: + - IPv4 address of override server. + type: str + server_address6: + description: + - IPv6 address of override server. + type: str + server_type: + description: + - FortiGuard service type. + type: str + choices: + - update + - rating + type: + description: + - Central management type. + type: str + choices: + - fortimanager + - fortiguard + - none + vdom: + description: + - Virtual domain (VDOM) name to use when communicating with FortiManager. Source system.vdom.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure central management. + fortios_system_central_management: + vdom: "{{ vdom }}" + system_central_management: + allow_monitor: "enable" + allow_push_configuration: "enable" + allow_push_firmware: "enable" + allow_remote_firmware_upgrade: "enable" + enc_algorithm: "default" + fmg: "" + fmg_source_ip: "" + fmg_source_ip6: "" + include_default_servers: "enable" + mode: "normal" + schedule_config_restore: "enable" + schedule_script_restore: "enable" + serial_number: "" + server_list: + - + addr_type: "ipv4" + fqdn: "" + id: "19" + server_address: "" + server_address6: "" + server_type: "update" + type: "fortimanager" + vdom: " (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_central_management_data(json): + option_list = ['allow_monitor', 'allow_push_configuration', 'allow_push_firmware', + 'allow_remote_firmware_upgrade', 'enc_algorithm', 'fmg', + 'fmg_source_ip', 'fmg_source_ip6', 'include_default_servers', + 'mode', 'schedule_config_restore', 'schedule_script_restore', + 'serial_number', 'server_list', 'type', + 'vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_central_management(data, fos): + vdom = data['vdom'] + system_central_management_data = data['system_central_management'] + filtered_data = underscore_to_hyphen(filter_system_central_management_data(system_central_management_data)) + + return fos.set('system', + 'central-management', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_central_management']: + resp = system_central_management(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_central_management')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_central_management": { + "required": False, "type": "dict", "default": None, + "options": { + "allow_monitor": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allow_push_configuration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allow_push_firmware": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allow_remote_firmware_upgrade": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["default", + "high", + "low"]}, + "fmg": {"required": False, "type": "str"}, + "fmg_source_ip": {"required": False, "type": "str"}, + "fmg_source_ip6": {"required": False, "type": "str"}, + "include_default_servers": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mode": {"required": False, "type": "str", + "choices": ["normal", + "backup"]}, + "schedule_config_restore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "schedule_script_restore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "serial_number": {"required": False, "type": "str"}, + "server_list": {"required": False, "type": "list", + "options": { + "addr_type": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6", + "fqdn"]}, + "fqdn": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "server_address": {"required": False, "type": "str"}, + "server_address6": {"required": False, "type": "str"}, + "server_type": {"required": False, "type": "str", + "choices": ["update", + "rating"]} + }}, + "type": {"required": False, "type": "str", + "choices": ["fortimanager", + "fortiguard", + "none"]}, + "vdom": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_cluster_sync.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_cluster_sync.py new file mode 100644 index 00000000..72bba6de --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_cluster_sync.py @@ -0,0 +1,433 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_cluster_sync +short_description: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and cluster_sync category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_cluster_sync: + description: + - Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. + default: null + type: dict + suboptions: + down_intfs_before_sess_sync: + description: + - List of interfaces to be turned down before session synchronization is complete. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name. + required: true + type: str + hb_interval: + description: + - Heartbeat interval (1 - 10 sec). + type: int + hb_lost_threshold: + description: + - Lost heartbeat threshold (1 - 10). + type: int + peerip: + description: + - IP address of the interface on the peer unit that is used for the session synchronization link. + type: str + peervd: + description: + - VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd. Source + system.vdom.name. + type: str + session_sync_filter: + description: + - Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize. + type: dict + suboptions: + custom_service: + description: + - Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custome + services. + type: list + suboptions: + dst_port_range: + description: + - Custom service destination port range. + type: str + id: + description: + - Custom service ID. + required: true + type: int + src_port_range: + description: + - Custom service source port range. + type: str + dstaddr: + description: + - Only sessions to this IPv4 address are synchronized. You can only enter one address. To synchronize sessions for multiple + destination addresses, add multiple filters. + type: str + dstaddr6: + description: + - Only sessions to this IPv6 address are synchronized. You can only enter one address. To synchronize sessions for multiple + destination addresses, add multiple filters. + type: str + dstintf: + description: + - Only sessions to this interface are synchronized. You can only enter one interface name. To synchronize sessions to multiple + destination interfaces, add multiple filters. Source system.interface.name. + type: str + srcaddr: + description: + - Only sessions from this IPv4 address are synchronized. You can only enter one address. To synchronize sessions from multiple + source addresses, add multiple filters. + type: str + srcaddr6: + description: + - Only sessions from this IPv6 address are synchronized. You can only enter one address. To synchronize sessions from multiple + source addresses, add multiple filters. + type: str + srcintf: + description: + - Only sessions from this interface are synchronized. You can only enter one interface name. To synchronize sessions for multiple + source interfaces, add multiple filters. Source system.interface.name. + type: str + slave_add_ike_routes: + description: + - Enable/disable IKE route announcement on the backup unit. + type: str + choices: + - enable + - disable + sync_id: + description: + - Sync ID. + type: int + syncvd: + description: + - Sessions from these VDOMs are synchronized using this session synchronization configuration. + type: list + suboptions: + name: + description: + - VDOM name. Source system.vdom.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. + fortios_system_cluster_sync: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_cluster_sync: + down_intfs_before_sess_sync: + - + name: "default_name_4 (source system.interface.name)" + hb_interval: "5" + hb_lost_threshold: "6" + peerip: "" + peervd: " (source system.vdom.name)" + session_sync_filter: + custom_service: + - + dst_port_range: "" + id: "12" + src_port_range: "" + dstaddr: "" + dstaddr6: "" + dstintf: " (source system.interface.name)" + srcaddr: "" + srcaddr6: "" + srcintf: " (source system.interface.name)" + slave_add_ike_routes: "enable" + sync_id: "21" + syncvd: + - + name: "default_name_23 (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_cluster_sync_data(json): + option_list = ['down_intfs_before_sess_sync', 'hb_interval', 'hb_lost_threshold', + 'peerip', 'peervd', 'session_sync_filter', + 'slave_add_ike_routes', 'sync_id', 'syncvd'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_cluster_sync(data, fos): + vdom = data['vdom'] + state = data['state'] + system_cluster_sync_data = data['system_cluster_sync'] + filtered_data = underscore_to_hyphen(filter_system_cluster_sync_data(system_cluster_sync_data)) + + if state == "present": + return fos.set('system', + 'cluster-sync', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'cluster-sync', + mkey=filtered_data['sync-id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_cluster_sync']: + resp = system_cluster_sync(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_cluster_sync')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'sync-id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_cluster_sync": { + "required": False, "type": "dict", "default": None, + "options": { + "down_intfs_before_sess_sync": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "hb_interval": {"required": False, "type": "int"}, + "hb_lost_threshold": {"required": False, "type": "int"}, + "peerip": {"required": False, "type": "str"}, + "peervd": {"required": False, "type": "str"}, + "session_sync_filter": {"required": False, "type": "dict", + "options": { + "custom_service": {"required": False, "type": "list", + "options": { + "dst_port_range": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "src_port_range": {"required": False, "type": "str"} + }}, + "dstaddr": {"required": False, "type": "str"}, + "dstaddr6": {"required": False, "type": "str"}, + "dstintf": {"required": False, "type": "str"}, + "srcaddr": {"required": False, "type": "str"}, + "srcaddr6": {"required": False, "type": "str"}, + "srcintf": {"required": False, "type": "str"} + }}, + "slave_add_ike_routes": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sync_id": {"required": False, "type": "int"}, + "syncvd": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py new file mode 100644 index 00000000..42b5eac4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py @@ -0,0 +1,472 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# the lib use python logging can get it if the following is set in your +# Ansible config. +# log_path = /var/tmp/ansible.log in your conf.. + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_config_backup_restore +short_description: Backup/restore fortigate configuration +description: + - This module is able to backup or restore the global or particial settings of the fortigate + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Jie Xue (@JieX19) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + - But this module relies on fortiosapi, please make sure fortiosapi is installed before using it +options: + host: + type: str + required: false + description: + - host of fortigate + password: + type: str + required: false + description: + - password of fortigate + username: + type: str + required: false + description: + - username of fortigate + description: + type: str + required: false + description: + - descriptive text + vdom: + type: str + required: false + default: root + description: + - vdom to operate on + config: + type: str + required: false + description: + - configuration to restore + mkey: + type: str + required: false + description: + - primary key + https: + type: bool + required: false + default: true + description: + - use https or not + ssl_verify: + type: bool + required: false + default: true + description: + - enable ssl verification or not + backup: + type: str + required: false + description: + - content to backup + scope: + type: str + required: true + description: + - scope to operation on + filename: + type: str + required: true + description: + - the file name + commands: + type: str + required: false + description: + - the command +requirements: + - ansible>=2.9.0 +''' + +EXAMPLES = ''' +- hosts: localhost + connection: httpapi + collections: + - fortinet.fortios + vars: + vdom: "root" + host: "192.168.122.60" + username: "admin" + password: "" + tasks: + - name: backup global or a_specific_vdom settings + fortios_system_config_backup_restore: + config: "system config backup" + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + backup: "yes" + https: True + ssl_verify: False + scope: "global or vdom" + filename: "/tmp/backup_test" + - name: Restore global or a_specific_vdom settings + fortios_system_config_backup_restore: + config: "system config restore" + host: "{{ host }}" + username: "{{ username }}" + password: "{{ password }}" + vdom: "{{ vdom }}" + https: True + ssl_verify: False + scope: "global or vdom" + filename: "/tmp/backup_test" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' +from ansible.module_utils.basic import * +# from fortiosapi import FortiOSAPI +import json +from argparse import Namespace +import logging +import difflib +import re +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + +# fos = FortiOSAPI() +formatter = logging.Formatter( + '%(asctime)s %(name)-12s %(levelname)-8s %(message)s') +logger = logging.getLogger('fortiosapi') +hdlr = logging.FileHandler('/var/tmp/ansible-fortiosconfig.log') +hdlr.setFormatter(formatter) +logger.addHandler(hdlr) +logger.setLevel(logging.DEBUG) + +CONFIG_CALLS = [] + +# Note most "monitor calls" are not idempotent due to its own operational nature. They are +# 'one shot' operations that do not fit well as Ansible. However they are included here +# for certain scenarios where using Ansible is mandatory for everything + +MONITOR_CALLS = [ + 'system config backup', + 'system config restore', +] + + +def login(fos, data): + host = data['host'] + username = data['username'] + password = data['password'] + ssl_verify = data['ssl_verify'] + if 'https' in data and not data['https']: + fos.https('off') + else: + fos.https('on') + fos.debug('on') + fos.login(host, username, password, verify=ssl_verify) + + +def logout(fos): + fos.logout() + + +def check_diff(data): + + # get the scope ['global' | 'vdom'] + scope = data['vdom'] + + # check diff for specific scope + parameters = {'destination': 'file', + 'scope': scope} + + resp = fos.monitor('system/config', + 'backup', + vdom=data['vdom'], + parameters=parameters) + + if resp['status'] != 'success': + return True, False, { + 'status': resp['status'], + # 'version': resp['version'], + 'results': resp['results'] + } + + remote_filename = resp['results']['DOWNLOAD_SOURCE_FILE'] + # download for specific scope + parameters = {'scope': scope} + + resp = fos.download('system/config', + 'backup' + remote_filename, + vdom=data['vdom'], + parameters=parameters) + # version = fos.get_version() + + if resp.status_code == 200: + filtered_remote_config_file = remove_sensitive_data(resp.content) + filtered_local_config_file = remove_sensitive_data(open(data['filename'], 'r').read()) + + remote_config_file = filtered_remote_config_file.strip().splitlines() + local_config_file = filtered_local_config_file.strip().splitlines() + + differences = "" + for line in difflib.unified_diff(local_config_file, remote_config_file, fromfile='local', tofile='fortigate', + lineterm=''): + differences += line + '\n' + + return False, True, { + 'status': resp.status_code, + # 'version': version, + 'diff': differences + } + else: + return True, False, { + 'status': resp.status_code, + # 'version': version + } + + +def fortigate_backup(fos, data): + functions = data['config'].split() + + # backup config for specific scope + parameters = {'destination': 'file', + 'scope': data['scope']} + + resp = fos.monitor(functions[0] + '/' + functions[1], + functions[2], + vdom=data['vdom'], + parameters=parameters) + + # version = fos.get_version() + backup_content = "" + + if 'status' in resp: # Old versions use this mechanism + if resp['status'] != 'success': + return True, False, { + 'status': resp['status'], + # 'version': resp['version'], + 'results': resp['results'] + } + + remote_filename = '/download?mkey=' + resp['results']['DOWNLOAD_SOURCE_FILE'] + parameters = {'scope': data['scope']} + resp = fos.download(functions[0] + '/' + functions[1], + functions[2] + remote_filename, + vdom=data['vdom'], + parameters=parameters) + if resp.status_code == 200: + backup_content = resp.content + + elif 'status_code' in dir(resp): + if resp.status_code == 200: + backup_content = resp.text + + else: + return True, False, { + 'status': 500, + # 'version': version + } + + file = open(data['filename'], 'w') + file.write(backup_content) + file.close() + + return False, False, { + 'status': 200, + # 'version': version, + 'backup': backup_content + } + + +# Make sure the specific VDOM exists in the fortigate before restoring it. Using fortios_system_vdom module to create a VDOM. +def fortigate_upload(fos, data): + if data['diff']: + return check_diff(data) + + # get the scope ['global' | 'VDOM'] + scope = data['scope'] + functions = data['config'].split() + + # paramters for global_restore | VDOM_restore + parameters = {'global': '1'} if scope == 'global' else {'vdom': data['vdom']} + upload_data = {'source': 'upload', 'scope': scope} + files = {'file': ('backup_data', open(data['filename'], 'r'), 'text/plain')} + + # If 'vdom' scope specified, the name of VDOM to restore configuration + resp = fos.upload(functions[0] + '/' + functions[1], functions[2], + data=upload_data, + parameters=parameters, + vdom=data['vdom'], + files=files) + # version = fos.get_version() + + if resp.status_code == 200: + return False, True, { + 'status': resp.status_code, + # 'version': version, + 'result': resp.content + } + else: + return True, False, { + 'status': resp.status_code, + # 'version': version, + 'result': resp.content + } + + +def main(): + fields = { + "host": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "username": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "config": {"required": False, "choices": CONFIG_CALLS + MONITOR_CALLS, "type": "str"}, + "mkey": {"required": False, "type": "str"}, + "https": {"required": False, "type": "bool", "default": "True"}, + "ssl_verify": {"required": False, "type": "bool", "default": "True"}, + "backup": {"required": False, "type": "str"}, + "scope": {"required": True, "type": "str"}, + "filename": {"required": True, "type": "str"}, + "commands": {"required": False, "type": "str"} + } + + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + # legacy_mode refers to using fortiosapi instead of HTTPAPI + legacy_mode = 'host' in module.params and module.params['host'] is not None and \ + 'username' in module.params and module.params['username'] is not None and \ + 'password' in module.params and module.params['password'] is not None + + versions_check_result = None + if not legacy_mode: + if module._socket_path: + connection = Connection(module._socket_path) + fos = FortiOSHandler(connection) + else: + module.fail_json(**FAIL_SOCKET_MSG) + else: + try: + from fortiosapi import FortiOSAPI + except ImportError: + module.fail_json(msg="fortiosapi module is required") + + fos = FortiOSAPI() + login(fos, module.params) + + module.params['diff'] = False + try: + module.params['diff'] = module._diff + except BaseException: + logger.warning("Diff mode is only available on Ansible 2.1 and later versions") + pass + + if module.params['backup']: + is_error, has_changed, result = fortigate_backup(fos, module.params) + else: + is_error, has_changed, result = fortigate_upload(fos, module.params) + + if not is_error: + if module.params['diff']: + module.exit_json(changed=has_changed, meta=result, diff={'prepared': result['diff']}) + else: + module.exit_json(changed=has_changed, meta=result) + else: + module.fail_json(msg="Error", meta=result) + + logout(fos) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_console.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_console.py new file mode 100644 index 00000000..fe6e2778 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_console.py @@ -0,0 +1,303 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_console +short_description: Configure console in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and console category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_console: + description: + - Configure console. + default: null + type: dict + suboptions: + baudrate: + description: + - Console baud rate. + type: str + choices: + - 9600 + - 19200 + - 38400 + - 57600 + - 115200 + login: + description: + - Enable/disable serial console and FortiExplorer. + type: str + choices: + - enable + - disable + mode: + description: + - Console mode. + type: str + choices: + - batch + - line + output: + description: + - Console output mode. + type: str + choices: + - standard + - more +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure console. + fortios_system_console: + vdom: "{{ vdom }}" + system_console: + baudrate: "9600" + login: "enable" + mode: "batch" + output: "standard" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_console_data(json): + option_list = ['baudrate', 'login', 'mode', + 'output'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_console(data, fos): + vdom = data['vdom'] + system_console_data = data['system_console'] + filtered_data = underscore_to_hyphen(filter_system_console_data(system_console_data)) + + return fos.set('system', + 'console', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_console']: + resp = system_console(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_console')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_console": { + "required": False, "type": "dict", "default": None, + "options": { + "baudrate": {"required": False, "type": "str", + "choices": ["9600", + "19200", + "38400", + "57600", + "115200"]}, + "login": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mode": {"required": False, "type": "str", + "choices": ["batch", + "line"]}, + "output": {"required": False, "type": "str", + "choices": ["standard", + "more"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_csf.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_csf.py new file mode 100644 index 00000000..8a75ca20 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_csf.py @@ -0,0 +1,402 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_csf +short_description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and csf category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_csf: + description: + - Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. + default: null + type: dict + suboptions: + configuration_sync: + description: + - Configuration sync mode. + type: str + choices: + - default + - local + fabric_device: + description: + - Fabric device configuration. + type: list + suboptions: + device_ip: + description: + - Device IP. + type: str + device_type: + description: + - Device type. + type: str + choices: + - fortimail + login: + description: + - Device login name. + type: str + name: + description: + - Device name. + required: true + type: str + password: + description: + - Device login password. + type: str + fixed_key: + description: + - Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) + type: str + group_name: + description: + - Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. + type: str + group_password: + description: + - Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. + type: str + management_ip: + description: + - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. + type: str + status: + description: + - Enable/disable Security Fabric. + type: str + choices: + - enable + - disable + trusted_list: + description: + - Pre-authorized and blocked security fabric nodes. + type: list + suboptions: + action: + description: + - Security fabric authorization action. + type: str + choices: + - accept + - deny + downstream_authorization: + description: + - Trust authorizations by this node"s administrator. + type: str + choices: + - enable + - disable + ha_members: + description: + - HA members. + type: str + serial: + description: + - Serial. + required: true + type: str + upstream_ip: + description: + - IP address of the FortiGate upstream from this FortiGate in the Security Fabric. + type: str + upstream_port: + description: + - The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric . + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. + fortios_system_csf: + vdom: "{{ vdom }}" + system_csf: + configuration_sync: "default" + fabric_device: + - + device_ip: "" + device_type: "fortimail" + login: "" + name: "default_name_8" + password: "" + fixed_key: "" + group_name: "" + group_password: "" + management_ip: "" + status: "enable" + trusted_list: + - + action: "accept" + downstream_authorization: "enable" + ha_members: "" + serial: "" + upstream_ip: "" + upstream_port: "21" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_csf_data(json): + option_list = ['configuration_sync', 'fabric_device', 'fixed_key', + 'group_name', 'group_password', 'management_ip', + 'status', 'trusted_list', 'upstream_ip', + 'upstream_port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_csf(data, fos): + vdom = data['vdom'] + system_csf_data = data['system_csf'] + filtered_data = underscore_to_hyphen(filter_system_csf_data(system_csf_data)) + + return fos.set('system', + 'csf', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_csf']: + resp = system_csf(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_csf')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_csf": { + "required": False, "type": "dict", "default": None, + "options": { + "configuration_sync": {"required": False, "type": "str", + "choices": ["default", + "local"]}, + "fabric_device": {"required": False, "type": "list", + "options": { + "device_ip": {"required": False, "type": "str"}, + "device_type": {"required": False, "type": "str", + "choices": ["fortimail"]}, + "login": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str"} + }}, + "fixed_key": {"required": False, "type": "str"}, + "group_name": {"required": False, "type": "str"}, + "group_password": {"required": False, "type": "str"}, + "management_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trusted_list": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "downstream_authorization": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha_members": {"required": False, "type": "str"}, + "serial": {"required": True, "type": "str"} + }}, + "upstream_ip": {"required": False, "type": "str"}, + "upstream_port": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_custom_language.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_custom_language.py new file mode 100644 index 00000000..d5061655 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_custom_language.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_custom_language +short_description: Configure custom languages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and custom_language category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_custom_language: + description: + - Configure custom languages. + default: null + type: dict + suboptions: + comments: + description: + - Comment. + type: str + filename: + description: + - Custom language file path. + type: str + name: + description: + - Name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure custom languages. + fortios_system_custom_language: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_custom_language: + comments: "" + filename: "" + name: "default_name_5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_custom_language_data(json): + option_list = ['comments', 'filename', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_custom_language(data, fos): + vdom = data['vdom'] + state = data['state'] + system_custom_language_data = data['system_custom_language'] + filtered_data = underscore_to_hyphen(filter_system_custom_language_data(system_custom_language_data)) + + if state == "present": + return fos.set('system', + 'custom-language', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'custom-language', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_custom_language']: + resp = system_custom_language(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_custom_language')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_custom_language": { + "required": False, "type": "dict", "default": None, + "options": { + "comments": {"required": False, "type": "str"}, + "filename": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ddns.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ddns.py new file mode 100644 index 00000000..0ac1ad8b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ddns.py @@ -0,0 +1,436 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ddns +short_description: Configure DDNS in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ddns category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_ddns: + description: + - Configure DDNS. + default: null + type: dict + suboptions: + bound_ip: + description: + - Bound IP address. + type: str + clear_text: + description: + - Enable/disable use of clear text connections. + type: str + choices: + - disable + - enable + ddns_auth: + description: + - Enable/disable TSIG authentication for your DDNS server. + type: str + choices: + - disable + - tsig + ddns_domain: + description: + - Your fully qualified domain name (for example, yourname.DDNS.com). + type: str + ddns_key: + description: + - DDNS update key (base 64 encoding). + type: str + ddns_keyname: + description: + - DDNS update key name. + type: str + ddns_password: + description: + - DDNS password. + type: str + ddns_server: + description: + - Select a DDNS service provider. + type: str + choices: + - dyndns.org + - dyns.net + - tzo.com + - vavic.com + - dipdns.net + - now.net.cn + - dhs.org + - easydns.com + - genericDDNS + - FortiGuardDDNS + - noip.com + ddns_server_ip: + description: + - Generic DDNS server IP. + type: str + ddns_sn: + description: + - DDNS Serial Number. + type: str + ddns_ttl: + description: + - Time-to-live for DDNS packets. + type: int + ddns_username: + description: + - DDNS user name. + type: str + ddns_zone: + description: + - Zone of your domain name (for example, DDNS.com). + type: str + ddnsid: + description: + - DDNS ID. + required: true + type: int + monitor_interface: + description: + - Monitored interface. + type: list + suboptions: + interface_name: + description: + - Interface name. Source system.interface.name. + type: str + ssl_certificate: + description: + - Name of local certificate for SSL connections. Source certificate.local.name. + type: str + update_interval: + description: + - DDNS update interval (60 - 2592000 sec). + type: int + use_public_ip: + description: + - Enable/disable use of public IP address. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DDNS. + fortios_system_ddns: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ddns: + bound_ip: "" + clear_text: "disable" + ddns_auth: "disable" + ddns_domain: "" + ddns_key: "" + ddns_keyname: "" + ddns_password: "" + ddns_server: "dyndns.org" + ddns_server_ip: "" + ddns_sn: "" + ddns_ttl: "13" + ddns_username: "" + ddns_zone: "" + ddnsid: "16" + monitor_interface: + - + interface_name: " (source system.interface.name)" + ssl_certificate: " (source certificate.local.name)" + update_interval: "20" + use_public_ip: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ddns_data(json): + option_list = ['bound_ip', 'clear_text', 'ddns_auth', + 'ddns_domain', 'ddns_key', 'ddns_keyname', + 'ddns_password', 'ddns_server', 'ddns_server_ip', + 'ddns_sn', 'ddns_ttl', 'ddns_username', + 'ddns_zone', 'ddnsid', 'monitor_interface', + 'ssl_certificate', 'update_interval', 'use_public_ip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ddns(data, fos): + vdom = data['vdom'] + state = data['state'] + system_ddns_data = data['system_ddns'] + filtered_data = underscore_to_hyphen(filter_system_ddns_data(system_ddns_data)) + + if state == "present": + return fos.set('system', + 'ddns', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'ddns', + mkey=filtered_data['ddnsid'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ddns']: + resp = system_ddns(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ddns')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'ddnsid' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_ddns": { + "required": False, "type": "dict", "default": None, + "options": { + "bound_ip": {"required": False, "type": "str"}, + "clear_text": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ddns_auth": {"required": False, "type": "str", + "choices": ["disable", + "tsig"]}, + "ddns_domain": {"required": False, "type": "str"}, + "ddns_key": {"required": False, "type": "str"}, + "ddns_keyname": {"required": False, "type": "str"}, + "ddns_password": {"required": False, "type": "str"}, + "ddns_server": {"required": False, "type": "str", + "choices": ["dyndns.org", + "dyns.net", + "tzo.com", + "vavic.com", + "dipdns.net", + "now.net.cn", + "dhs.org", + "easydns.com", + "genericDDNS", + "FortiGuardDDNS", + "noip.com"]}, + "ddns_server_ip": {"required": False, "type": "str"}, + "ddns_sn": {"required": False, "type": "str"}, + "ddns_ttl": {"required": False, "type": "int"}, + "ddns_username": {"required": False, "type": "str"}, + "ddns_zone": {"required": False, "type": "str"}, + "ddnsid": {"required": True, "type": "int"}, + "monitor_interface": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "ssl_certificate": {"required": False, "type": "str"}, + "update_interval": {"required": False, "type": "int"}, + "use_public_ip": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dedicated_mgmt.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dedicated_mgmt.py new file mode 100644 index 00000000..3d9162b8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dedicated_mgmt.py @@ -0,0 +1,306 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_dedicated_mgmt +short_description: Configure dedicated management in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and dedicated_mgmt category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_dedicated_mgmt: + description: + - Configure dedicated management. + default: null + type: dict + suboptions: + default_gateway: + description: + - Default gateway for dedicated management interface. + type: str + dhcp_end_ip: + description: + - DHCP end IP for dedicated management. + type: str + dhcp_netmask: + description: + - DHCP netmask. + type: str + dhcp_server: + description: + - Enable/disable DHCP server on management interface. + type: str + choices: + - enable + - disable + dhcp_start_ip: + description: + - DHCP start IP for dedicated management. + type: str + interface: + description: + - Dedicated management interface. Source system.interface.name. + type: str + status: + description: + - Enable/disable dedicated management. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure dedicated management. + fortios_system_dedicated_mgmt: + vdom: "{{ vdom }}" + system_dedicated_mgmt: + default_gateway: "" + dhcp_end_ip: "" + dhcp_netmask: "" + dhcp_server: "enable" + dhcp_start_ip: "" + interface: " (source system.interface.name)" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_dedicated_mgmt_data(json): + option_list = ['default_gateway', 'dhcp_end_ip', 'dhcp_netmask', + 'dhcp_server', 'dhcp_start_ip', 'interface', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_dedicated_mgmt(data, fos): + vdom = data['vdom'] + system_dedicated_mgmt_data = data['system_dedicated_mgmt'] + filtered_data = underscore_to_hyphen(filter_system_dedicated_mgmt_data(system_dedicated_mgmt_data)) + + return fos.set('system', + 'dedicated-mgmt', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_dedicated_mgmt']: + resp = system_dedicated_mgmt(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_dedicated_mgmt')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_dedicated_mgmt": { + "required": False, "type": "dict", "default": None, + "options": { + "default_gateway": {"required": False, "type": "str"}, + "dhcp_end_ip": {"required": False, "type": "str"}, + "dhcp_netmask": {"required": False, "type": "str"}, + "dhcp_server": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp_start_ip": {"required": False, "type": "str"}, + "interface": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp6_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp6_server.py new file mode 100644 index 00000000..b424b75f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp6_server.py @@ -0,0 +1,474 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_dhcp6_server +short_description: Configure DHCPv6 servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_dhcp6 feature and server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_dhcp6_server: + description: + - Configure DHCPv6 servers. + default: null + type: dict + suboptions: + dns_search_list: + description: + - DNS search list options. + type: str + choices: + - delegated + - specify + dns_server1: + description: + - DNS server 1. + type: str + dns_server2: + description: + - DNS server 2. + type: str + dns_server3: + description: + - DNS server 3. + type: str + dns_service: + description: + - Options for assigning DNS servers to DHCPv6 clients. + type: str + choices: + - delegated + - default + - specify + domain: + description: + - Domain name suffix for the IP addresses that the DHCP server assigns to clients. + type: str + id: + description: + - ID. + required: true + type: int + interface: + description: + - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. + type: str + ip_mode: + description: + - Method used to assign client IP. + type: str + choices: + - range + - delegated + ip_range: + description: + - DHCP IP range configuration. + type: list + suboptions: + end_ip: + description: + - End of IP range. + type: str + id: + description: + - ID. + required: true + type: int + start_ip: + description: + - Start of IP range. + type: str + lease_time: + description: + - Lease time in seconds, 0 means unlimited. + type: int + option1: + description: + - Option 1. + type: str + option2: + description: + - Option 2. + type: str + option3: + description: + - Option 3. + type: str + prefix_range: + description: + - DHCP prefix configuration. + type: list + suboptions: + end_prefix: + description: + - End of prefix range. + type: str + id: + description: + - ID. + required: true + type: int + prefix_length: + description: + - Prefix length. + type: int + start_prefix: + description: + - Start of prefix range. + type: str + rapid_commit: + description: + - Enable/disable allow/disallow rapid commit. + type: str + choices: + - disable + - enable + status: + description: + - Enable/disable this DHCPv6 configuration. + type: str + choices: + - disable + - enable + subnet: + description: + - Subnet or subnet-id if the IP mode is delegated. + type: str + upstream_interface: + description: + - Interface name from where delegated information is provided. Source system.interface.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DHCPv6 servers. + fortios_system_dhcp6_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dhcp6_server: + dns_search_list: "delegated" + dns_server1: "" + dns_server2: "" + dns_server3: "" + dns_service: "delegated" + domain: "" + id: "9" + interface: " (source system.interface.name)" + ip_mode: "range" + ip_range: + - + end_ip: "" + id: "14" + start_ip: "" + lease_time: "16" + option1: "" + option2: "" + option3: "" + prefix_range: + - + end_prefix: "" + id: "22" + prefix_length: "23" + start_prefix: "" + rapid_commit: "disable" + status: "disable" + subnet: "" + upstream_interface: " (source system.interface.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_dhcp6_server_data(json): + option_list = ['dns_search_list', 'dns_server1', 'dns_server2', + 'dns_server3', 'dns_service', 'domain', + 'id', 'interface', 'ip_mode', + 'ip_range', 'lease_time', 'option1', + 'option2', 'option3', 'prefix_range', + 'rapid_commit', 'status', 'subnet', + 'upstream_interface'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_dhcp6_server(data, fos): + vdom = data['vdom'] + state = data['state'] + system_dhcp6_server_data = data['system_dhcp6_server'] + filtered_data = underscore_to_hyphen(filter_system_dhcp6_server_data(system_dhcp6_server_data)) + + if state == "present": + return fos.set('system.dhcp6', + 'server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.dhcp6', + 'server', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_dhcp6(data, fos): + + if data['system_dhcp6_server']: + resp = system_dhcp6_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_dhcp6_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_dhcp6_server": { + "required": False, "type": "dict", "default": None, + "options": { + "dns_search_list": {"required": False, "type": "str", + "choices": ["delegated", + "specify"]}, + "dns_server1": {"required": False, "type": "str"}, + "dns_server2": {"required": False, "type": "str"}, + "dns_server3": {"required": False, "type": "str"}, + "dns_service": {"required": False, "type": "str", + "choices": ["delegated", + "default", + "specify"]}, + "domain": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip_mode": {"required": False, "type": "str", + "choices": ["range", + "delegated"]}, + "ip_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "lease_time": {"required": False, "type": "int"}, + "option1": {"required": False, "type": "str"}, + "option2": {"required": False, "type": "str"}, + "option3": {"required": False, "type": "str"}, + "prefix_range": {"required": False, "type": "list", + "options": { + "end_prefix": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "prefix_length": {"required": False, "type": "int"}, + "start_prefix": {"required": False, "type": "str"} + }}, + "rapid_commit": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "subnet": {"required": False, "type": "str"}, + "upstream_interface": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_dhcp6(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp_server.py new file mode 100644 index 00000000..e313a88c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dhcp_server.py @@ -0,0 +1,985 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_dhcp_server +short_description: Configure DHCP servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_dhcp feature and server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + system_dhcp_server: + description: + - Configure DHCP servers. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + auto_configuration: + description: + - Enable/disable auto configuration. + type: str + choices: + - disable + - enable + conflicted_ip_timeout: + description: + - Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. + type: int + ddns_auth: + description: + - DDNS authentication mode. + type: str + choices: + - disable + - tsig + ddns_key: + description: + - DDNS update key (base 64 encoding). + type: str + ddns_keyname: + description: + - DDNS update key name. + type: str + ddns_server_ip: + description: + - DDNS server IP. + type: str + ddns_ttl: + description: + - TTL. + type: int + ddns_update: + description: + - Enable/disable DDNS update for DHCP. + type: str + choices: + - disable + - enable + ddns_update_override: + description: + - Enable/disable DDNS update override for DHCP. + type: str + choices: + - disable + - enable + ddns_zone: + description: + - Zone of your domain name (ex. DDNS.com). + type: str + default_gateway: + description: + - Default gateway IP address assigned by the DHCP server. + type: str + dns_server1: + description: + - DNS server 1. + type: str + dns_server2: + description: + - DNS server 2. + type: str + dns_server3: + description: + - DNS server 3. + type: str + dns_service: + description: + - Options for assigning DNS servers to DHCP clients. + type: str + choices: + - local + - default + - specify + domain: + description: + - Domain name suffix for the IP addresses that the DHCP server assigns to clients. + type: str + exclude_range: + description: + - Exclude one or more ranges of IP addresses from being assigned to clients. + type: list + suboptions: + end_ip: + description: + - End of IP range. + type: str + id: + description: + - ID. + required: true + type: int + start_ip: + description: + - Start of IP range. + type: str + filename: + description: + - Name of the boot file on the TFTP server. + type: str + forticlient_on_net_status: + description: + - Enable/disable FortiClient-On-Net service for this DHCP server. + type: str + choices: + - disable + - enable + id: + description: + - ID. + required: true + type: int + interface: + description: + - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. + type: str + ip_mode: + description: + - Method used to assign client IP. + type: str + choices: + - range + - usrgrp + ip_range: + description: + - DHCP IP range configuration. + type: list + suboptions: + end_ip: + description: + - End of IP range. + type: str + id: + description: + - ID. + required: true + type: int + start_ip: + description: + - Start of IP range. + type: str + ipsec_lease_hold: + description: + - DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). + type: int + lease_time: + description: + - Lease time in seconds, 0 means unlimited. + type: int + mac_acl_default_action: + description: + - MAC access control default action (allow or block assigning IP settings). + type: str + choices: + - assign + - block + netmask: + description: + - Netmask assigned by the DHCP server. + type: str + next_server: + description: + - IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. + type: str + ntp_server1: + description: + - NTP server 1. + type: str + ntp_server2: + description: + - NTP server 2. + type: str + ntp_server3: + description: + - NTP server 3. + type: str + ntp_service: + description: + - Options for assigning Network Time Protocol (NTP) servers to DHCP clients. + type: str + choices: + - local + - default + - specify + options: + description: + - DHCP options. + type: list + suboptions: + code: + description: + - DHCP option code. + type: int + id: + description: + - ID. + required: true + type: int + ip: + description: + - DHCP option IPs. + type: str + type: + description: + - DHCP option type. + type: str + choices: + - hex + - string + - ip + value: + description: + - DHCP option value. + type: str + reserved_address: + description: + - Options for the DHCP server to assign IP settings to specific MAC addresses. + type: list + suboptions: + action: + description: + - Options for the DHCP server to configure the client with the reserved MAC address. + type: str + choices: + - assign + - block + - reserved + description: + description: + - Description. + type: str + id: + description: + - ID. + required: true + type: int + ip: + description: + - IP address to be reserved for the MAC address. + type: str + mac: + description: + - MAC address of the client that will get the reserved IP address. + type: str + server_type: + description: + - DHCP server can be a normal DHCP server or an IPsec DHCP server. + type: str + choices: + - regular + - ipsec + status: + description: + - Enable/disable this DHCP configuration. + type: str + choices: + - disable + - enable + tftp_server: + description: + - One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. + type: list + suboptions: + tftp_server: + description: + - TFTP server. + type: str + timezone: + description: + - Select the time zone to be assigned to DHCP clients. + type: str + choices: + - 01 + - 02 + - 03 + - 04 + - 05 + - 81 + - 06 + - 07 + - 08 + - 09 + - 10 + - 11 + - 12 + - 13 + - 74 + - 14 + - 77 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 75 + - 87 + - 21 + - 22 + - 23 + - 24 + - 80 + - 79 + - 25 + - 26 + - 27 + - 28 + - 78 + - 29 + - 30 + - 31 + - 32 + - 33 + - 34 + - 35 + - 36 + - 37 + - 38 + - 83 + - 84 + - 40 + - 85 + - 41 + - 42 + - 43 + - 39 + - 44 + - 46 + - 47 + - 51 + - 48 + - 45 + - 49 + - 50 + - 52 + - 53 + - 54 + - 55 + - 56 + - 57 + - 58 + - 59 + - 60 + - 62 + - 63 + - 61 + - 64 + - 65 + - 66 + - 67 + - 68 + - 69 + - 70 + - 71 + - 72 + - 00 + - 82 + - 73 + - 86 + - 76 + timezone_option: + description: + - Options for the DHCP server to set the client"s time zone. + type: str + choices: + - disable + - default + - specify + vci_match: + description: + - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. + type: str + choices: + - disable + - enable + vci_string: + description: + - One or more VCI strings in quotes separated by spaces. + type: list + suboptions: + vci_string: + description: + - VCI strings. + type: str + wifi_ac1: + description: + - WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). + type: str + wifi_ac2: + description: + - WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). + type: str + wifi_ac3: + description: + - WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). + type: str + wins_server1: + description: + - WINS server 1. + type: str + wins_server2: + description: + - WINS server 2. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DHCP servers. + fortios_system_dhcp_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dhcp_server: + auto_configuration: "disable" + conflicted_ip_timeout: "4" + ddns_auth: "disable" + ddns_key: "" + ddns_keyname: "" + ddns_server_ip: "" + ddns_ttl: "9" + ddns_update: "disable" + ddns_update_override: "disable" + ddns_zone: "" + default_gateway: "" + dns_server1: "" + dns_server2: "" + dns_server3: "" + dns_service: "local" + domain: "" + exclude_range: + - + end_ip: "" + id: "21" + start_ip: "" + filename: "" + forticlient_on_net_status: "disable" + id: "25" + interface: " (source system.interface.name)" + ip_mode: "range" + ip_range: + - + end_ip: "" + id: "30" + start_ip: "" + ipsec_lease_hold: "32" + lease_time: "33" + mac_acl_default_action: "assign" + netmask: "" + next_server: "" + ntp_server1: "" + ntp_server2: "" + ntp_server3: "" + ntp_service: "local" + options: + - + code: "42" + id: "43" + ip: "" + type: "hex" + value: "" + reserved_address: + - + action: "assign" + description: "" + id: "50" + ip: "" + mac: "" + server_type: "regular" + status: "disable" + tftp_server: + - + tftp_server: "" + timezone: "01" + timezone_option: "disable" + vci_match: "disable" + vci_string: + - + vci_string: "" + wifi_ac1: "" + wifi_ac2: "" + wifi_ac3: "" + wins_server1: "" + wins_server2: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_dhcp_server_data(json): + option_list = ['auto_configuration', 'conflicted_ip_timeout', 'ddns_auth', + 'ddns_key', 'ddns_keyname', 'ddns_server_ip', + 'ddns_ttl', 'ddns_update', 'ddns_update_override', + 'ddns_zone', 'default_gateway', 'dns_server1', + 'dns_server2', 'dns_server3', 'dns_service', + 'domain', 'exclude_range', 'filename', + 'forticlient_on_net_status', 'id', 'interface', + 'ip_mode', 'ip_range', 'ipsec_lease_hold', + 'lease_time', 'mac_acl_default_action', 'netmask', + 'next_server', 'ntp_server1', 'ntp_server2', + 'ntp_server3', 'ntp_service', 'options', + 'reserved_address', 'server_type', 'status', + 'tftp_server', 'timezone', 'timezone_option', + 'vci_match', 'vci_string', 'wifi_ac1', + 'wifi_ac2', 'wifi_ac3', 'wins_server1', + 'wins_server2'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_dhcp_server(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['system_dhcp_server'] and data['system_dhcp_server']['state']: + state = data['system_dhcp_server']['state'] + else: + state = True + system_dhcp_server_data = data['system_dhcp_server'] + filtered_data = underscore_to_hyphen(filter_system_dhcp_server_data(system_dhcp_server_data)) + + if state == "present": + return fos.set('system.dhcp', + 'server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.dhcp', + 'server', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_dhcp(data, fos): + + if data['system_dhcp_server']: + resp = system_dhcp_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_dhcp_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "system_dhcp_server": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "auto_configuration": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "conflicted_ip_timeout": {"required": False, "type": "int"}, + "ddns_auth": {"required": False, "type": "str", + "choices": ["disable", + "tsig"]}, + "ddns_key": {"required": False, "type": "str"}, + "ddns_keyname": {"required": False, "type": "str"}, + "ddns_server_ip": {"required": False, "type": "str"}, + "ddns_ttl": {"required": False, "type": "int"}, + "ddns_update": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ddns_update_override": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ddns_zone": {"required": False, "type": "str"}, + "default_gateway": {"required": False, "type": "str"}, + "dns_server1": {"required": False, "type": "str"}, + "dns_server2": {"required": False, "type": "str"}, + "dns_server3": {"required": False, "type": "str"}, + "dns_service": {"required": False, "type": "str", + "choices": ["local", + "default", + "specify"]}, + "domain": {"required": False, "type": "str"}, + "exclude_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "filename": {"required": False, "type": "str"}, + "forticlient_on_net_status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip_mode": {"required": False, "type": "str", + "choices": ["range", + "usrgrp"]}, + "ip_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "ipsec_lease_hold": {"required": False, "type": "int"}, + "lease_time": {"required": False, "type": "int"}, + "mac_acl_default_action": {"required": False, "type": "str", + "choices": ["assign", + "block"]}, + "netmask": {"required": False, "type": "str"}, + "next_server": {"required": False, "type": "str"}, + "ntp_server1": {"required": False, "type": "str"}, + "ntp_server2": {"required": False, "type": "str"}, + "ntp_server3": {"required": False, "type": "str"}, + "ntp_service": {"required": False, "type": "str", + "choices": ["local", + "default", + "specify"]}, + "options": {"required": False, "type": "list", + "options": { + "code": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["hex", + "string", + "ip"]}, + "value": {"required": False, "type": "str"} + }}, + "reserved_address": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["assign", + "block", + "reserved"]}, + "description": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "mac": {"required": False, "type": "str"} + }}, + "server_type": {"required": False, "type": "str", + "choices": ["regular", + "ipsec"]}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "tftp_server": {"required": False, "type": "list", + "options": { + "tftp_server": {"required": False, "type": "str"} + }}, + "timezone": {"required": False, "type": "str", + "choices": ["01", + "02", + "03", + "04", + "05", + "81", + "06", + "07", + "08", + "09", + "10", + "11", + "12", + "13", + "74", + "14", + "77", + "15", + "16", + "17", + "18", + "19", + "20", + "75", + "87", + "21", + "22", + "23", + "24", + "80", + "79", + "25", + "26", + "27", + "28", + "78", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "83", + "84", + "40", + "85", + "41", + "42", + "43", + "39", + "44", + "46", + "47", + "51", + "48", + "45", + "49", + "50", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "62", + "63", + "61", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "00", + "82", + "73", + "86", + "76"]}, + "timezone_option": {"required": False, "type": "str", + "choices": ["disable", + "default", + "specify"]}, + "vci_match": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "vci_string": {"required": False, "type": "list", + "options": { + "vci_string": {"required": False, "type": "str"} + }}, + "wifi_ac1": {"required": False, "type": "str"}, + "wifi_ac2": {"required": False, "type": "str"}, + "wifi_ac3": {"required": False, "type": "str"}, + "wins_server1": {"required": False, "type": "str"}, + "wins_server2": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_dhcp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns.py new file mode 100644 index 00000000..24cea99e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns.py @@ -0,0 +1,313 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_dns +short_description: Configure DNS in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and dns category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_dns: + description: + - Configure DNS. + default: null + type: dict + suboptions: + cache_notfound_responses: + description: + - Enable/disable response from the DNS server when a record is not in cache. + type: str + choices: + - disable + - enable + dns_cache_limit: + description: + - Maximum number of records in the DNS cache. + type: int + dns_cache_ttl: + description: + - Duration in seconds that the DNS cache retains information. + type: int + domain: + description: + - Domain name suffix for the IP addresses of the DNS server. + type: str + ip6_primary: + description: + - Primary DNS server IPv6 address. + type: str + ip6_secondary: + description: + - Secondary DNS server IPv6 address. + type: str + primary: + description: + - Primary DNS server IP address, default is FortiGuard server at 208.81.112.53. + type: str + secondary: + description: + - Secondary DNS server IP address, default is FortiGuard server at 208.81.112.52. + type: str + source_ip: + description: + - IP address used by the DNS server as its source IP. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS. + fortios_system_dns: + vdom: "{{ vdom }}" + system_dns: + cache_notfound_responses: "disable" + dns_cache_limit: "4" + dns_cache_ttl: "5" + domain: "" + ip6_primary: "" + ip6_secondary: "" + primary: "" + secondary: "" + source_ip: "84.230.14.43" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_dns_data(json): + option_list = ['cache_notfound_responses', 'dns_cache_limit', 'dns_cache_ttl', + 'domain', 'ip6_primary', 'ip6_secondary', + 'primary', 'secondary', 'source_ip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_dns(data, fos): + vdom = data['vdom'] + system_dns_data = data['system_dns'] + filtered_data = underscore_to_hyphen(filter_system_dns_data(system_dns_data)) + + return fos.set('system', + 'dns', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_dns']: + resp = system_dns(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_dns')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_dns": { + "required": False, "type": "dict", "default": None, + "options": { + "cache_notfound_responses": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "dns_cache_limit": {"required": False, "type": "int"}, + "dns_cache_ttl": {"required": False, "type": "int"}, + "domain": {"required": False, "type": "str"}, + "ip6_primary": {"required": False, "type": "str"}, + "ip6_secondary": {"required": False, "type": "str"}, + "primary": {"required": False, "type": "str"}, + "secondary": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_database.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_database.py new file mode 100644 index 00000000..09ed430a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_database.py @@ -0,0 +1,463 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_dns_database +short_description: Configure DNS databases in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and dns_database category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_dns_database: + description: + - Configure DNS databases. + default: null + type: dict + suboptions: + allow_transfer: + description: + - DNS zone transfer IP address list. + type: str + authoritative: + description: + - Enable/disable authoritative zone. + type: str + choices: + - enable + - disable + contact: + description: + - Email address of the administrator for this zone. You can specify only the username (e.g. admin) or full email address (e.g. admin@test + .com) When using a simple username, the domain of the email will be this zone. + type: str + dns_entry: + description: + - DNS entry. + type: list + suboptions: + canonical_name: + description: + - Canonical name of the host. + type: str + hostname: + description: + - Name of the host. + type: str + id: + description: + - DNS entry ID. + required: true + type: int + ip: + description: + - IPv4 address of the host. + type: str + ipv6: + description: + - IPv6 address of the host. + type: str + preference: + description: + - DNS entry preference, 0 is the highest preference (0 - 65535) + type: int + status: + description: + - Enable/disable resource record status. + type: str + choices: + - enable + - disable + ttl: + description: + - Time-to-live for this entry (0 to 2147483647 sec). + type: int + type: + description: + - Resource record type. + type: str + choices: + - A + - NS + - CNAME + - MX + - AAAA + - PTR + - PTR_V6 + domain: + description: + - Domain name. + type: str + forwarder: + description: + - DNS zone forwarder IP address list. + type: str + ip_master: + description: + - IP address of master DNS server. Entries in this master DNS server and imported into the DNS zone. + type: str + name: + description: + - Zone name. + required: true + type: str + primary_name: + description: + - Domain name of the default DNS server for this zone. + type: str + source_ip: + description: + - Source IP for forwarding to DNS server. + type: str + status: + description: + - Enable/disable this DNS zone. + type: str + choices: + - enable + - disable + ttl: + description: + - Default time-to-live value for the entries of this DNS zone (0 - 2147483647 sec). + type: int + type: + description: + - Zone type (master to manage entries directly, slave to import entries from other zones). + type: str + choices: + - master + - slave + view: + description: + - Zone view (public to serve public clients, shadow to serve internal clients). + type: str + choices: + - shadow + - public +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS databases. + fortios_system_dns_database: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dns_database: + allow_transfer: "" + authoritative: "enable" + contact: "" + dns_entry: + - + canonical_name: "" + hostname: "myhostname" + id: "9" + ip: "" + ipv6: "" + preference: "12" + status: "enable" + ttl: "14" + type: "A" + domain: "" + forwarder: "" + ip_master: "" + name: "default_name_19" + primary_name: "" + source_ip: "84.230.14.43" + status: "enable" + ttl: "23" + type: "master" + view: "shadow" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_dns_database_data(json): + option_list = ['allow_transfer', 'authoritative', 'contact', + 'dns_entry', 'domain', 'forwarder', + 'ip_master', 'name', 'primary_name', + 'source_ip', 'status', 'ttl', + 'type', 'view'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_dns_database(data, fos): + vdom = data['vdom'] + state = data['state'] + system_dns_database_data = data['system_dns_database'] + filtered_data = underscore_to_hyphen(filter_system_dns_database_data(system_dns_database_data)) + + if state == "present": + return fos.set('system', + 'dns-database', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'dns-database', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_dns_database']: + resp = system_dns_database(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_dns_database')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_dns_database": { + "required": False, "type": "dict", "default": None, + "options": { + "allow_transfer": {"required": False, "type": "str"}, + "authoritative": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "contact": {"required": False, "type": "str"}, + "dns_entry": {"required": False, "type": "list", + "options": { + "canonical_name": {"required": False, "type": "str"}, + "hostname": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "ipv6": {"required": False, "type": "str"}, + "preference": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ttl": {"required": False, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["A", + "NS", + "CNAME", + "MX", + "AAAA", + "PTR", + "PTR_V6"]} + }}, + "domain": {"required": False, "type": "str"}, + "forwarder": {"required": False, "type": "str"}, + "ip_master": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "primary_name": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ttl": {"required": False, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["master", + "slave"]}, + "view": {"required": False, "type": "str", + "choices": ["shadow", + "public"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_server.py new file mode 100644 index 00000000..05a9d80d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dns_server.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_dns_server +short_description: Configure DNS servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and dns_server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_dns_server: + description: + - Configure DNS servers. + default: null + type: dict + suboptions: + dnsfilter_profile: + description: + - DNS filter profile. Source dnsfilter.profile.name. + type: str + mode: + description: + - DNS server mode. + type: str + choices: + - recursive + - non-recursive + - forward-only + name: + description: + - DNS server name. Source system.interface.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS servers. + fortios_system_dns_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dns_server: + dnsfilter_profile: " (source dnsfilter.profile.name)" + mode: "recursive" + name: "default_name_5 (source system.interface.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_dns_server_data(json): + option_list = ['dnsfilter_profile', 'mode', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_dns_server(data, fos): + vdom = data['vdom'] + state = data['state'] + system_dns_server_data = data['system_dns_server'] + filtered_data = underscore_to_hyphen(filter_system_dns_server_data(system_dns_server_data)) + + if state == "present": + return fos.set('system', + 'dns-server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'dns-server', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_dns_server']: + resp = system_dns_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_dns_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_dns_server": { + "required": False, "type": "dict", "default": None, + "options": { + "dnsfilter_profile": {"required": False, "type": "str"}, + "mode": {"required": False, "type": "str", + "choices": ["recursive", + "non-recursive", + "forward-only"]}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dscp_based_priority.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dscp_based_priority.py new file mode 100644 index 00000000..5e184b0c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_dscp_based_priority.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_dscp_based_priority +short_description: Configure DSCP based priority table in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and dscp_based_priority category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_dscp_based_priority: + description: + - Configure DSCP based priority table. + default: null + type: dict + suboptions: + ds: + description: + - DSCP(DiffServ) DS value (0 - 63). + type: int + id: + description: + - Item ID. + required: true + type: int + priority: + description: + - DSCP based priority level. + type: str + choices: + - low + - medium + - high +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DSCP based priority table. + fortios_system_dscp_based_priority: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_dscp_based_priority: + ds: "3" + id: "4" + priority: "low" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_dscp_based_priority_data(json): + option_list = ['ds', 'id', 'priority'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_dscp_based_priority(data, fos): + vdom = data['vdom'] + state = data['state'] + system_dscp_based_priority_data = data['system_dscp_based_priority'] + filtered_data = underscore_to_hyphen(filter_system_dscp_based_priority_data(system_dscp_based_priority_data)) + + if state == "present": + return fos.set('system', + 'dscp-based-priority', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'dscp-based-priority', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_dscp_based_priority']: + resp = system_dscp_based_priority(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_dscp_based_priority')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_dscp_based_priority": { + "required": False, "type": "dict", "default": None, + "options": { + "ds": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "priority": {"required": False, "type": "str", + "choices": ["low", + "medium", + "high"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_email_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_email_server.py new file mode 100644 index 00000000..841f3005 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_email_server.py @@ -0,0 +1,344 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_email_server +short_description: Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user + authentication features in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and email_server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_email_server: + description: + - Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication + features. + default: null + type: dict + suboptions: + authenticate: + description: + - Enable/disable authentication. + type: str + choices: + - enable + - disable + password: + description: + - SMTP server user password for authentication. + type: str + port: + description: + - SMTP server port. + type: int + reply_to: + description: + - Reply-To email address. + type: str + security: + description: + - Connection security used by the email server. + type: str + choices: + - none + - starttls + - smtps + server: + description: + - SMTP server IP address or hostname. + type: str + source_ip: + description: + - SMTP server IPv4 source IP. + type: str + source_ip6: + description: + - SMTP server IPv6 source IP. + type: str + type: + description: + - Use FortiGuard Message service or custom email server. + type: str + choices: + - custom + username: + description: + - SMTP server user name for authentication. + type: str + validate_server: + description: + - Enable/disable validation of server certificate. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication + features. + fortios_system_email_server: + vdom: "{{ vdom }}" + system_email_server: + authenticate: "enable" + password: "" + port: "5" + reply_to: "" + security: "none" + server: "192.168.100.40" + source_ip: "84.230.14.43" + source_ip6: "" + type: "custom" + username: "" + validate_server: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_email_server_data(json): + option_list = ['authenticate', 'password', 'port', + 'reply_to', 'security', 'server', + 'source_ip', 'source_ip6', 'type', + 'username', 'validate_server'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_email_server(data, fos): + vdom = data['vdom'] + system_email_server_data = data['system_email_server'] + filtered_data = underscore_to_hyphen(filter_system_email_server_data(system_email_server_data)) + + return fos.set('system', + 'email-server', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_email_server']: + resp = system_email_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_email_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_email_server": { + "required": False, "type": "dict", "default": None, + "options": { + "authenticate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "password": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "reply_to": {"required": False, "type": "str"}, + "security": {"required": False, "type": "str", + "choices": ["none", + "starttls", + "smtps"]}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "source_ip6": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["custom"]}, + "username": {"required": False, "type": "str"}, + "validate_server": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_external_resource.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_external_resource.py new file mode 100644 index 00000000..5a3be8b5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_external_resource.py @@ -0,0 +1,337 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_external_resource +short_description: Configure external resource in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and external_resource category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_external_resource: + description: + - Configure external resource. + default: null + type: dict + suboptions: + category: + description: + - User resource category. + type: int + comments: + description: + - Comment. + type: str + last_update: + description: + - Last update time. + type: str + name: + description: + - External resource name. + required: true + type: str + refresh_rate: + description: + - Time interval to refresh external resource (1 - 43200 min). + type: int + resource: + description: + - URI of external resource. + type: str + status: + description: + - Enable/disable user resource. + type: str + choices: + - enable + - disable + type: + description: + - User resource type. + type: str + choices: + - category + - address + - domain +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure external resource. + fortios_system_external_resource: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_external_resource: + category: "3" + comments: "" + last_update: "" + name: "default_name_6" + refresh_rate: "7" + resource: "" + status: "enable" + type: "category" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_external_resource_data(json): + option_list = ['category', 'comments', 'last_update', + 'name', 'refresh_rate', 'resource', + 'status', 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_external_resource(data, fos): + vdom = data['vdom'] + state = data['state'] + system_external_resource_data = data['system_external_resource'] + filtered_data = underscore_to_hyphen(filter_system_external_resource_data(system_external_resource_data)) + + if state == "present": + return fos.set('system', + 'external-resource', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'external-resource', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_external_resource']: + resp = system_external_resource(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_external_resource')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_external_resource": { + "required": False, "type": "dict", "default": None, + "options": { + "category": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "last_update": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "refresh_rate": {"required": False, "type": "int"}, + "resource": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "type": {"required": False, "type": "str", + "choices": ["category", + "address", + "domain"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fips_cc.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fips_cc.py new file mode 100644 index 00000000..1199dade --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fips_cc.py @@ -0,0 +1,294 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_fips_cc +short_description: Configure FIPS-CC mode in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and fips_cc category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_fips_cc: + description: + - Configure FIPS-CC mode. + default: null + type: dict + suboptions: + entropy_token: + description: + - Enable/disable/dynamic entropy token. + type: str + choices: + - enable + - disable + - dynamic + key_generation_self_test: + description: + - Enable/disable self tests after key generation. + type: str + choices: + - enable + - disable + self_test_period: + description: + - Self test period. + type: int + status: + description: + - Enable/disable FIPS-CC mode. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FIPS-CC mode. + fortios_system_fips_cc: + vdom: "{{ vdom }}" + system_fips_cc: + entropy_token: "enable" + key_generation_self_test: "enable" + self_test_period: "5" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_fips_cc_data(json): + option_list = ['entropy_token', 'key_generation_self_test', 'self_test_period', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_fips_cc(data, fos): + vdom = data['vdom'] + system_fips_cc_data = data['system_fips_cc'] + filtered_data = underscore_to_hyphen(filter_system_fips_cc_data(system_fips_cc_data)) + + return fos.set('system', + 'fips-cc', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_fips_cc']: + resp = system_fips_cc(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_fips_cc')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_fips_cc": { + "required": False, "type": "dict", "default": None, + "options": { + "entropy_token": {"required": False, "type": "str", + "choices": ["enable", + "disable", + "dynamic"]}, + "key_generation_self_test": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "self_test_period": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fm.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fm.py new file mode 100644 index 00000000..90b7ee11 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fm.py @@ -0,0 +1,316 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_fm +short_description: Configure FM in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and fm category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_fm: + description: + - Configure FM. + default: null + type: dict + suboptions: + auto_backup: + description: + - Enable/disable automatic backup. + type: str + choices: + - enable + - disable + id: + description: + - ID. + type: str + ip: + description: + - IP address. + type: str + ipsec: + description: + - Enable/disable IPsec. + type: str + choices: + - enable + - disable + scheduled_config_restore: + description: + - Enable/disable scheduled configuration restore. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable FM. + type: str + choices: + - enable + - disable + vdom: + description: + - VDOM. Source system.vdom.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FM. + fortios_system_fm: + vdom: "{{ vdom }}" + system_fm: + auto_backup: "enable" + id: "4" + ip: "" + ipsec: "enable" + scheduled_config_restore: "enable" + status: "enable" + vdom: " (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_fm_data(json): + option_list = ['auto_backup', 'id', 'ip', + 'ipsec', 'scheduled_config_restore', 'status', + 'vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_fm(data, fos): + vdom = data['vdom'] + system_fm_data = data['system_fm'] + filtered_data = underscore_to_hyphen(filter_system_fm_data(system_fm_data)) + + return fos.set('system', + 'fm', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_fm']: + resp = system_fm(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_fm')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_fm": { + "required": False, "type": "dict", "default": None, + "options": { + "auto_backup": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": False, "type": "str"}, + "ip": {"required": False, "type": "str"}, + "ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "scheduled_config_restore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vdom": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortiguard.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortiguard.py new file mode 100644 index 00000000..0612ee13 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortiguard.py @@ -0,0 +1,484 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_fortiguard +short_description: Configure FortiGuard services in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and fortiguard category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_fortiguard: + description: + - Configure FortiGuard services. + default: null + type: dict + suboptions: + antispam_cache: + description: + - Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. + type: str + choices: + - enable + - disable + antispam_cache_mpercent: + description: + - Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%). + type: int + antispam_cache_ttl: + description: + - Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve + performance since the cache will have more entries. + type: int + antispam_expiration: + description: + - Expiration date of the FortiGuard antispam contract. + type: int + antispam_force_off: + description: + - Enable/disable turning off the FortiGuard antispam service. + type: str + choices: + - enable + - disable + antispam_license: + description: + - Interval of time between license checks for the FortiGuard antispam contract. + type: int + antispam_timeout: + description: + - Antispam query time out (1 - 30 sec). + type: int + ddns_server_ip: + description: + - IP address of the FortiDDNS server. + type: str + ddns_server_port: + description: + - Port used to communicate with FortiDDNS servers. + type: int + load_balance_servers: + description: + - Number of servers to alternate between as first FortiGuard option. + type: int + outbreak_prevention_cache: + description: + - Enable/disable FortiGuard Virus Outbreak Prevention cache. + type: str + choices: + - enable + - disable + outbreak_prevention_cache_mpercent: + description: + - Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%). + type: int + outbreak_prevention_cache_ttl: + description: + - Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec). + type: int + outbreak_prevention_expiration: + description: + - Expiration date of FortiGuard Virus Outbreak Prevention contract. + type: int + outbreak_prevention_force_off: + description: + - Turn off FortiGuard Virus Outbreak Prevention service. + type: str + choices: + - enable + - disable + outbreak_prevention_license: + description: + - Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. + type: int + outbreak_prevention_timeout: + description: + - FortiGuard Virus Outbreak Prevention time out (1 - 30 sec). + type: int + port: + description: + - Port used to communicate with the FortiGuard servers. + type: str + choices: + - 53 + - 8888 + - 80 + sdns_server_ip: + description: + - IP address of the FortiDNS server. + type: str + sdns_server_port: + description: + - Port used to communicate with FortiDNS servers. + type: int + service_account_id: + description: + - Service account ID. + type: str + source_ip: + description: + - Source IPv4 address used to communicate with FortiGuard. + type: str + source_ip6: + description: + - Source IPv6 address used to communicate with FortiGuard. + type: str + update_server_location: + description: + - Signature update server location. + type: str + choices: + - usa + - any + webfilter_cache: + description: + - Enable/disable FortiGuard web filter caching. + type: str + choices: + - enable + - disable + webfilter_cache_ttl: + description: + - Time-to-live for web filter cache entries in seconds (300 - 86400). + type: int + webfilter_expiration: + description: + - Expiration date of the FortiGuard web filter contract. + type: int + webfilter_force_off: + description: + - Enable/disable turning off the FortiGuard web filtering service. + type: str + choices: + - enable + - disable + webfilter_license: + description: + - Interval of time between license checks for the FortiGuard web filter contract. + type: int + webfilter_timeout: + description: + - Web filter query time out (1 - 30 sec). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard services. + fortios_system_fortiguard: + vdom: "{{ vdom }}" + system_fortiguard: + antispam_cache: "enable" + antispam_cache_mpercent: "4" + antispam_cache_ttl: "5" + antispam_expiration: "6" + antispam_force_off: "enable" + antispam_license: "8" + antispam_timeout: "9" + ddns_server_ip: "" + ddns_server_port: "11" + load_balance_servers: "12" + outbreak_prevention_cache: "enable" + outbreak_prevention_cache_mpercent: "14" + outbreak_prevention_cache_ttl: "15" + outbreak_prevention_expiration: "16" + outbreak_prevention_force_off: "enable" + outbreak_prevention_license: "18" + outbreak_prevention_timeout: "19" + port: "53" + sdns_server_ip: "" + sdns_server_port: "22" + service_account_id: "" + source_ip: "84.230.14.43" + source_ip6: "" + update_server_location: "usa" + webfilter_cache: "enable" + webfilter_cache_ttl: "28" + webfilter_expiration: "29" + webfilter_force_off: "enable" + webfilter_license: "31" + webfilter_timeout: "32" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_fortiguard_data(json): + option_list = ['antispam_cache', 'antispam_cache_mpercent', 'antispam_cache_ttl', + 'antispam_expiration', 'antispam_force_off', 'antispam_license', + 'antispam_timeout', 'ddns_server_ip', 'ddns_server_port', + 'load_balance_servers', 'outbreak_prevention_cache', 'outbreak_prevention_cache_mpercent', + 'outbreak_prevention_cache_ttl', 'outbreak_prevention_expiration', 'outbreak_prevention_force_off', + 'outbreak_prevention_license', 'outbreak_prevention_timeout', 'port', + 'sdns_server_ip', 'sdns_server_port', 'service_account_id', + 'source_ip', 'source_ip6', 'update_server_location', + 'webfilter_cache', 'webfilter_cache_ttl', 'webfilter_expiration', + 'webfilter_force_off', 'webfilter_license', 'webfilter_timeout'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_fortiguard(data, fos): + vdom = data['vdom'] + system_fortiguard_data = data['system_fortiguard'] + filtered_data = underscore_to_hyphen(filter_system_fortiguard_data(system_fortiguard_data)) + + return fos.set('system', + 'fortiguard', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_fortiguard']: + resp = system_fortiguard(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_fortiguard')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_fortiguard": { + "required": False, "type": "dict", "default": None, + "options": { + "antispam_cache": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "antispam_cache_mpercent": {"required": False, "type": "int"}, + "antispam_cache_ttl": {"required": False, "type": "int"}, + "antispam_expiration": {"required": False, "type": "int"}, + "antispam_force_off": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "antispam_license": {"required": False, "type": "int"}, + "antispam_timeout": {"required": False, "type": "int"}, + "ddns_server_ip": {"required": False, "type": "str"}, + "ddns_server_port": {"required": False, "type": "int"}, + "load_balance_servers": {"required": False, "type": "int"}, + "outbreak_prevention_cache": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "outbreak_prevention_cache_mpercent": {"required": False, "type": "int"}, + "outbreak_prevention_cache_ttl": {"required": False, "type": "int"}, + "outbreak_prevention_expiration": {"required": False, "type": "int"}, + "outbreak_prevention_force_off": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "outbreak_prevention_license": {"required": False, "type": "int"}, + "outbreak_prevention_timeout": {"required": False, "type": "int"}, + "port": {"required": False, "type": "str", + "choices": ["53", + "8888", + "80"]}, + "sdns_server_ip": {"required": False, "type": "str"}, + "sdns_server_port": {"required": False, "type": "int"}, + "service_account_id": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "source_ip6": {"required": False, "type": "str"}, + "update_server_location": {"required": False, "type": "str", + "choices": ["usa", + "any"]}, + "webfilter_cache": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webfilter_cache_ttl": {"required": False, "type": "int"}, + "webfilter_expiration": {"required": False, "type": "int"}, + "webfilter_force_off": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webfilter_license": {"required": False, "type": "int"}, + "webfilter_timeout": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortimanager.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortimanager.py new file mode 100644 index 00000000..8f0e0eb4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortimanager.py @@ -0,0 +1,321 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_fortimanager +short_description: Configure FortiManager in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and fortimanager category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_fortimanager: + description: + - Configure FortiManager. + default: null + type: dict + suboptions: + central_management: + description: + - Enable/disable FortiManager central management. + type: str + choices: + - enable + - disable + central_mgmt_auto_backup: + description: + - Enable/disable central management auto backup. + type: str + choices: + - enable + - disable + central_mgmt_schedule_config_restore: + description: + - Enable/disable central management schedule config restore. + type: str + choices: + - enable + - disable + central_mgmt_schedule_script_restore: + description: + - Enable/disable central management schedule script restore. + type: str + choices: + - enable + - disable + ip: + description: + - IP address. + type: str + ipsec: + description: + - Enable/disable FortiManager IPsec tunnel. + type: str + choices: + - enable + - disable + vdom: + description: + - Virtual domain name. Source system.vdom.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiManager. + fortios_system_fortimanager: + vdom: "{{ vdom }}" + system_fortimanager: + central_management: "enable" + central_mgmt_auto_backup: "enable" + central_mgmt_schedule_config_restore: "enable" + central_mgmt_schedule_script_restore: "enable" + ip: "" + ipsec: "enable" + vdom: " (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_fortimanager_data(json): + option_list = ['central_management', 'central_mgmt_auto_backup', 'central_mgmt_schedule_config_restore', + 'central_mgmt_schedule_script_restore', 'ip', 'ipsec', + 'vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_fortimanager(data, fos): + vdom = data['vdom'] + system_fortimanager_data = data['system_fortimanager'] + filtered_data = underscore_to_hyphen(filter_system_fortimanager_data(system_fortimanager_data)) + + return fos.set('system', + 'fortimanager', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_fortimanager']: + resp = system_fortimanager(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_fortimanager')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_fortimanager": { + "required": False, "type": "dict", "default": None, + "options": { + "central_management": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "central_mgmt_auto_backup": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "central_mgmt_schedule_config_restore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "central_mgmt_schedule_script_restore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ip": {"required": False, "type": "str"}, + "ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vdom": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortisandbox.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortisandbox.py new file mode 100644 index 00000000..5874d796 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fortisandbox.py @@ -0,0 +1,297 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_fortisandbox +short_description: Configure FortiSandbox in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and fortisandbox category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_fortisandbox: + description: + - Configure FortiSandbox. + default: null + type: dict + suboptions: + email: + description: + - Notifier email address. + type: str + enc_algorithm: + description: + - Configure the level of SSL protection for secure communication with FortiSandbox. + type: str + choices: + - default + - high + - low + - disable + server: + description: + - IPv4 or IPv6 address of the remote FortiSandbox. + type: str + source_ip: + description: + - Source IP address for communications to FortiSandbox. + type: str + status: + description: + - Enable/disable FortiSandbox. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiSandbox. + fortios_system_fortisandbox: + vdom: "{{ vdom }}" + system_fortisandbox: + email: "" + enc_algorithm: "default" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_fortisandbox_data(json): + option_list = ['email', 'enc_algorithm', 'server', + 'source_ip', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_fortisandbox(data, fos): + vdom = data['vdom'] + system_fortisandbox_data = data['system_fortisandbox'] + filtered_data = underscore_to_hyphen(filter_system_fortisandbox_data(system_fortisandbox_data)) + + return fos.set('system', + 'fortisandbox', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_fortisandbox']: + resp = system_fortisandbox(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_fortisandbox')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_fortisandbox": { + "required": False, "type": "dict", "default": None, + "options": { + "email": {"required": False, "type": "str"}, + "enc_algorithm": {"required": False, "type": "str", + "choices": ["default", + "high", + "low", + "disable"]}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fsso_polling.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fsso_polling.py new file mode 100644 index 00000000..a6d28384 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_fsso_polling.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_fsso_polling +short_description: Configure Fortinet Single Sign On (FSSO) server in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and fsso_polling category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_fsso_polling: + description: + - Configure Fortinet Single Sign On (FSSO) server. + default: null + type: dict + suboptions: + auth_password: + description: + - Password to connect to FSSO Agent. + type: str + authentication: + description: + - Enable/disable FSSO Agent Authentication. + type: str + choices: + - enable + - disable + listening_port: + description: + - Listening port to accept clients (1 - 65535). + type: int + status: + description: + - Enable/disable FSSO Polling Mode. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Fortinet Single Sign On (FSSO) server. + fortios_system_fsso_polling: + vdom: "{{ vdom }}" + system_fsso_polling: + auth_password: "" + authentication: "enable" + listening_port: "5" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_fsso_polling_data(json): + option_list = ['auth_password', 'authentication', 'listening_port', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_fsso_polling(data, fos): + vdom = data['vdom'] + system_fsso_polling_data = data['system_fsso_polling'] + filtered_data = underscore_to_hyphen(filter_system_fsso_polling_data(system_fsso_polling_data)) + + return fos.set('system', + 'fsso-polling', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_fsso_polling']: + resp = system_fsso_polling(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_fsso_polling')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_fsso_polling": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_password": {"required": False, "type": "str"}, + "authentication": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "listening_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ftm_push.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ftm_push.py new file mode 100644 index 00000000..739d3952 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ftm_push.py @@ -0,0 +1,275 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ftm_push +short_description: Configure FortiToken Mobile push services in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ftm_push category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_ftm_push: + description: + - Configure FortiToken Mobile push services. + default: null + type: dict + suboptions: + server_ip: + description: + - 'IPv4 address of FortiToken Mobile push services server (format: xxx.xxx.xxx.xxx).' + type: str + server_port: + description: + - Port to communicate with FortiToken Mobile push services server (1 - 65535). + type: int + status: + description: + - Enable/disable the use of FortiToken Mobile push services. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiToken Mobile push services. + fortios_system_ftm_push: + vdom: "{{ vdom }}" + system_ftm_push: + server_ip: "" + server_port: "4" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ftm_push_data(json): + option_list = ['server_ip', 'server_port', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ftm_push(data, fos): + vdom = data['vdom'] + system_ftm_push_data = data['system_ftm_push'] + filtered_data = underscore_to_hyphen(filter_system_ftm_push_data(system_ftm_push_data)) + + return fos.set('system', + 'ftm-push', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ftm_push']: + resp = system_ftm_push(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ftm_push')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_ftm_push": { + "required": False, "type": "dict", "default": None, + "options": { + "server_ip": {"required": False, "type": "str"}, + "server_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_geoip_override.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_geoip_override.py new file mode 100644 index 00000000..adb3adc5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_geoip_override.py @@ -0,0 +1,323 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_geoip_override +short_description: Configure geographical location mapping for IP address(es) to override mappings from FortiGuard in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and geoip_override category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_geoip_override: + description: + - Configure geographical location mapping for IP address(es) to override mappings from FortiGuard. + default: null + type: dict + suboptions: + country_id: + description: + - Two character Country ID code. + type: str + description: + description: + - Description. + type: str + ip_range: + description: + - Table of IP ranges assigned to country. + type: list + suboptions: + end_ip: + description: + - 'Final IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx).' + type: str + id: + description: + - ID number for individual entry in the IP-Range table. + required: true + type: int + start_ip: + description: + - 'Starting IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx).' + type: str + name: + description: + - Location name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure geographical location mapping for IP address(es) to override mappings from FortiGuard. + fortios_system_geoip_override: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_geoip_override: + country_id: "" + description: "" + ip_range: + - + end_ip: "" + id: "7" + start_ip: "" + name: "default_name_9" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_geoip_override_data(json): + option_list = ['country_id', 'description', 'ip_range', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_geoip_override(data, fos): + vdom = data['vdom'] + state = data['state'] + system_geoip_override_data = data['system_geoip_override'] + filtered_data = underscore_to_hyphen(filter_system_geoip_override_data(system_geoip_override_data)) + + if state == "present": + return fos.set('system', + 'geoip-override', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'geoip-override', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_geoip_override']: + resp = system_geoip_override(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_geoip_override')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_geoip_override": { + "required": False, "type": "dict", "default": None, + "options": { + "country_id": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "ip_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_global.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_global.py new file mode 100644 index 00000000..9bad5444 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_global.py @@ -0,0 +1,2030 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_global +short_description: Configure global attributes in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and global category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_global: + description: + - Configure global attributes. + default: null + type: dict + suboptions: + admin_concurrent: + description: + - Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.) + type: str + choices: + - enable + - disable + admin_console_timeout: + description: + - Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this + timeout. + type: int + admin_https_pki_required: + description: + - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to + allow administrators to log in with a certificate or password. + type: str + choices: + - enable + - disable + admin_https_redirect: + description: + - Enable/disable redirection of HTTP administration access to HTTPS. + type: str + choices: + - enable + - disable + admin_https_ssl_versions: + description: + - Allowed TLS versions for web administration. + type: list + choices: + - tlsv1-0 + - tlsv1-1 + - tlsv1-2 + admin_lockout_duration: + description: + - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed + login attempts. + type: int + admin_lockout_threshold: + description: + - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. + type: int + admin_login_max: + description: + - Maximum number of administrators who can be logged in at the same time (1 - 100) + type: int + admin_maintainer: + description: + - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard + reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. + type: str + choices: + - enable + - disable + admin_port: + description: + - Administrative access port for HTTP. (1 - 65535). + type: int + admin_restrict_local: + description: + - Enable/disable local admin authentication restriction when remote authenticator is up and running. + type: str + choices: + - enable + - disable + admin_scp: + description: + - Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. + type: str + choices: + - enable + - disable + admin_server_cert: + description: + - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. + type: str + admin_sport: + description: + - Administrative access port for HTTPS. (1 - 65535). + type: int + admin_ssh_grace_time: + description: + - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). + type: int + admin_ssh_password: + description: + - Enable/disable password authentication for SSH admin access. + type: str + choices: + - enable + - disable + admin_ssh_port: + description: + - Administrative access port for SSH. (1 - 65535). + type: int + admin_ssh_v1: + description: + - Enable/disable SSH v1 compatibility. + type: str + choices: + - enable + - disable + admin_telnet_port: + description: + - Administrative access port for TELNET. (1 - 65535). + type: int + admintimeout: + description: + - Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours)). A shorter idle timeout is more secure. + type: int + alias: + description: + - Alias for your FortiGate unit. + type: str + allow_traffic_redirect: + description: + - Disable to allow traffic to be routed back on a different interface. + type: str + choices: + - enable + - disable + anti_replay: + description: + - Level of checking for packet replay and TCP sequence checking. + type: str + choices: + - disable + - loose + - strict + arp_max_entry: + description: + - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). + type: int + asymroute: + description: + - Enable/disable asymmetric route. + type: str + choices: + - enable + - disable + auth_cert: + description: + - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. + type: str + auth_http_port: + description: + - User authentication HTTP port. (1 - 65535). + type: int + auth_https_port: + description: + - User authentication HTTPS port. (1 - 65535). + type: int + auth_keepalive: + description: + - Enable to prevent user authentication sessions from timing out when idle. + type: str + choices: + - enable + - disable + auth_session_limit: + description: + - Action to take when the number of allowed user authenticated sessions is reached. + type: str + choices: + - block-new + - logout-inactive + auto_auth_extension_device: + description: + - Enable/disable automatic authorization of dedicated Fortinet extension devices. + type: str + choices: + - enable + - disable + av_affinity: + description: + - Affinity setting for AV scanning (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx). + type: str + av_failopen: + description: + - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. + type: str + choices: + - pass + - off + - one-shot + av_failopen_session: + description: + - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the + action specified by av-failopen. + type: str + choices: + - enable + - disable + batch_cmdb: + description: + - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. + type: str + choices: + - enable + - disable + block_session_timer: + description: + - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). + type: int + br_fdb_max_entry: + description: + - Maximum number of bridge forwarding database (FDB) entries. + type: int + cert_chain_max: + description: + - Maximum number of certificates that can be traversed in a certificate chain. + type: int + cfg_revert_timeout: + description: + - Time-out for reverting to the last saved configuration. + type: int + cfg_save: + description: + - Configuration file save mode for CLI changes. + type: str + choices: + - automatic + - manual + - revert + check_protocol_header: + description: + - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in + most cases. + type: str + choices: + - loose + - strict + check_reset_range: + description: + - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. + type: str + choices: + - strict + - disable + cli_audit_log: + description: + - Enable/disable CLI audit log. + type: str + choices: + - enable + - disable + clt_cert_req: + description: + - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. + type: str + choices: + - enable + - disable + compliance_check: + description: + - Enable/disable global PCI DSS compliance check. + type: str + choices: + - enable + - disable + compliance_check_time: + description: + - Time of day to run scheduled PCI DSS compliance checks. + type: str + cpu_use_threshold: + description: + - Threshold at which CPU usage is reported. (% of total CPU). + type: int + csr_ca_attribute: + description: + - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. + type: str + choices: + - enable + - disable + daily_restart: + description: + - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. + type: str + choices: + - enable + - disable + device_identification_active_scan_delay: + description: + - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). + type: int + device_idle_timeout: + description: + - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). + type: int + dh_params: + description: + - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. + type: str + choices: + - 1024 + - 1536 + - 2048 + - 3072 + - 4096 + - 6144 + - 8192 + dst: + description: + - Enable/disable daylight saving time. + type: str + choices: + - enable + - disable + endpoint_control_fds_access: + description: + - Enable/disable access to the FortiGuard network for non-compliant endpoints. + type: str + choices: + - enable + - disable + endpoint_control_portal_port: + description: + - Endpoint control portal port (1 - 65535). + type: int + failtime: + description: + - Fail-time for server lost. + type: int + fds_statistics: + description: + - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and + is not shared with external parties and is protected by Fortinet"s privacy policy. + type: str + choices: + - enable + - disable + fds_statistics_period: + description: + - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). + type: int + fgd_alert_subscription: + description: + - Type of alert to retrieve from FortiGuard. + type: list + choices: + - advisory + - latest-threat + - latest-virus + - latest-attack + - new-antivirus-db + - new-attack-db + fortiextender: + description: + - Enable/disable FortiExtender. + type: str + choices: + - enable + - disable + fortiextender_data_port: + description: + - FortiExtender data port (1024 - 49150). + type: int + fortiextender_vlan_mode: + description: + - Enable/disable FortiExtender VLAN mode. + type: str + choices: + - enable + - disable + fortiservice_port: + description: + - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. + type: int + gui_certificates: + description: + - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. + type: str + choices: + - enable + - disable + gui_custom_language: + description: + - Enable/disable custom languages in GUI. + type: str + choices: + - enable + - disable + gui_device_latitude: + description: + - Add the latitude of the location of this FortiGate to position it on the Threat Map. + type: str + gui_device_longitude: + description: + - Add the longitude of the location of this FortiGate to position it on the Threat Map. + type: str + gui_display_hostname: + description: + - Enable/disable displaying the FortiGate"s hostname on the GUI login page. + type: str + choices: + - enable + - disable + gui_ipv6: + description: + - Enable/disable IPv6 settings on the GUI. + type: str + choices: + - enable + - disable + gui_lines_per_page: + description: + - Number of lines to display per page for web administration. + type: int + gui_theme: + description: + - Color scheme for the administration GUI. + type: str + choices: + - green + - red + - blue + - melongene + - mariner + gui_wireless_opensecurity: + description: + - Enable/disable wireless open security option on the GUI. + type: str + choices: + - enable + - disable + honor_df: + description: + - Enable/disable honoring of Don"t-Fragment (DF) flag. + type: str + choices: + - enable + - disable + hostname: + description: + - FortiGate unit"s hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. + type: str + igmp_state_limit: + description: + - Maximum number of IGMP memberships (96 - 64000). + type: int + interval: + description: + - Dead gateway detection interval. + type: int + ip_src_port_range: + description: + - IP source port range used for traffic originating from the FortiGate unit. + type: str + ips_affinity: + description: + - Affinity setting for IPS (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS + engine daemons). + type: str + ipsec_asic_offload: + description: + - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and + accelerate encryption and decryption. + type: str + choices: + - enable + - disable + ipsec_hmac_offload: + description: + - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. + type: str + choices: + - enable + - disable + ipv6_accept_dad: + description: + - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). + type: int + ipv6_allow_anycast_probe: + description: + - Enable/disable IPv6 address probe through Anycast. + type: str + choices: + - enable + - disable + language: + description: + - GUI display language. + type: str + choices: + - english + - french + - spanish + - portuguese + - japanese + - trach + - simch + - korean + ldapconntimeout: + description: + - Global timeout for connections with remote LDAP servers in milliseconds (0 - 4294967295). + type: int + lldp_transmission: + description: + - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. + type: str + choices: + - enable + - disable + log_ssl_connection: + description: + - Enable/disable logging of SSL connection events. + type: str + choices: + - enable + - disable + log_uuid: + description: + - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic + logs. + type: str + choices: + - disable + - policy-only + - extended + login_timestamp: + description: + - Enable/disable login time recording. + type: str + choices: + - enable + - disable + long_vdom_name: + description: + - Enable/disable long VDOM name support. + type: str + choices: + - enable + - disable + management_vdom: + description: + - Management virtual domain name. Source system.vdom.name. + type: str + max_dlpstat_memory: + description: + - Maximum DLP stat memory (0 - 4294967295). + type: int + max_route_cache_size: + description: + - Maximum number of IP route cache entries (0 - 2147483647). + type: int + mc_ttl_notchange: + description: + - Enable/disable no modification of multicast TTL. + type: str + choices: + - enable + - disable + memory_use_threshold_extreme: + description: + - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). + type: int + memory_use_threshold_green: + description: + - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). + type: int + memory_use_threshold_red: + description: + - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). + type: int + miglogd_children: + description: + - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing + time. No logs will be dropped or lost if the number is changed. + type: int + multi_factor_authentication: + description: + - Enforce all login methods to require an additional authentication factor . + type: str + choices: + - optional + - mandatory + multicast_forward: + description: + - Enable/disable multicast forwarding. + type: str + choices: + - enable + - disable + ndp_max_entry: + description: + - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). + type: int + per_user_bwl: + description: + - Enable/disable per-user black/white list filter. + type: str + choices: + - enable + - disable + policy_auth_concurrent: + description: + - Number of concurrent firewall use logins from the same user (1 - 100). + type: int + post_login_banner: + description: + - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. + type: str + choices: + - disable + - enable + pre_login_banner: + description: + - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. + type: str + choices: + - enable + - disable + private_data_encryption: + description: + - Enable/disable private data encryption using an AES 128-bit key. + type: str + choices: + - disable + - enable + proxy_auth_lifetime: + description: + - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which + re-authentication will take place. + type: str + choices: + - enable + - disable + proxy_auth_lifetime_timeout: + description: + - Lifetime timeout in minutes for authenticated users (5 - 65535 min). + type: int + proxy_auth_timeout: + description: + - Authentication timeout in seconds for authenticated users (1 - 3600 sec). + type: int + proxy_cipher_hardware_acceleration: + description: + - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. + type: str + choices: + - disable + - enable + proxy_kxp_hardware_acceleration: + description: + - Enable/disable using the content processor to accelerate KXP traffic. + type: str + choices: + - disable + - enable + proxy_re_authentication_mode: + description: + - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first + created. + type: str + choices: + - session + - traffic + - absolute + proxy_worker_count: + description: + - Proxy worker count. + type: int + radius_port: + description: + - RADIUS service port number. + type: int + reboot_upon_config_restore: + description: + - Enable/disable reboot of system upon restoring configuration. + type: str + choices: + - enable + - disable + refresh: + description: + - Statistics refresh interval in GUI. + type: int + remoteauthtimeout: + description: + - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec). + type: int + reset_sessionless_tcp: + description: + - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode + only. + type: str + choices: + - enable + - disable + restart_time: + description: + - 'Daily restart time (hh:mm).' + type: str + revision_backup_on_logout: + description: + - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. + type: str + choices: + - enable + - disable + revision_image_auto_backup: + description: + - Enable/disable back-up of the latest configuration revision after the firmware is upgraded. + type: str + choices: + - enable + - disable + scanunit_count: + description: + - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. + type: int + security_rating_result_submission: + description: + - Enable/disable the submission of Security Rating results to FortiGuard. + type: str + choices: + - enable + - disable + security_rating_run_on_schedule: + description: + - Enable/disable scheduled runs of Security Rating. + type: str + choices: + - enable + - disable + send_pmtu_icmp: + description: + - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on + your network to reduce fragmentation of packets. + type: str + choices: + - enable + - disable + snat_route_change: + description: + - Enable/disable the ability to change the static NAT route. + type: str + choices: + - enable + - disable + special_file_23_support: + description: + - Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. + type: str + choices: + - disable + - enable + ssh_cbc_cipher: + description: + - Enable/disable CBC cipher for SSH access. + type: str + choices: + - enable + - disable + ssh_hmac_md5: + description: + - Enable/disable HMAC-MD5 for SSH access. + type: str + choices: + - enable + - disable + ssh_kex_sha1: + description: + - Enable/disable SHA1 key exchange for SSH access. + type: str + choices: + - enable + - disable + ssl_static_key_ciphers: + description: + - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). + type: str + choices: + - enable + - disable + sslvpn_cipher_hardware_acceleration: + description: + - Enable/disable SSL VPN hardware acceleration. + type: str + choices: + - enable + - disable + sslvpn_kxp_hardware_acceleration: + description: + - Enable/disable SSL VPN KXP hardware acceleration. + type: str + choices: + - enable + - disable + sslvpn_max_worker_count: + description: + - Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model. + type: int + sslvpn_plugin_version_check: + description: + - Enable/disable checking browser"s plugin version by SSL VPN. + type: str + choices: + - enable + - disable + strict_dirty_session_check: + description: + - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when + web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or + policy change causes the session to no longer match the policy that originally allowed the session. + type: str + choices: + - enable + - disable + strong_crypto: + description: + - Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions. + type: str + choices: + - enable + - disable + switch_controller: + description: + - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. + type: str + choices: + - disable + - enable + switch_controller_reserved_network: + description: + - Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled. + type: str + sys_perf_log_interval: + description: + - Time in minutes between updates of performance statistics logging. (1 - 15 min). + type: int + tcp_halfclose_timer: + description: + - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded + (1 - 86400 sec (1 day)). + type: int + tcp_halfopen_timer: + description: + - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not + responded (1 - 86400 sec (1 day)). + type: int + tcp_option: + description: + - Enable SACK, timestamp and MSS TCP options. + type: str + choices: + - enable + - disable + tcp_timewait_timer: + description: + - Length of the TCP TIME-WAIT state in seconds. + type: int + tftp: + description: + - Enable/disable TFTP. + type: str + choices: + - enable + - disable + timezone: + description: + - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent + them. + type: str + choices: + - 01 + - 02 + - 03 + - 04 + - 05 + - 81 + - 06 + - 07 + - 08 + - 09 + - 10 + - 11 + - 12 + - 13 + - 74 + - 14 + - 77 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 75 + - 87 + - 21 + - 22 + - 23 + - 24 + - 80 + - 79 + - 25 + - 26 + - 27 + - 28 + - 78 + - 29 + - 30 + - 31 + - 32 + - 33 + - 34 + - 35 + - 36 + - 37 + - 38 + - 83 + - 84 + - 40 + - 85 + - 41 + - 42 + - 43 + - 39 + - 44 + - 46 + - 47 + - 51 + - 48 + - 45 + - 49 + - 50 + - 52 + - 53 + - 54 + - 55 + - 56 + - 57 + - 58 + - 59 + - 60 + - 62 + - 63 + - 61 + - 64 + - 65 + - 66 + - 67 + - 68 + - 69 + - 70 + - 71 + - 72 + - 00 + - 82 + - 73 + - 86 + - 76 + tp_mc_skip_policy: + description: + - Enable/disable skip policy check and allow multicast through. + type: str + choices: + - enable + - disable + traffic_priority: + description: + - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. + type: str + choices: + - tos + - dscp + traffic_priority_level: + description: + - Default system-wide level of priority for traffic prioritization. + type: str + choices: + - low + - medium + - high + two_factor_email_expiry: + description: + - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). + type: int + two_factor_fac_expiry: + description: + - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). + type: int + two_factor_ftk_expiry: + description: + - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). + type: int + two_factor_ftm_expiry: + description: + - FortiToken Mobile session timeout (1 - 168 hours (7 days)). + type: int + two_factor_sms_expiry: + description: + - SMS-based two-factor authentication session timeout (30 - 300 sec). + type: int + udp_idle_timer: + description: + - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). + type: int + user_server_cert: + description: + - Certificate to use for https user authentication. Source certificate.local.name. + type: str + vdom_admin: + description: + - Enable/disable support for multiple virtual domains (VDOMs). + type: str + choices: + - enable + - disable + vip_arp_range: + description: + - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. + type: str + choices: + - unlimited + - restricted + virtual_server_count: + description: + - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. + type: int + virtual_server_hardware_acceleration: + description: + - Enable/disable virtual server hardware acceleration. + type: str + choices: + - disable + - enable + wad_csvc_cs_count: + description: + - Number of concurrent WAD-cache-service object-cache processes. + type: int + wad_csvc_db_count: + description: + - Number of concurrent WAD-cache-service byte-cache processes. + type: int + wad_source_affinity: + description: + - Enable/disable dispatching traffic to WAD workers based on source affinity. + type: str + choices: + - disable + - enable + wad_worker_count: + description: + - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is + handled by all of the CPU cores in a FortiGate unit. + type: int + wifi_ca_certificate: + description: + - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. + type: str + wifi_certificate: + description: + - Certificate to use for WiFi authentication. Source certificate.local.name. + type: str + wimax_4g_usb: + description: + - Enable/disable comparability with WiMAX 4G USB devices. + type: str + choices: + - enable + - disable + wireless_controller: + description: + - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. + type: str + choices: + - enable + - disable + wireless_controller_port: + description: + - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port + number plus one (1024 - 49150). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global attributes. + fortios_system_global: + vdom: "{{ vdom }}" + system_global: + admin_concurrent: "enable" + admin_console_timeout: "4" + admin_https_pki_required: "enable" + admin_https_redirect: "enable" + admin_https_ssl_versions: "tlsv1-0" + admin_lockout_duration: "8" + admin_lockout_threshold: "9" + admin_login_max: "10" + admin_maintainer: "enable" + admin_port: "12" + admin_restrict_local: "enable" + admin_scp: "enable" + admin_server_cert: " (source certificate.local.name)" + admin_sport: "16" + admin_ssh_grace_time: "17" + admin_ssh_password: "enable" + admin_ssh_port: "19" + admin_ssh_v1: "enable" + admin_telnet_port: "21" + admintimeout: "22" + alias: "" + allow_traffic_redirect: "enable" + anti_replay: "disable" + arp_max_entry: "26" + asymroute: "enable" + auth_cert: " (source certificate.local.name)" + auth_http_port: "29" + auth_https_port: "30" + auth_keepalive: "enable" + auth_session_limit: "block-new" + auto_auth_extension_device: "enable" + av_affinity: "" + av_failopen: "pass" + av_failopen_session: "enable" + batch_cmdb: "enable" + block_session_timer: "38" + br_fdb_max_entry: "39" + cert_chain_max: "40" + cfg_revert_timeout: "41" + cfg_save: "automatic" + check_protocol_header: "loose" + check_reset_range: "strict" + cli_audit_log: "enable" + clt_cert_req: "enable" + compliance_check: "enable" + compliance_check_time: "" + cpu_use_threshold: "49" + csr_ca_attribute: "enable" + daily_restart: "enable" + device_identification_active_scan_delay: "52" + device_idle_timeout: "53" + dh_params: "1024" + dst: "enable" + endpoint_control_fds_access: "enable" + endpoint_control_portal_port: "57" + failtime: "58" + fds_statistics: "enable" + fds_statistics_period: "60" + fgd_alert_subscription: "advisory" + fortiextender: "enable" + fortiextender_data_port: "63" + fortiextender_vlan_mode: "enable" + fortiservice_port: "65" + gui_certificates: "enable" + gui_custom_language: "enable" + gui_device_latitude: "" + gui_device_longitude: "" + gui_display_hostname: "enable" + gui_ipv6: "enable" + gui_lines_per_page: "72" + gui_theme: "green" + gui_wireless_opensecurity: "enable" + honor_df: "enable" + hostname: "myhostname" + igmp_state_limit: "77" + interval: "78" + ip_src_port_range: "" + ips_affinity: "" + ipsec_asic_offload: "enable" + ipsec_hmac_offload: "enable" + ipv6_accept_dad: "83" + ipv6_allow_anycast_probe: "enable" + language: "english" + ldapconntimeout: "86" + lldp_transmission: "enable" + log_ssl_connection: "enable" + log_uuid: "disable" + login_timestamp: "enable" + long_vdom_name: "enable" + management_vdom: " (source system.vdom.name)" + max_dlpstat_memory: "93" + max_route_cache_size: "94" + mc_ttl_notchange: "enable" + memory_use_threshold_extreme: "96" + memory_use_threshold_green: "97" + memory_use_threshold_red: "98" + miglogd_children: "99" + multi_factor_authentication: "optional" + multicast_forward: "enable" + ndp_max_entry: "102" + per_user_bwl: "enable" + policy_auth_concurrent: "104" + post_login_banner: "disable" + pre_login_banner: "enable" + private_data_encryption: "disable" + proxy_auth_lifetime: "enable" + proxy_auth_lifetime_timeout: "109" + proxy_auth_timeout: "110" + proxy_cipher_hardware_acceleration: "disable" + proxy_kxp_hardware_acceleration: "disable" + proxy_re_authentication_mode: "session" + proxy_worker_count: "114" + radius_port: "115" + reboot_upon_config_restore: "enable" + refresh: "117" + remoteauthtimeout: "118" + reset_sessionless_tcp: "enable" + restart_time: "" + revision_backup_on_logout: "enable" + revision_image_auto_backup: "enable" + scanunit_count: "123" + security_rating_result_submission: "enable" + security_rating_run_on_schedule: "enable" + send_pmtu_icmp: "enable" + snat_route_change: "enable" + special_file_23_support: "disable" + ssh_cbc_cipher: "enable" + ssh_hmac_md5: "enable" + ssh_kex_sha1: "enable" + ssl_static_key_ciphers: "enable" + sslvpn_cipher_hardware_acceleration: "enable" + sslvpn_kxp_hardware_acceleration: "enable" + sslvpn_max_worker_count: "135" + sslvpn_plugin_version_check: "enable" + strict_dirty_session_check: "enable" + strong_crypto: "enable" + switch_controller: "disable" + switch_controller_reserved_network: "" + sys_perf_log_interval: "141" + tcp_halfclose_timer: "142" + tcp_halfopen_timer: "143" + tcp_option: "enable" + tcp_timewait_timer: "145" + tftp: "enable" + timezone: "01" + tp_mc_skip_policy: "enable" + traffic_priority: "tos" + traffic_priority_level: "low" + two_factor_email_expiry: "151" + two_factor_fac_expiry: "152" + two_factor_ftk_expiry: "153" + two_factor_ftm_expiry: "154" + two_factor_sms_expiry: "155" + udp_idle_timer: "156" + user_server_cert: " (source certificate.local.name)" + vdom_admin: "enable" + vip_arp_range: "unlimited" + virtual_server_count: "160" + virtual_server_hardware_acceleration: "disable" + wad_csvc_cs_count: "162" + wad_csvc_db_count: "163" + wad_source_affinity: "disable" + wad_worker_count: "165" + wifi_ca_certificate: " (source certificate.ca.name)" + wifi_certificate: " (source certificate.local.name)" + wimax_4g_usb: "enable" + wireless_controller: "enable" + wireless_controller_port: "170" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_global_data(json): + option_list = ['admin_concurrent', 'admin_console_timeout', 'admin_https_pki_required', + 'admin_https_redirect', 'admin_https_ssl_versions', 'admin_lockout_duration', + 'admin_lockout_threshold', 'admin_login_max', 'admin_maintainer', + 'admin_port', 'admin_restrict_local', 'admin_scp', + 'admin_server_cert', 'admin_sport', 'admin_ssh_grace_time', + 'admin_ssh_password', 'admin_ssh_port', 'admin_ssh_v1', + 'admin_telnet_port', 'admintimeout', 'alias', + 'allow_traffic_redirect', 'anti_replay', 'arp_max_entry', + 'asymroute', 'auth_cert', 'auth_http_port', + 'auth_https_port', 'auth_keepalive', 'auth_session_limit', + 'auto_auth_extension_device', 'av_affinity', 'av_failopen', + 'av_failopen_session', 'batch_cmdb', 'block_session_timer', + 'br_fdb_max_entry', 'cert_chain_max', 'cfg_revert_timeout', + 'cfg_save', 'check_protocol_header', 'check_reset_range', + 'cli_audit_log', 'clt_cert_req', 'compliance_check', + 'compliance_check_time', 'cpu_use_threshold', 'csr_ca_attribute', + 'daily_restart', 'device_identification_active_scan_delay', 'device_idle_timeout', + 'dh_params', 'dst', 'endpoint_control_fds_access', + 'endpoint_control_portal_port', 'failtime', 'fds_statistics', + 'fds_statistics_period', 'fgd_alert_subscription', 'fortiextender', + 'fortiextender_data_port', 'fortiextender_vlan_mode', 'fortiservice_port', + 'gui_certificates', 'gui_custom_language', 'gui_device_latitude', + 'gui_device_longitude', 'gui_display_hostname', 'gui_ipv6', + 'gui_lines_per_page', 'gui_theme', 'gui_wireless_opensecurity', + 'honor_df', 'hostname', 'igmp_state_limit', + 'interval', 'ip_src_port_range', 'ips_affinity', + 'ipsec_asic_offload', 'ipsec_hmac_offload', 'ipv6_accept_dad', + 'ipv6_allow_anycast_probe', 'language', 'ldapconntimeout', + 'lldp_transmission', 'log_ssl_connection', 'log_uuid', + 'login_timestamp', 'long_vdom_name', 'management_vdom', + 'max_dlpstat_memory', 'max_route_cache_size', 'mc_ttl_notchange', + 'memory_use_threshold_extreme', 'memory_use_threshold_green', 'memory_use_threshold_red', + 'miglogd_children', 'multi_factor_authentication', 'multicast_forward', + 'ndp_max_entry', 'per_user_bwl', 'policy_auth_concurrent', + 'post_login_banner', 'pre_login_banner', 'private_data_encryption', + 'proxy_auth_lifetime', 'proxy_auth_lifetime_timeout', 'proxy_auth_timeout', + 'proxy_cipher_hardware_acceleration', 'proxy_kxp_hardware_acceleration', 'proxy_re_authentication_mode', + 'proxy_worker_count', 'radius_port', 'reboot_upon_config_restore', + 'refresh', 'remoteauthtimeout', 'reset_sessionless_tcp', + 'restart_time', 'revision_backup_on_logout', 'revision_image_auto_backup', + 'scanunit_count', 'security_rating_result_submission', 'security_rating_run_on_schedule', + 'send_pmtu_icmp', 'snat_route_change', 'special_file_23_support', + 'ssh_cbc_cipher', 'ssh_hmac_md5', 'ssh_kex_sha1', + 'ssl_static_key_ciphers', 'sslvpn_cipher_hardware_acceleration', 'sslvpn_kxp_hardware_acceleration', + 'sslvpn_max_worker_count', 'sslvpn_plugin_version_check', 'strict_dirty_session_check', + 'strong_crypto', 'switch_controller', 'switch_controller_reserved_network', + 'sys_perf_log_interval', 'tcp_halfclose_timer', 'tcp_halfopen_timer', + 'tcp_option', 'tcp_timewait_timer', 'tftp', + 'timezone', 'tp_mc_skip_policy', 'traffic_priority', + 'traffic_priority_level', 'two_factor_email_expiry', 'two_factor_fac_expiry', + 'two_factor_ftk_expiry', 'two_factor_ftm_expiry', 'two_factor_sms_expiry', + 'udp_idle_timer', 'user_server_cert', 'vdom_admin', + 'vip_arp_range', 'virtual_server_count', 'virtual_server_hardware_acceleration', + 'wad_csvc_cs_count', 'wad_csvc_db_count', 'wad_source_affinity', + 'wad_worker_count', 'wifi_ca_certificate', 'wifi_certificate', + 'wimax_4g_usb', 'wireless_controller', 'wireless_controller_port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'admin_https_ssl_versions'], [u'fgd_alert_subscription']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_global(data, fos): + vdom = data['vdom'] + system_global_data = data['system_global'] + system_global_data = flatten_multilists_attributes(system_global_data) + filtered_data = underscore_to_hyphen(filter_system_global_data(system_global_data)) + + return fos.set('system', + 'global', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_global']: + resp = system_global(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_global')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_global": { + "required": False, "type": "dict", "default": None, + "options": { + "admin_concurrent": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_console_timeout": {"required": False, "type": "int"}, + "admin_https_pki_required": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_https_redirect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_https_ssl_versions": {"required": False, "type": "list", + "choices": ["tlsv1-0", + "tlsv1-1", + "tlsv1-2"]}, + "admin_lockout_duration": {"required": False, "type": "int"}, + "admin_lockout_threshold": {"required": False, "type": "int"}, + "admin_login_max": {"required": False, "type": "int"}, + "admin_maintainer": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_port": {"required": False, "type": "int"}, + "admin_restrict_local": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_scp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_server_cert": {"required": False, "type": "str"}, + "admin_sport": {"required": False, "type": "int"}, + "admin_ssh_grace_time": {"required": False, "type": "int"}, + "admin_ssh_password": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_ssh_port": {"required": False, "type": "int"}, + "admin_ssh_v1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "admin_telnet_port": {"required": False, "type": "int"}, + "admintimeout": {"required": False, "type": "int"}, + "alias": {"required": False, "type": "str"}, + "allow_traffic_redirect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "anti_replay": {"required": False, "type": "str", + "choices": ["disable", + "loose", + "strict"]}, + "arp_max_entry": {"required": False, "type": "int"}, + "asymroute": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_cert": {"required": False, "type": "str"}, + "auth_http_port": {"required": False, "type": "int"}, + "auth_https_port": {"required": False, "type": "int"}, + "auth_keepalive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_session_limit": {"required": False, "type": "str", + "choices": ["block-new", + "logout-inactive"]}, + "auto_auth_extension_device": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "av_affinity": {"required": False, "type": "str"}, + "av_failopen": {"required": False, "type": "str", + "choices": ["pass", + "off", + "one-shot"]}, + "av_failopen_session": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "batch_cmdb": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "block_session_timer": {"required": False, "type": "int"}, + "br_fdb_max_entry": {"required": False, "type": "int"}, + "cert_chain_max": {"required": False, "type": "int"}, + "cfg_revert_timeout": {"required": False, "type": "int"}, + "cfg_save": {"required": False, "type": "str", + "choices": ["automatic", + "manual", + "revert"]}, + "check_protocol_header": {"required": False, "type": "str", + "choices": ["loose", + "strict"]}, + "check_reset_range": {"required": False, "type": "str", + "choices": ["strict", + "disable"]}, + "cli_audit_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "clt_cert_req": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "compliance_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "compliance_check_time": {"required": False, "type": "str"}, + "cpu_use_threshold": {"required": False, "type": "int"}, + "csr_ca_attribute": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "daily_restart": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "device_identification_active_scan_delay": {"required": False, "type": "int"}, + "device_idle_timeout": {"required": False, "type": "int"}, + "dh_params": {"required": False, "type": "str", + "choices": ["1024", + "1536", + "2048", + "3072", + "4096", + "6144", + "8192"]}, + "dst": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "endpoint_control_fds_access": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "endpoint_control_portal_port": {"required": False, "type": "int"}, + "failtime": {"required": False, "type": "int"}, + "fds_statistics": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fds_statistics_period": {"required": False, "type": "int"}, + "fgd_alert_subscription": {"required": False, "type": "list", + "choices": ["advisory", + "latest-threat", + "latest-virus", + "latest-attack", + "new-antivirus-db", + "new-attack-db"]}, + "fortiextender": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortiextender_data_port": {"required": False, "type": "int"}, + "fortiextender_vlan_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortiservice_port": {"required": False, "type": "int"}, + "gui_certificates": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_custom_language": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_device_latitude": {"required": False, "type": "str"}, + "gui_device_longitude": {"required": False, "type": "str"}, + "gui_display_hostname": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_ipv6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_lines_per_page": {"required": False, "type": "int"}, + "gui_theme": {"required": False, "type": "str", + "choices": ["green", + "red", + "blue", + "melongene", + "mariner"]}, + "gui_wireless_opensecurity": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "honor_df": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "hostname": {"required": False, "type": "str"}, + "igmp_state_limit": {"required": False, "type": "int"}, + "interval": {"required": False, "type": "int"}, + "ip_src_port_range": {"required": False, "type": "str"}, + "ips_affinity": {"required": False, "type": "str"}, + "ipsec_asic_offload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipsec_hmac_offload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipv6_accept_dad": {"required": False, "type": "int"}, + "ipv6_allow_anycast_probe": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "language": {"required": False, "type": "str", + "choices": ["english", + "french", + "spanish", + "portuguese", + "japanese", + "trach", + "simch", + "korean"]}, + "ldapconntimeout": {"required": False, "type": "int"}, + "lldp_transmission": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_ssl_connection": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_uuid": {"required": False, "type": "str", + "choices": ["disable", + "policy-only", + "extended"]}, + "login_timestamp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "long_vdom_name": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "management_vdom": {"required": False, "type": "str"}, + "max_dlpstat_memory": {"required": False, "type": "int"}, + "max_route_cache_size": {"required": False, "type": "int"}, + "mc_ttl_notchange": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "memory_use_threshold_extreme": {"required": False, "type": "int"}, + "memory_use_threshold_green": {"required": False, "type": "int"}, + "memory_use_threshold_red": {"required": False, "type": "int"}, + "miglogd_children": {"required": False, "type": "int"}, + "multi_factor_authentication": {"required": False, "type": "str", + "choices": ["optional", + "mandatory"]}, + "multicast_forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ndp_max_entry": {"required": False, "type": "int"}, + "per_user_bwl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "policy_auth_concurrent": {"required": False, "type": "int"}, + "post_login_banner": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "pre_login_banner": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "private_data_encryption": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "proxy_auth_lifetime": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "proxy_auth_lifetime_timeout": {"required": False, "type": "int"}, + "proxy_auth_timeout": {"required": False, "type": "int"}, + "proxy_cipher_hardware_acceleration": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "proxy_kxp_hardware_acceleration": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "proxy_re_authentication_mode": {"required": False, "type": "str", + "choices": ["session", + "traffic", + "absolute"]}, + "proxy_worker_count": {"required": False, "type": "int"}, + "radius_port": {"required": False, "type": "int"}, + "reboot_upon_config_restore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "refresh": {"required": False, "type": "int"}, + "remoteauthtimeout": {"required": False, "type": "int"}, + "reset_sessionless_tcp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "restart_time": {"required": False, "type": "str"}, + "revision_backup_on_logout": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "revision_image_auto_backup": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "scanunit_count": {"required": False, "type": "int"}, + "security_rating_result_submission": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "security_rating_run_on_schedule": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "send_pmtu_icmp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "snat_route_change": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "special_file_23_support": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssh_cbc_cipher": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh_hmac_md5": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssh_kex_sha1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_static_key_ciphers": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_cipher_hardware_acceleration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_kxp_hardware_acceleration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslvpn_max_worker_count": {"required": False, "type": "int"}, + "sslvpn_plugin_version_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strict_dirty_session_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strong_crypto": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switch_controller": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "switch_controller_reserved_network": {"required": False, "type": "str"}, + "sys_perf_log_interval": {"required": False, "type": "int"}, + "tcp_halfclose_timer": {"required": False, "type": "int"}, + "tcp_halfopen_timer": {"required": False, "type": "int"}, + "tcp_option": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tcp_timewait_timer": {"required": False, "type": "int"}, + "tftp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "timezone": {"required": False, "type": "str", + "choices": ["01", + "02", + "03", + "04", + "05", + "81", + "06", + "07", + "08", + "09", + "10", + "11", + "12", + "13", + "74", + "14", + "77", + "15", + "16", + "17", + "18", + "19", + "20", + "75", + "87", + "21", + "22", + "23", + "24", + "80", + "79", + "25", + "26", + "27", + "28", + "78", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "83", + "84", + "40", + "85", + "41", + "42", + "43", + "39", + "44", + "46", + "47", + "51", + "48", + "45", + "49", + "50", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "62", + "63", + "61", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "00", + "82", + "73", + "86", + "76"]}, + "tp_mc_skip_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "traffic_priority": {"required": False, "type": "str", + "choices": ["tos", + "dscp"]}, + "traffic_priority_level": {"required": False, "type": "str", + "choices": ["low", + "medium", + "high"]}, + "two_factor_email_expiry": {"required": False, "type": "int"}, + "two_factor_fac_expiry": {"required": False, "type": "int"}, + "two_factor_ftk_expiry": {"required": False, "type": "int"}, + "two_factor_ftm_expiry": {"required": False, "type": "int"}, + "two_factor_sms_expiry": {"required": False, "type": "int"}, + "udp_idle_timer": {"required": False, "type": "int"}, + "user_server_cert": {"required": False, "type": "str"}, + "vdom_admin": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vip_arp_range": {"required": False, "type": "str", + "choices": ["unlimited", + "restricted"]}, + "virtual_server_count": {"required": False, "type": "int"}, + "virtual_server_hardware_acceleration": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "wad_csvc_cs_count": {"required": False, "type": "int"}, + "wad_csvc_db_count": {"required": False, "type": "int"}, + "wad_source_affinity": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "wad_worker_count": {"required": False, "type": "int"}, + "wifi_ca_certificate": {"required": False, "type": "str"}, + "wifi_certificate": {"required": False, "type": "str"}, + "wimax_4g_usb": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wireless_controller": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wireless_controller_port": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_gre_tunnel.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_gre_tunnel.py new file mode 100644 index 00000000..df6e9170 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_gre_tunnel.py @@ -0,0 +1,406 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_gre_tunnel +short_description: Configure GRE tunnel in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and gre_tunnel category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_gre_tunnel: + description: + - Configure GRE tunnel. + default: null + type: dict + suboptions: + checksum_reception: + description: + - Enable/disable validating checksums in received GRE packets. + type: str + choices: + - disable + - enable + checksum_transmission: + description: + - Enable/disable including checksums in transmitted GRE packets. + type: str + choices: + - disable + - enable + dscp_copying: + description: + - Enable/disable DSCP copying. + type: str + choices: + - disable + - enable + interface: + description: + - Interface name. Source system.interface.name. + type: str + ip_version: + description: + - IP version to use for VPN interface. + type: str + choices: + - 4 + - 6 + keepalive_failtimes: + description: + - Number of consecutive unreturned keepalive messages before a GRE connection is considered down (1 - 255). + type: int + keepalive_interval: + description: + - Keepalive message interval (0 - 32767, 0 = disabled). + type: int + key_inbound: + description: + - Require received GRE packets contain this key (0 - 4294967295). + type: int + key_outbound: + description: + - Include this key in transmitted GRE packets (0 - 4294967295). + type: int + local_gw: + description: + - IP address of the local gateway. + type: str + local_gw6: + description: + - IPv6 address of the local gateway. + type: str + name: + description: + - Tunnel name. + required: true + type: str + remote_gw: + description: + - IP address of the remote gateway. + type: str + remote_gw6: + description: + - IPv6 address of the remote gateway. + type: str + sequence_number_reception: + description: + - Enable/disable validating sequence numbers in received GRE packets. + type: str + choices: + - disable + - enable + sequence_number_transmission: + description: + - Enable/disable including of sequence numbers in transmitted GRE packets. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure GRE tunnel. + fortios_system_gre_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_gre_tunnel: + checksum_reception: "disable" + checksum_transmission: "disable" + dscp_copying: "disable" + interface: " (source system.interface.name)" + ip_version: "4" + keepalive_failtimes: "8" + keepalive_interval: "9" + key_inbound: "10" + key_outbound: "11" + local_gw: "" + local_gw6: "" + name: "default_name_14" + remote_gw: "" + remote_gw6: "" + sequence_number_reception: "disable" + sequence_number_transmission: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_gre_tunnel_data(json): + option_list = ['checksum_reception', 'checksum_transmission', 'dscp_copying', + 'interface', 'ip_version', 'keepalive_failtimes', + 'keepalive_interval', 'key_inbound', 'key_outbound', + 'local_gw', 'local_gw6', 'name', + 'remote_gw', 'remote_gw6', 'sequence_number_reception', + 'sequence_number_transmission'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_gre_tunnel(data, fos): + vdom = data['vdom'] + state = data['state'] + system_gre_tunnel_data = data['system_gre_tunnel'] + filtered_data = underscore_to_hyphen(filter_system_gre_tunnel_data(system_gre_tunnel_data)) + + if state == "present": + return fos.set('system', + 'gre-tunnel', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'gre-tunnel', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_gre_tunnel']: + resp = system_gre_tunnel(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_gre_tunnel')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_gre_tunnel": { + "required": False, "type": "dict", "default": None, + "options": { + "checksum_reception": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "checksum_transmission": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "dscp_copying": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "interface": {"required": False, "type": "str"}, + "ip_version": {"required": False, "type": "str", + "choices": ["4", + "6"]}, + "keepalive_failtimes": {"required": False, "type": "int"}, + "keepalive_interval": {"required": False, "type": "int"}, + "key_inbound": {"required": False, "type": "int"}, + "key_outbound": {"required": False, "type": "int"}, + "local_gw": {"required": False, "type": "str"}, + "local_gw6": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "remote_gw": {"required": False, "type": "str"}, + "remote_gw6": {"required": False, "type": "str"}, + "sequence_number_reception": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "sequence_number_transmission": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha.py new file mode 100644 index 00000000..c64dbb1a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha.py @@ -0,0 +1,904 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ha +short_description: Configure HA in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ha category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_ha: + description: + - Configure HA. + default: null + type: dict + suboptions: + arps: + description: + - Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time. + type: int + arps_interval: + description: + - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic. + type: int + authentication: + description: + - Enable/disable heartbeat message authentication. + type: str + choices: + - enable + - disable + cpu_threshold: + description: + - Dynamic weighted load balancing CPU usage weight and high and low thresholds. + type: str + encryption: + description: + - Enable/disable heartbeat message encryption. + type: str + choices: + - enable + - disable + ftp_proxy_threshold: + description: + - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions. + type: str + gratuitous_arps: + description: + - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. + type: str + choices: + - enable + - disable + group_id: + description: + - Cluster group ID (0 - 255). Must be the same for all members. + type: int + group_name: + description: + - Cluster group name. Must be the same for all members. + type: str + ha_direct: + description: + - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiManager and FortiSandbox. + type: str + choices: + - enable + - disable + ha_eth_type: + description: + - HA heartbeat packet Ethertype (4-digit hex). + type: str + ha_mgmt_interfaces: + description: + - Reserve interfaces to manage individual cluster units. + type: list + suboptions: + dst: + description: + - Default route destination for reserved HA management interface. + type: str + gateway: + description: + - Default route gateway for reserved HA management interface. + type: str + gateway6: + description: + - Default IPv6 gateway for reserved HA management interface. + type: str + id: + description: + - Table ID. + required: true + type: int + interface: + description: + - Interface to reserve for HA management. Source system.interface.name. + type: str + ha_mgmt_status: + description: + - Enable to reserve interfaces to manage individual cluster units. + type: str + choices: + - enable + - disable + ha_uptime_diff_margin: + description: + - Normally you would only reduce this value for failover testing. + type: int + hb_interval: + description: + - Time between sending heartbeat packets (1 - 20 (100*ms)). Increase to reduce false positives. + type: int + hb_lost_threshold: + description: + - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives. + type: int + hbdev: + description: + - Heartbeat interfaces. Must be the same for all members. + type: str + hc_eth_type: + description: + - Transparent mode HA heartbeat packet Ethertype (4-digit hex). + type: str + hello_holddown: + description: + - Time to wait before changing from hello to work state (5 - 300 sec). + type: int + http_proxy_threshold: + description: + - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions. + type: str + imap_proxy_threshold: + description: + - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions. + type: str + inter_cluster_session_sync: + description: + - Enable/disable synchronization of sessions among HA clusters. + type: str + choices: + - enable + - disable + key: + description: + - key + type: str + l2ep_eth_type: + description: + - Telnet session HA heartbeat packet Ethertype (4-digit hex). + type: str + link_failed_signal: + description: + - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. + type: str + choices: + - enable + - disable + load_balance_all: + description: + - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. + type: str + choices: + - enable + - disable + memory_compatible_mode: + description: + - Enable/disable memory compatible mode. + type: str + choices: + - enable + - disable + memory_threshold: + description: + - Dynamic weighted load balancing memory usage weight and high and low thresholds. + type: str + mode: + description: + - HA mode. Must be the same for all members. FGSP requires standalone. + type: str + choices: + - standalone + - a-a + - a-p + monitor: + description: + - Interfaces to check for port monitoring (or link failure). Source system.interface.name. + type: str + multicast_ttl: + description: + - HA multicast TTL on master (5 - 3600 sec). + type: int + nntp_proxy_threshold: + description: + - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions. + type: str + override: + description: + - Enable and increase the priority of the unit that should always be primary (master). + type: str + choices: + - enable + - disable + override_wait_time: + description: + - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. + type: int + password: + description: + - Cluster password. Must be the same for all members. + type: str + pingserver_failover_threshold: + description: + - Remote IP monitoring failover threshold (0 - 50). + type: int + pingserver_flip_timeout: + description: + - Time to wait in minutes before renegotiating after a remote IP monitoring failover. + type: int + pingserver_monitor_interface: + description: + - Interfaces to check for remote IP monitoring. Source system.interface.name. + type: str + pingserver_slave_force_reset: + description: + - Enable to force the cluster to negotiate after a remote IP monitoring failover. + type: str + choices: + - enable + - disable + pop3_proxy_threshold: + description: + - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions. + type: str + priority: + description: + - Increase the priority to select the primary unit (0 - 255). + type: int + route_hold: + description: + - Time to wait between routing table updates to the cluster (0 - 3600 sec). + type: int + route_ttl: + description: + - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover. + type: int + route_wait: + description: + - Time to wait before sending new routes to the cluster (0 - 3600 sec). + type: int + schedule: + description: + - Type of A-A load balancing. Use none if you have external load balancers. + type: str + choices: + - none + - hub + - leastconnection + - round-robin + - weight-round-robin + - random + - ip + - ipport + secondary_vcluster: + description: + - Configure virtual cluster 2. + type: dict + suboptions: + monitor: + description: + - Interfaces to check for port monitoring (or link failure). Source system.interface.name. + type: str + override: + description: + - Enable and increase the priority of the unit that should always be primary (master). + type: str + choices: + - enable + - disable + override_wait_time: + description: + - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. + type: int + pingserver_failover_threshold: + description: + - Remote IP monitoring failover threshold (0 - 50). + type: int + pingserver_monitor_interface: + description: + - Interfaces to check for remote IP monitoring. Source system.interface.name. + type: str + pingserver_slave_force_reset: + description: + - Enable to force the cluster to negotiate after a remote IP monitoring failover. + type: str + choices: + - enable + - disable + priority: + description: + - Increase the priority to select the primary unit (0 - 255). + type: int + vcluster_id: + description: + - Cluster ID. + type: int + vdom: + description: + - VDOMs in virtual cluster 2. + type: str + session_pickup: + description: + - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. + type: str + choices: + - enable + - disable + session_pickup_connectionless: + description: + - Enable/disable UDP and ICMP session sync for FGSP. + type: str + choices: + - enable + - disable + session_pickup_delay: + description: + - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. + type: str + choices: + - enable + - disable + session_pickup_expectation: + description: + - Enable/disable session helper expectation session sync for FGSP. + type: str + choices: + - enable + - disable + session_pickup_nat: + description: + - Enable/disable NAT session sync for FGSP. + type: str + choices: + - enable + - disable + session_sync_dev: + description: + - Offload session sync to one or more interfaces to distribute traffic and prevent delays if needed. Source system.interface.name. + type: str + smtp_proxy_threshold: + description: + - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions. + type: str + standalone_config_sync: + description: + - Enable/disable FGSP configuration synchronization. + type: str + choices: + - enable + - disable + standalone_mgmt_vdom: + description: + - Enable/disable standalone management VDOM. + type: str + choices: + - enable + - disable + sync_config: + description: + - Enable/disable configuration synchronization. + type: str + choices: + - enable + - disable + sync_packet_balance: + description: + - Enable/disable HA packet distribution to multiple CPUs. + type: str + choices: + - enable + - disable + unicast_hb: + description: + - Enable/disable unicast heartbeat. + type: str + choices: + - enable + - disable + unicast_hb_netmask: + description: + - Unicast heartbeat netmask. + type: str + unicast_hb_peerip: + description: + - Unicast heartbeat peer IP. + type: str + uninterruptible_upgrade: + description: + - Enable to upgrade a cluster without blocking network traffic. + type: str + choices: + - enable + - disable + vcluster_id: + description: + - Cluster ID. + type: int + vcluster2: + description: + - Enable/disable virtual cluster 2 for virtual clustering. + type: str + choices: + - enable + - disable + vdom: + description: + - VDOMs in virtual cluster 1. + type: str + weight: + description: + - Weight-round-robin weight for each cluster unit. Syntax . + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure HA. + fortios_system_ha: + vdom: "{{ vdom }}" + system_ha: + arps: "3" + arps_interval: "4" + authentication: "enable" + cpu_threshold: "" + encryption: "enable" + ftp_proxy_threshold: "" + gratuitous_arps: "enable" + group_id: "10" + group_name: "" + ha_direct: "enable" + ha_eth_type: "" + ha_mgmt_interfaces: + - + dst: "" + gateway: "" + gateway6: "" + id: "18" + interface: " (source system.interface.name)" + ha_mgmt_status: "enable" + ha_uptime_diff_margin: "21" + hb_interval: "22" + hb_lost_threshold: "23" + hbdev: "" + hc_eth_type: "" + hello_holddown: "26" + http_proxy_threshold: "" + imap_proxy_threshold: "" + inter_cluster_session_sync: "enable" + key: "" + l2ep_eth_type: "" + link_failed_signal: "enable" + load_balance_all: "enable" + memory_compatible_mode: "enable" + memory_threshold: "" + mode: "standalone" + monitor: " (source system.interface.name)" + multicast_ttl: "38" + nntp_proxy_threshold: "" + override: "enable" + override_wait_time: "41" + password: "" + pingserver_failover_threshold: "43" + pingserver_flip_timeout: "44" + pingserver_monitor_interface: " (source system.interface.name)" + pingserver_slave_force_reset: "enable" + pop3_proxy_threshold: "" + priority: "48" + route_hold: "49" + route_ttl: "50" + route_wait: "51" + schedule: "none" + secondary_vcluster: + monitor: " (source system.interface.name)" + override: "enable" + override_wait_time: "56" + pingserver_failover_threshold: "57" + pingserver_monitor_interface: " (source system.interface.name)" + pingserver_slave_force_reset: "enable" + priority: "60" + vcluster_id: "61" + vdom: "" + session_pickup: "enable" + session_pickup_connectionless: "enable" + session_pickup_delay: "enable" + session_pickup_expectation: "enable" + session_pickup_nat: "enable" + session_sync_dev: " (source system.interface.name)" + smtp_proxy_threshold: "" + standalone_config_sync: "enable" + standalone_mgmt_vdom: "enable" + sync_config: "enable" + sync_packet_balance: "enable" + unicast_hb: "enable" + unicast_hb_netmask: "" + unicast_hb_peerip: "" + uninterruptible_upgrade: "enable" + vcluster_id: "78" + vcluster2: "enable" + vdom: "" + weight: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ha_data(json): + option_list = ['arps', 'arps_interval', 'authentication', + 'cpu_threshold', 'encryption', 'ftp_proxy_threshold', + 'gratuitous_arps', 'group_id', 'group_name', + 'ha_direct', 'ha_eth_type', 'ha_mgmt_interfaces', + 'ha_mgmt_status', 'ha_uptime_diff_margin', 'hb_interval', + 'hb_lost_threshold', 'hbdev', 'hc_eth_type', + 'hello_holddown', 'http_proxy_threshold', 'imap_proxy_threshold', + 'inter_cluster_session_sync', 'key', 'l2ep_eth_type', + 'link_failed_signal', 'load_balance_all', 'memory_compatible_mode', + 'memory_threshold', 'mode', 'monitor', + 'multicast_ttl', 'nntp_proxy_threshold', 'override', + 'override_wait_time', 'password', 'pingserver_failover_threshold', + 'pingserver_flip_timeout', 'pingserver_monitor_interface', 'pingserver_slave_force_reset', + 'pop3_proxy_threshold', 'priority', 'route_hold', + 'route_ttl', 'route_wait', 'schedule', + 'secondary_vcluster', 'session_pickup', 'session_pickup_connectionless', + 'session_pickup_delay', 'session_pickup_expectation', 'session_pickup_nat', + 'session_sync_dev', 'smtp_proxy_threshold', 'standalone_config_sync', + 'standalone_mgmt_vdom', 'sync_config', 'sync_packet_balance', + 'unicast_hb', 'unicast_hb_netmask', 'unicast_hb_peerip', + 'uninterruptible_upgrade', 'vcluster_id', 'vcluster2', + 'vdom', 'weight'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ha(data, fos): + vdom = data['vdom'] + system_ha_data = data['system_ha'] + filtered_data = underscore_to_hyphen(filter_system_ha_data(system_ha_data)) + + return fos.set('system', + 'ha', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ha']: + resp = system_ha(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ha')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_ha": { + "required": False, "type": "dict", "default": None, + "options": { + "arps": {"required": False, "type": "int"}, + "arps_interval": {"required": False, "type": "int"}, + "authentication": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cpu_threshold": {"required": False, "type": "str"}, + "encryption": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ftp_proxy_threshold": {"required": False, "type": "str"}, + "gratuitous_arps": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "group_id": {"required": False, "type": "int"}, + "group_name": {"required": False, "type": "str"}, + "ha_direct": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha_eth_type": {"required": False, "type": "str"}, + "ha_mgmt_interfaces": {"required": False, "type": "list", + "options": { + "dst": {"required": False, "type": "str"}, + "gateway": {"required": False, "type": "str"}, + "gateway6": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"} + }}, + "ha_mgmt_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha_uptime_diff_margin": {"required": False, "type": "int"}, + "hb_interval": {"required": False, "type": "int"}, + "hb_lost_threshold": {"required": False, "type": "int"}, + "hbdev": {"required": False, "type": "str"}, + "hc_eth_type": {"required": False, "type": "str"}, + "hello_holddown": {"required": False, "type": "int"}, + "http_proxy_threshold": {"required": False, "type": "str"}, + "imap_proxy_threshold": {"required": False, "type": "str"}, + "inter_cluster_session_sync": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "key": {"required": False, "type": "str"}, + "l2ep_eth_type": {"required": False, "type": "str"}, + "link_failed_signal": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "load_balance_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "memory_compatible_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "memory_threshold": {"required": False, "type": "str"}, + "mode": {"required": False, "type": "str", + "choices": ["standalone", + "a-a", + "a-p"]}, + "monitor": {"required": False, "type": "str"}, + "multicast_ttl": {"required": False, "type": "int"}, + "nntp_proxy_threshold": {"required": False, "type": "str"}, + "override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_wait_time": {"required": False, "type": "int"}, + "password": {"required": False, "type": "str"}, + "pingserver_failover_threshold": {"required": False, "type": "int"}, + "pingserver_flip_timeout": {"required": False, "type": "int"}, + "pingserver_monitor_interface": {"required": False, "type": "str"}, + "pingserver_slave_force_reset": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pop3_proxy_threshold": {"required": False, "type": "str"}, + "priority": {"required": False, "type": "int"}, + "route_hold": {"required": False, "type": "int"}, + "route_ttl": {"required": False, "type": "int"}, + "route_wait": {"required": False, "type": "int"}, + "schedule": {"required": False, "type": "str", + "choices": ["none", + "hub", + "leastconnection", + "round-robin", + "weight-round-robin", + "random", + "ip", + "ipport"]}, + "secondary_vcluster": {"required": False, "type": "dict", + "options": { + "monitor": {"required": False, "type": "str"}, + "override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_wait_time": {"required": False, "type": "int"}, + "pingserver_failover_threshold": {"required": False, "type": "int"}, + "pingserver_monitor_interface": {"required": False, "type": "str"}, + "pingserver_slave_force_reset": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "priority": {"required": False, "type": "int"}, + "vcluster_id": {"required": False, "type": "int"}, + "vdom": {"required": False, "type": "str"} + }}, + "session_pickup": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_pickup_connectionless": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_pickup_delay": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_pickup_expectation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_pickup_nat": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "session_sync_dev": {"required": False, "type": "str"}, + "smtp_proxy_threshold": {"required": False, "type": "str"}, + "standalone_config_sync": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "standalone_mgmt_vdom": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sync_config": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sync_packet_balance": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unicast_hb": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unicast_hb_netmask": {"required": False, "type": "str"}, + "unicast_hb_peerip": {"required": False, "type": "str"}, + "uninterruptible_upgrade": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vcluster_id": {"required": False, "type": "int"}, + "vcluster2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vdom": {"required": False, "type": "str"}, + "weight": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha_monitor.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha_monitor.py new file mode 100644 index 00000000..37d2578f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha_monitor.py @@ -0,0 +1,275 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ha_monitor +short_description: Configure HA monitor in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ha_monitor category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_ha_monitor: + description: + - Configure HA monitor. + default: null + type: dict + suboptions: + monitor_vlan: + description: + - Enable/disable monitor VLAN interfaces. + type: str + choices: + - enable + - disable + vlan_hb_interval: + description: + - Configure heartbeat interval (seconds). + type: int + vlan_hb_lost_threshold: + description: + - VLAN lost heartbeat threshold (1 - 60). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure HA monitor. + fortios_system_ha_monitor: + vdom: "{{ vdom }}" + system_ha_monitor: + monitor_vlan: "enable" + vlan_hb_interval: "4" + vlan_hb_lost_threshold: "5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ha_monitor_data(json): + option_list = ['monitor_vlan', 'vlan_hb_interval', 'vlan_hb_lost_threshold'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ha_monitor(data, fos): + vdom = data['vdom'] + system_ha_monitor_data = data['system_ha_monitor'] + filtered_data = underscore_to_hyphen(filter_system_ha_monitor_data(system_ha_monitor_data)) + + return fos.set('system', + 'ha-monitor', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ha_monitor']: + resp = system_ha_monitor(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ha_monitor')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_ha_monitor": { + "required": False, "type": "dict", "default": None, + "options": { + "monitor_vlan": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vlan_hb_interval": {"required": False, "type": "int"}, + "vlan_hb_lost_threshold": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_interface.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_interface.py new file mode 100644 index 00000000..7fb004d1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_interface.py @@ -0,0 +1,2765 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_interface +short_description: Configure interfaces in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and interface category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + system_interface: + description: + - Configure interfaces. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + ac_name: + description: + - PPPoE server name. + type: str + aggregate: + description: + - Aggregate interface. + type: str + algorithm: + description: + - Frame distribution algorithm. + type: str + choices: + - L2 + - L3 + - L4 + alias: + description: + - Alias will be displayed with the interface name to make it easier to distinguish. + type: str + allowaccess: + description: + - Permitted types of management access to this interface. + type: list + choices: + - ping + - https + - ssh + - snmp + - http + - telnet + - fgfm + - radius-acct + - probe-response + - capwap + - ftm + ap_discover: + description: + - Enable/disable automatic registration of unknown FortiAP devices. + type: str + choices: + - enable + - disable + arpforward: + description: + - Enable/disable ARP forwarding. + type: str + choices: + - enable + - disable + auth_type: + description: + - PPP authentication type to use. + type: str + choices: + - auto + - pap + - chap + - mschapv1 + - mschapv2 + auto_auth_extension_device: + description: + - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. + type: str + choices: + - enable + - disable + bfd: + description: + - Bidirectional Forwarding Detection (BFD) settings. + type: str + choices: + - global + - enable + - disable + bfd_desired_min_tx: + description: + - BFD desired minimal transmit interval. + type: int + bfd_detect_mult: + description: + - BFD detection multiplier. + type: int + bfd_required_min_rx: + description: + - BFD required minimal receive interval. + type: int + broadcast_forticlient_discovery: + description: + - Enable/disable broadcasting FortiClient discovery messages. + type: str + choices: + - enable + - disable + broadcast_forward: + description: + - Enable/disable broadcast forwarding. + type: str + choices: + - enable + - disable + captive_portal: + description: + - Enable/disable captive portal. + type: int + cli_conn_status: + description: + - CLI connection status. + type: int + color: + description: + - Color of icon on the GUI. + type: int + dedicated_to: + description: + - Configure interface for single purpose. + type: str + choices: + - none + - management + defaultgw: + description: + - Enable to get the gateway IP from the DHCP or PPPoE server. + type: str + choices: + - enable + - disable + description: + description: + - Description. + type: str + detected_peer_mtu: + description: + - MTU of detected peer (0 - 4294967295). + type: int + detectprotocol: + description: + - Protocols used to detect the server. + type: str + choices: + - ping + - tcp-echo + - udp-echo + detectserver: + description: + - Gateway"s ping server for this IP. + type: str + device_access_list: + description: + - Device access list. + type: str + device_identification: + description: + - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. + type: str + choices: + - enable + - disable + device_identification_active_scan: + description: + - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. + type: str + choices: + - enable + - disable + device_netscan: + description: + - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. + type: str + choices: + - disable + - enable + device_user_identification: + description: + - Enable/disable passive gathering of user identity information about users on this interface. + type: str + choices: + - enable + - disable + devindex: + description: + - Device Index. + type: int + dhcp_client_identifier: + description: + - DHCP client identifier. + type: str + dhcp_relay_agent_option: + description: + - Enable/disable DHCP relay agent option. + type: str + choices: + - enable + - disable + dhcp_relay_ip: + description: + - DHCP relay IP address. + type: str + dhcp_relay_service: + description: + - Enable/disable allowing this interface to act as a DHCP relay. + type: str + choices: + - disable + - enable + dhcp_relay_type: + description: + - DHCP relay type (regular or IPsec). + type: str + choices: + - regular + - ipsec + dhcp_renew_time: + description: + - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. + type: int + disc_retry_timeout: + description: + - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. + type: int + disconnect_threshold: + description: + - Time in milliseconds to wait before sending a notification that this interface is down or disconnected. + type: int + distance: + description: + - Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. + type: int + dns_server_override: + description: + - Enable/disable use DNS acquired by DHCP or PPPoE. + type: str + choices: + - enable + - disable + drop_fragment: + description: + - Enable/disable drop fragment packets. + type: str + choices: + - enable + - disable + drop_overlapped_fragment: + description: + - Enable/disable drop overlapped fragment packets. + type: str + choices: + - enable + - disable + egress_shaping_profile: + description: + - Outgoing traffic shaping profile. + type: str + endpoint_compliance: + description: + - Enable/disable endpoint compliance enforcement. + type: str + choices: + - enable + - disable + estimated_downstream_bandwidth: + description: + - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. + type: int + estimated_upstream_bandwidth: + description: + - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. + type: int + explicit_ftp_proxy: + description: + - Enable/disable the explicit FTP proxy on this interface. + type: str + choices: + - enable + - disable + explicit_web_proxy: + description: + - Enable/disable the explicit web proxy on this interface. + type: str + choices: + - enable + - disable + external: + description: + - Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet). + type: str + choices: + - enable + - disable + fail_action_on_extender: + description: + - Action on extender when interface fail . + type: str + choices: + - soft-restart + - hard-restart + - reboot + fail_alert_interfaces: + description: + - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. + type: list + suboptions: + name: + description: + - Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name. + required: true + type: str + fail_alert_method: + description: + - Select link-failed-signal or link-down method to alert about a failed link. + type: str + choices: + - link-failed-signal + - link-down + fail_detect: + description: + - Enable/disable fail detection features for this interface. + type: str + choices: + - enable + - disable + fail_detect_option: + description: + - Options for detecting that this interface has failed. + type: str + choices: + - detectserver + - link-down + fortiheartbeat: + description: + - Enable/disable FortiHeartBeat (FortiTelemetry on GUI). + type: str + choices: + - enable + - disable + fortilink: + description: + - Enable FortiLink to dedicate this interface to manage other Fortinet devices. + type: str + choices: + - enable + - disable + fortilink_backup_link: + description: + - fortilink split interface backup link. + type: int + fortilink_split_interface: + description: + - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 + interfaces in the "members" command). + type: str + choices: + - enable + - disable + fortilink_stacking: + description: + - Enable/disable FortiLink switch-stacking on this interface. + type: str + choices: + - enable + - disable + forward_domain: + description: + - Transparent mode forward domain. + type: int + gwdetect: + description: + - Enable/disable detect gateway alive for first. + type: str + choices: + - enable + - disable + ha_priority: + description: + - HA election priority for the PING server. + type: int + icmp_redirect: + description: + - Enable/disable ICMP redirect. + type: str + choices: + - enable + - disable + ident_accept: + description: + - Enable/disable authentication for this interface. + type: str + choices: + - enable + - disable + idle_timeout: + description: + - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. + type: int + inbandwidth: + description: + - Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. + type: int + ingress_spillover_threshold: + description: + - Ingress Spillover threshold (0 - 16776000 kbps). + type: int + interface: + description: + - Interface name. Source system.interface.name. + type: str + internal: + description: + - Implicitly created. + type: int + ip: + description: + - 'Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.' + type: str + ipmac: + description: + - Enable/disable IP/MAC binding. + type: str + choices: + - enable + - disable + ips_sniffer_mode: + description: + - Enable/disable the use of this interface as a one-armed sniffer. + type: str + choices: + - enable + - disable + ipunnumbered: + description: + - Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. + type: str + ipv6: + description: + - IPv6 of interface. + type: dict + suboptions: + autoconf: + description: + - Enable/disable address auto config. + type: str + choices: + - enable + - disable + dhcp6_client_options: + description: + - DHCPv6 client options. + type: str + choices: + - rapid + - iapd + - iana + dhcp6_information_request: + description: + - Enable/disable DHCPv6 information request. + type: str + choices: + - enable + - disable + dhcp6_prefix_delegation: + description: + - Enable/disable DHCPv6 prefix delegation. + type: str + choices: + - enable + - disable + dhcp6_prefix_hint: + description: + - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. + type: str + dhcp6_prefix_hint_plt: + description: + - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. + type: int + dhcp6_prefix_hint_vlt: + description: + - DHCPv6 prefix hint valid life time (sec). + type: int + dhcp6_relay_ip: + description: + - DHCPv6 relay IP address. + type: str + dhcp6_relay_service: + description: + - Enable/disable DHCPv6 relay. + type: str + choices: + - disable + - enable + dhcp6_relay_type: + description: + - DHCPv6 relay type. + type: str + choices: + - regular + ip6_address: + description: + - 'Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx' + type: str + ip6_allowaccess: + description: + - Allow management access to the interface. + type: list + choices: + - ping + - https + - ssh + - snmp + - http + - telnet + - fgfm + - capwap + ip6_default_life: + description: + - Default life (sec). + type: int + ip6_delegated_prefix_list: + description: + - Advertised IPv6 delegated prefix list. + type: list + suboptions: + autonomous_flag: + description: + - Enable/disable the autonomous flag. + type: str + choices: + - enable + - disable + onlink_flag: + description: + - Enable/disable the onlink flag. + type: str + choices: + - enable + - disable + prefix_id: + description: + - Prefix ID. + type: int + rdnss: + description: + - Recursive DNS server option. + type: str + rdnss_service: + description: + - Recursive DNS service option. + type: str + choices: + - delegated + - default + - specify + subnet: + description: + - Add subnet ID to routing prefix. + type: str + upstream_interface: + description: + - Name of the interface that provides delegated information. Source system.interface.name. + type: str + ip6_dns_server_override: + description: + - Enable/disable using the DNS server acquired by DHCP. + type: str + choices: + - enable + - disable + ip6_extra_addr: + description: + - Extra IPv6 address prefixes of interface. + type: list + suboptions: + prefix: + description: + - IPv6 address prefix. + required: true + type: str + ip6_hop_limit: + description: + - Hop limit (0 means unspecified). + type: int + ip6_link_mtu: + description: + - IPv6 link MTU. + type: int + ip6_manage_flag: + description: + - Enable/disable the managed flag. + type: str + choices: + - enable + - disable + ip6_max_interval: + description: + - IPv6 maximum interval (4 to 1800 sec). + type: int + ip6_min_interval: + description: + - IPv6 minimum interval (3 to 1350 sec). + type: int + ip6_mode: + description: + - Addressing mode (static, DHCP, delegated). + type: str + choices: + - static + - dhcp + - pppoe + - delegated + ip6_other_flag: + description: + - Enable/disable the other IPv6 flag. + type: str + choices: + - enable + - disable + ip6_prefix_list: + description: + - Advertised prefix list. + type: list + suboptions: + autonomous_flag: + description: + - Enable/disable the autonomous flag. + type: str + choices: + - enable + - disable + dnssl: + description: + - DNS search list option. + type: list + suboptions: + domain: + description: + - Domain name. + required: true + type: str + onlink_flag: + description: + - Enable/disable the onlink flag. + type: str + choices: + - enable + - disable + preferred_life_time: + description: + - Preferred life time (sec). + type: int + prefix: + description: + - IPv6 prefix. + required: true + type: str + rdnss: + description: + - Recursive DNS server option. + type: str + valid_life_time: + description: + - Valid life time (sec). + type: int + ip6_reachable_time: + description: + - IPv6 reachable time (milliseconds; 0 means unspecified). + type: int + ip6_retrans_time: + description: + - IPv6 retransmit time (milliseconds; 0 means unspecified). + type: int + ip6_send_adv: + description: + - Enable/disable sending advertisements about the interface. + type: str + choices: + - enable + - disable + ip6_subnet: + description: + - ' Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx' + type: str + ip6_upstream_interface: + description: + - Interface name providing delegated information. Source system.interface.name. + type: str + nd_cert: + description: + - Neighbor discovery certificate. Source certificate.local.name. + type: str + nd_cga_modifier: + description: + - Neighbor discovery CGA modifier. + type: str + nd_mode: + description: + - Neighbor discovery mode. + type: str + choices: + - basic + - SEND-compatible + nd_security_level: + description: + - Neighbor discovery security level (0 - 7; 0 = least secure). + type: int + nd_timestamp_delta: + description: + - Neighbor discovery timestamp delta value (1 - 3600 sec; ). + type: int + nd_timestamp_fuzz: + description: + - Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). + type: int + vrip6_link_local: + description: + - Link-local IPv6 address of virtual router. + type: str + vrrp_virtual_mac6: + description: + - Enable/disable virtual MAC for VRRP. + type: str + choices: + - enable + - disable + vrrp6: + description: + - IPv6 VRRP configuration. + type: list + suboptions: + accept_mode: + description: + - Enable/disable accept mode. + type: str + choices: + - enable + - disable + adv_interval: + description: + - Advertisement interval (1 - 255 seconds). + type: int + preempt: + description: + - Enable/disable preempt mode. + type: str + choices: + - enable + - disable + priority: + description: + - Priority of the virtual router (1 - 255). + type: int + start_time: + description: + - Startup time (1 - 255 seconds). + type: int + status: + description: + - Enable/disable VRRP. + type: str + choices: + - enable + - disable + vrdst6: + description: + - Monitor the route to this destination. + type: str + vrgrp: + description: + - VRRP group ID (1 - 65535). + type: int + vrid: + description: + - Virtual router identifier (1 - 255). + required: true + type: int + vrip6: + description: + - IPv6 address of the virtual router. + type: str + l2forward: + description: + - Enable/disable l2 forwarding. + type: str + choices: + - enable + - disable + lacp_ha_slave: + description: + - LACP HA slave. + type: str + choices: + - enable + - disable + lacp_mode: + description: + - LACP mode. + type: str + choices: + - static + - passive + - active + lacp_speed: + description: + - How often the interface sends LACP messages. + type: str + choices: + - slow + - fast + lcp_echo_interval: + description: + - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. + type: int + lcp_max_echo_fails: + description: + - Maximum missed LCP echo messages before disconnect. + type: int + link_up_delay: + description: + - Number of milliseconds to wait before considering a link is up. + type: int + lldp_transmission: + description: + - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. + type: str + choices: + - enable + - disable + - vdom + macaddr: + description: + - Change the interface"s MAC address. + type: str + managed_device: + description: + - Available when FortiLink is enabled, used for managed devices through FortiLink interface. + type: list + suboptions: + name: + description: + - Managed dev identifier. + required: true + type: str + management_ip: + description: + - High Availability in-band management IP address of this interface. + type: str + member: + description: + - Physical interfaces that belong to the aggregate or redundant interface. + type: list + suboptions: + interface_name: + description: + - Physical interface name. Source system.interface.name. + type: str + min_links: + description: + - Minimum number of aggregated ports that must be up. + type: int + min_links_down: + description: + - Action to take when less than the configured minimum number of links are active. + type: str + choices: + - operational + - administrative + mode: + description: + - Addressing mode (static, DHCP, PPPoE). + type: str + choices: + - static + - dhcp + - pppoe + mtu: + description: + - MTU value for this interface. + type: int + mtu_override: + description: + - Enable to set a custom MTU for this interface. + type: str + choices: + - enable + - disable + name: + description: + - Name. + required: true + type: str + ndiscforward: + description: + - Enable/disable NDISC forwarding. + type: str + choices: + - enable + - disable + netbios_forward: + description: + - Enable/disable NETBIOS forwarding. + type: str + choices: + - disable + - enable + netflow_sampler: + description: + - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). + type: str + choices: + - disable + - tx + - rx + - both + outbandwidth: + description: + - Bandwidth limit for outgoing traffic (0 - 16776000 kbps). + type: int + padt_retry_timeout: + description: + - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. + type: int + password: + description: + - PPPoE account"s password. + type: str + ping_serv_status: + description: + - PING server status. + type: int + polling_interval: + description: + - sFlow polling interval (1 - 255 sec). + type: int + pppoe_unnumbered_negotiate: + description: + - Enable/disable PPPoE unnumbered negotiation. + type: str + choices: + - enable + - disable + pptp_auth_type: + description: + - PPTP authentication type. + type: str + choices: + - auto + - pap + - chap + - mschapv1 + - mschapv2 + pptp_client: + description: + - Enable/disable PPTP client. + type: str + choices: + - enable + - disable + pptp_password: + description: + - PPTP password. + type: str + pptp_server_ip: + description: + - PPTP server IP address. + type: str + pptp_timeout: + description: + - Idle timer in minutes (0 for disabled). + type: int + pptp_user: + description: + - PPTP user name. + type: str + preserve_session_route: + description: + - Enable/disable preservation of session route when dirty. + type: str + choices: + - enable + - disable + priority: + description: + - Priority of learned routes. + type: int + priority_override: + description: + - Enable/disable fail back to higher priority port once recovered. + type: str + choices: + - enable + - disable + proxy_captive_portal: + description: + - Enable/disable proxy captive portal on this interface. + type: str + choices: + - enable + - disable + redundant_interface: + description: + - Redundant interface. + type: str + remote_ip: + description: + - Remote IP address of tunnel. + type: str + replacemsg_override_group: + description: + - Replacement message override group. + type: str + role: + description: + - Interface role. + type: str + choices: + - lan + - wan + - dmz + - undefined + sample_direction: + description: + - Data that NetFlow collects (rx, tx, or both). + type: str + choices: + - tx + - rx + - both + sample_rate: + description: + - sFlow sample rate (10 - 99999). + type: int + scan_botnet_connections: + description: + - Enable monitoring or blocking connections to Botnet servers through this interface. + type: str + choices: + - disable + - block + - monitor + secondary_IP: + description: + - Enable/disable adding a secondary IP to this interface. + type: str + choices: + - enable + - disable + secondaryip: + description: + - Second IP address of interface. + type: list + suboptions: + allowaccess: + description: + - Management access settings for the secondary IP address. + type: str + choices: + - ping + - https + - ssh + - snmp + - http + - telnet + - fgfm + - radius-acct + - probe-response + - capwap + - ftm + detectprotocol: + description: + - Protocols used to detect the server. + type: str + choices: + - ping + - tcp-echo + - udp-echo + detectserver: + description: + - Gateway"s ping server for this IP. + type: str + gwdetect: + description: + - Enable/disable detect gateway alive for first. + type: str + choices: + - enable + - disable + ha_priority: + description: + - HA election priority for the PING server. + type: int + id: + description: + - ID. + required: true + type: int + ip: + description: + - Secondary IP address of the interface. + type: str + ping_serv_status: + description: + - PING server status. + type: int + security_exempt_list: + description: + - Name of security-exempt-list. + type: str + security_external_logout: + description: + - URL of external authentication logout server. + type: str + security_external_web: + description: + - URL of external authentication web server. + type: str + security_groups: + description: + - User groups that can authenticate with the captive portal. + type: list + suboptions: + name: + description: + - Names of user groups that can authenticate with the captive portal. + required: true + type: str + security_mac_auth_bypass: + description: + - Enable/disable MAC authentication bypass. + type: str + choices: + - enable + - disable + security_mode: + description: + - Turn on captive portal authentication for this interface. + type: str + choices: + - none + - captive-portal + - 802.1X + security_redirect_url: + description: + - URL redirection after disclaimer/authentication. + type: str + service_name: + description: + - PPPoE service name. + type: str + sflow_sampler: + description: + - Enable/disable sFlow on this interface. + type: str + choices: + - enable + - disable + snmp_index: + description: + - Permanent SNMP Index of the interface. + type: int + speed: + description: + - Interface speed. The default setting and the options available depend on the interface hardware. + type: str + choices: + - auto + - 10full + - 10half + - 100full + - 100half + - 1000full + - 1000half + - 1000auto + spillover_threshold: + description: + - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. + type: int + src_check: + description: + - Enable/disable source IP check. + type: str + choices: + - enable + - disable + status: + description: + - Bring the interface up or shut the interface down. + type: str + choices: + - up + - down + stpforward: + description: + - Enable/disable STP forwarding. + type: str + choices: + - enable + - disable + stpforward_mode: + description: + - Configure STP forwarding mode. + type: str + choices: + - rpl-all-ext-id + - rpl-bridge-ext-id + - rpl-nothing + subst: + description: + - Enable to always send packets from this interface to a destination MAC address. + type: str + choices: + - enable + - disable + substitute_dst_mac: + description: + - Destination MAC address that all packets are sent to from this interface. + type: str + switch: + description: + - Contained in switch. + type: str + switch_controller_access_vlan: + description: + - Block FortiSwitch port-to-port traffic. + type: str + choices: + - enable + - disable + switch_controller_arp_inspection: + description: + - Enable/disable FortiSwitch ARP inspection. + type: str + choices: + - enable + - disable + switch_controller_dhcp_snooping: + description: + - Switch controller DHCP snooping. + type: str + choices: + - enable + - disable + switch_controller_dhcp_snooping_option82: + description: + - Switch controller DHCP snooping option82. + type: str + choices: + - enable + - disable + switch_controller_dhcp_snooping_verify_mac: + description: + - Switch controller DHCP snooping verify MAC. + type: str + choices: + - enable + - disable + switch_controller_igmp_snooping: + description: + - Switch controller IGMP snooping. + type: str + choices: + - enable + - disable + switch_controller_learning_limit: + description: + - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). + type: int + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + tcp_mss: + description: + - TCP maximum segment size. 0 means do not change segment size. + type: int + trust_ip_1: + description: + - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). + type: str + trust_ip_2: + description: + - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). + type: str + trust_ip_3: + description: + - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). + type: str + trust_ip6_1: + description: + - 'Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).' + type: str + trust_ip6_2: + description: + - 'Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).' + type: str + trust_ip6_3: + description: + - 'Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).' + type: str + type: + description: + - Interface type. + type: str + choices: + - physical + - vlan + - aggregate + - redundant + - tunnel + - vdom-link + - loopback + - switch + - hard-switch + - vap-switch + - wl-mesh + - fext-wan + - vxlan + - hdlc + - switch-vlan + username: + description: + - Username of the PPPoE account, provided by your ISP. + type: str + vdom: + description: + - Interface is in this virtual domain (VDOM). Source system.vdom.name. + type: str + vindex: + description: + - Switch control interface VLAN ID. + type: int + vlanforward: + description: + - Enable/disable traffic forwarding between VLANs on this interface. + type: str + choices: + - enable + - disable + vlanid: + description: + - VLAN ID (1 - 4094). + type: int + vrf: + description: + - Virtual Routing Forwarding ID. + type: int + vrrp: + description: + - VRRP configuration. + type: list + suboptions: + accept_mode: + description: + - Enable/disable accept mode. + type: str + choices: + - enable + - disable + adv_interval: + description: + - Advertisement interval (1 - 255 seconds). + type: int + preempt: + description: + - Enable/disable preempt mode. + type: str + choices: + - enable + - disable + priority: + description: + - Priority of the virtual router (1 - 255). + type: int + proxy_arp: + description: + - VRRP Proxy ARP configuration. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + ip: + description: + - Set IP addresses of proxy ARP. + type: str + start_time: + description: + - Startup time (1 - 255 seconds). + type: int + status: + description: + - Enable/disable this VRRP configuration. + type: str + choices: + - enable + - disable + version: + description: + - VRRP version. + type: str + choices: + - 2 + - 3 + vrdst: + description: + - Monitor the route to this destination. + type: str + vrdst_priority: + description: + - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). + type: int + vrgrp: + description: + - VRRP group ID (1 - 65535). + type: int + vrid: + description: + - Virtual router identifier (1 - 255). + required: true + type: int + vrip: + description: + - IP address of the virtual router. + type: str + vrrp_virtual_mac: + description: + - Enable/disable use of virtual MAC for VRRP. + type: str + choices: + - enable + - disable + wccp: + description: + - Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. + type: str + choices: + - enable + - disable + weight: + description: + - Default weight for static routes (if route has no weight configured). + type: int + wins_ip: + description: + - WINS server IP. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure interfaces. + fortios_system_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_interface: + ac_name: "" + aggregate: "" + algorithm: "L2" + alias: "" + allowaccess: "ping" + ap_discover: "enable" + arpforward: "enable" + auth_type: "auto" + auto_auth_extension_device: "enable" + bfd: "global" + bfd_desired_min_tx: "13" + bfd_detect_mult: "14" + bfd_required_min_rx: "15" + broadcast_forticlient_discovery: "enable" + broadcast_forward: "enable" + captive_portal: "18" + cli_conn_status: "19" + color: "20" + dedicated_to: "none" + defaultgw: "enable" + description: "" + detected_peer_mtu: "24" + detectprotocol: "ping" + detectserver: "" + device_access_list: "" + device_identification: "enable" + device_identification_active_scan: "enable" + device_netscan: "disable" + device_user_identification: "enable" + devindex: "32" + dhcp_client_identifier: "myId_33" + dhcp_relay_agent_option: "enable" + dhcp_relay_ip: "" + dhcp_relay_service: "disable" + dhcp_relay_type: "regular" + dhcp_renew_time: "38" + disc_retry_timeout: "39" + disconnect_threshold: "40" + distance: "41" + dns_server_override: "enable" + drop_fragment: "enable" + drop_overlapped_fragment: "enable" + egress_shaping_profile: "" + endpoint_compliance: "enable" + estimated_downstream_bandwidth: "47" + estimated_upstream_bandwidth: "48" + explicit_ftp_proxy: "enable" + explicit_web_proxy: "enable" + external: "enable" + fail_action_on_extender: "soft-restart" + fail_alert_interfaces: + - + name: "default_name_54 (source system.interface.name)" + fail_alert_method: "link-failed-signal" + fail_detect: "enable" + fail_detect_option: "detectserver" + fortiheartbeat: "enable" + fortilink: "enable" + fortilink_backup_link: "60" + fortilink_split_interface: "enable" + fortilink_stacking: "enable" + forward_domain: "63" + gwdetect: "enable" + ha_priority: "65" + icmp_redirect: "enable" + ident_accept: "enable" + idle_timeout: "68" + inbandwidth: "69" + ingress_spillover_threshold: "70" + interface: " (source system.interface.name)" + internal: "72" + ip: "" + ipmac: "enable" + ips_sniffer_mode: "enable" + ipunnumbered: "" + ipv6: + autoconf: "enable" + dhcp6_client_options: "rapid" + dhcp6_information_request: "enable" + dhcp6_prefix_delegation: "enable" + dhcp6_prefix_hint: "" + dhcp6_prefix_hint_plt: "83" + dhcp6_prefix_hint_vlt: "84" + dhcp6_relay_ip: "" + dhcp6_relay_service: "disable" + dhcp6_relay_type: "regular" + ip6_address: "" + ip6_allowaccess: "ping" + ip6_default_life: "90" + ip6_delegated_prefix_list: + - + autonomous_flag: "enable" + onlink_flag: "enable" + prefix_id: "94" + rdnss: "" + rdnss_service: "delegated" + subnet: "" + upstream_interface: " (source system.interface.name)" + ip6_dns_server_override: "enable" + ip6_extra_addr: + - + prefix: "" + ip6_hop_limit: "102" + ip6_link_mtu: "103" + ip6_manage_flag: "enable" + ip6_max_interval: "105" + ip6_min_interval: "106" + ip6_mode: "static" + ip6_other_flag: "enable" + ip6_prefix_list: + - + autonomous_flag: "enable" + dnssl: + - + domain: "" + onlink_flag: "enable" + preferred_life_time: "114" + prefix: "" + rdnss: "" + valid_life_time: "117" + ip6_reachable_time: "118" + ip6_retrans_time: "119" + ip6_send_adv: "enable" + ip6_subnet: "" + ip6_upstream_interface: " (source system.interface.name)" + nd_cert: " (source certificate.local.name)" + nd_cga_modifier: "" + nd_mode: "basic" + nd_security_level: "126" + nd_timestamp_delta: "127" + nd_timestamp_fuzz: "128" + vrip6_link_local: "" + vrrp_virtual_mac6: "enable" + vrrp6: + - + accept_mode: "enable" + adv_interval: "133" + preempt: "enable" + priority: "135" + start_time: "136" + status: "enable" + vrdst6: "" + vrgrp: "139" + vrid: "140" + vrip6: "" + l2forward: "enable" + lacp_ha_slave: "enable" + lacp_mode: "static" + lacp_speed: "slow" + lcp_echo_interval: "146" + lcp_max_echo_fails: "147" + link_up_delay: "148" + lldp_transmission: "enable" + macaddr: "" + managed_device: + - + name: "default_name_152" + management_ip: "" + member: + - + interface_name: " (source system.interface.name)" + min_links: "156" + min_links_down: "operational" + mode: "static" + mtu: "159" + mtu_override: "enable" + name: "default_name_161" + ndiscforward: "enable" + netbios_forward: "disable" + netflow_sampler: "disable" + outbandwidth: "165" + padt_retry_timeout: "166" + password: "" + ping_serv_status: "168" + polling_interval: "169" + pppoe_unnumbered_negotiate: "enable" + pptp_auth_type: "auto" + pptp_client: "enable" + pptp_password: "" + pptp_server_ip: "" + pptp_timeout: "175" + pptp_user: "" + preserve_session_route: "enable" + priority: "178" + priority_override: "enable" + proxy_captive_portal: "enable" + redundant_interface: "" + remote_ip: "" + replacemsg_override_group: "" + role: "lan" + sample_direction: "tx" + sample_rate: "186" + scan_botnet_connections: "disable" + secondary_IP: "enable" + secondaryip: + - + allowaccess: "ping" + detectprotocol: "ping" + detectserver: "" + gwdetect: "enable" + ha_priority: "194" + id: "195" + ip: "" + ping_serv_status: "197" + security_exempt_list: "" + security_external_logout: "" + security_external_web: "" + security_groups: + - + name: "default_name_202" + security_mac_auth_bypass: "enable" + security_mode: "none" + security_redirect_url: "" + service_name: "" + sflow_sampler: "enable" + snmp_index: "208" + speed: "auto" + spillover_threshold: "210" + src_check: "enable" + status: "up" + stpforward: "enable" + stpforward_mode: "rpl-all-ext-id" + subst: "enable" + substitute_dst_mac: "" + switch: "" + switch_controller_access_vlan: "enable" + switch_controller_arp_inspection: "enable" + switch_controller_dhcp_snooping: "enable" + switch_controller_dhcp_snooping_option82: "enable" + switch_controller_dhcp_snooping_verify_mac: "enable" + switch_controller_igmp_snooping: "enable" + switch_controller_learning_limit: "224" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_227" + tags: + - + name: "default_name_229 (source system.object-tagging.tags.name)" + tcp_mss: "230" + trust_ip_1: "" + trust_ip_2: "" + trust_ip_3: "" + trust_ip6_1: "" + trust_ip6_2: "" + trust_ip6_3: "" + type: "physical" + username: "" + vdom: " (source system.vdom.name)" + vindex: "240" + vlanforward: "enable" + vlanid: "242" + vrf: "243" + vrrp: + - + accept_mode: "enable" + adv_interval: "246" + preempt: "enable" + priority: "248" + proxy_arp: + - + id: "250" + ip: "" + start_time: "252" + status: "enable" + version: "2" + vrdst: "" + vrdst_priority: "256" + vrgrp: "257" + vrid: "258" + vrip: "" + vrrp_virtual_mac: "enable" + wccp: "enable" + weight: "262" + wins_ip: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_interface_data(json): + option_list = ['ac_name', 'aggregate', 'algorithm', + 'alias', 'allowaccess', 'ap_discover', + 'arpforward', 'auth_type', 'auto_auth_extension_device', + 'bfd', 'bfd_desired_min_tx', 'bfd_detect_mult', + 'bfd_required_min_rx', 'broadcast_forticlient_discovery', 'broadcast_forward', + 'captive_portal', 'cli_conn_status', 'color', + 'dedicated_to', 'defaultgw', 'description', + 'detected_peer_mtu', 'detectprotocol', 'detectserver', + 'device_access_list', 'device_identification', 'device_identification_active_scan', + 'device_netscan', 'device_user_identification', 'devindex', + 'dhcp_client_identifier', 'dhcp_relay_agent_option', 'dhcp_relay_ip', + 'dhcp_relay_service', 'dhcp_relay_type', 'dhcp_renew_time', + 'disc_retry_timeout', 'disconnect_threshold', 'distance', + 'dns_server_override', 'drop_fragment', 'drop_overlapped_fragment', + 'egress_shaping_profile', 'endpoint_compliance', 'estimated_downstream_bandwidth', + 'estimated_upstream_bandwidth', 'explicit_ftp_proxy', 'explicit_web_proxy', + 'external', 'fail_action_on_extender', 'fail_alert_interfaces', + 'fail_alert_method', 'fail_detect', 'fail_detect_option', + 'fortiheartbeat', 'fortilink', 'fortilink_backup_link', + 'fortilink_split_interface', 'fortilink_stacking', 'forward_domain', + 'gwdetect', 'ha_priority', 'icmp_redirect', + 'ident_accept', 'idle_timeout', 'inbandwidth', + 'ingress_spillover_threshold', 'interface', 'internal', + 'ip', 'ipmac', 'ips_sniffer_mode', + 'ipunnumbered', 'ipv6', 'l2forward', + 'lacp_ha_slave', 'lacp_mode', 'lacp_speed', + 'lcp_echo_interval', 'lcp_max_echo_fails', 'link_up_delay', + 'lldp_transmission', 'macaddr', 'managed_device', + 'management_ip', 'member', 'min_links', + 'min_links_down', 'mode', 'mtu', + 'mtu_override', 'name', 'ndiscforward', + 'netbios_forward', 'netflow_sampler', 'outbandwidth', + 'padt_retry_timeout', 'password', 'ping_serv_status', + 'polling_interval', 'pppoe_unnumbered_negotiate', 'pptp_auth_type', + 'pptp_client', 'pptp_password', 'pptp_server_ip', + 'pptp_timeout', 'pptp_user', 'preserve_session_route', + 'priority', 'priority_override', 'proxy_captive_portal', + 'redundant_interface', 'remote_ip', 'replacemsg_override_group', + 'role', 'sample_direction', 'sample_rate', + 'scan_botnet_connections', 'secondary_IP', 'secondaryip', + 'security_exempt_list', 'security_external_logout', 'security_external_web', + 'security_groups', 'security_mac_auth_bypass', 'security_mode', + 'security_redirect_url', 'service_name', 'sflow_sampler', + 'snmp_index', 'speed', 'spillover_threshold', + 'src_check', 'status', 'stpforward', + 'stpforward_mode', 'subst', 'substitute_dst_mac', + 'switch', 'switch_controller_access_vlan', 'switch_controller_arp_inspection', + 'switch_controller_dhcp_snooping', 'switch_controller_dhcp_snooping_option82', 'switch_controller_dhcp_snooping_verify_mac', + 'switch_controller_igmp_snooping', 'switch_controller_learning_limit', 'tagging', + 'tcp_mss', 'trust_ip_1', 'trust_ip_2', + 'trust_ip_3', 'trust_ip6_1', 'trust_ip6_2', + 'trust_ip6_3', 'type', 'username', + 'vdom', 'vindex', 'vlanforward', + 'vlanid', 'vrf', 'vrrp', + 'vrrp_virtual_mac', 'wccp', 'weight', + 'wins_ip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'allowaccess'], [u'ipv6', u'ip6_allowaccess']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def serialize(data): + if isinstance(data, str) and ' ' in data: + return serialize(data.split(' ')) + if isinstance(data, list) and len(data) > 0: + if isinstance(data[0], dict): + list_to_order = [] + for dt in data: + ret = {} + for key, value in dt.items(): + ret[key] = serialize(value) + list_to_order.append(ret) + + return sorted(list_to_order, key=lambda dt: str(dt.items())) + else: + return sorted(data) + + if isinstance(data, dict): + result = {} + for key, value in data.items(): + result[key] = serialize(value) + + return result + + return data + + +def is_same_comparison(reorder_current, reorder_filtered): + for key, value in reorder_filtered.items(): + if key not in reorder_current: + return False + + if isinstance(value, dict): + if not is_same_comparison(reorder_current[key], value): + return False + elif isinstance(value, list): + if len(value) != len(reorder_current[key]): + return False + if isinstance(value[0], dict): + for current_dict in reorder_current[key]: + if not is_same_comparison(current_dict, value[0]): + return False + elif reorder_current[key] != value: + return False + elif reorder_current[key] != value: + return False + + return True + + +def system_interface(data, fos, check_mode=False): + + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['system_interface'] and data['system_interface']['state']: + state = data['system_interface']['state'] + else: + state = True + system_interface_data = data['system_interface'] + system_interface_data = flatten_multilists_attributes(system_interface_data) + filtered_data = underscore_to_hyphen(filter_system_interface_data(system_interface_data)) + + # check_mode starts from here + if check_mode: + mkey = fos.get_mkey('system', 'interface', filtered_data, vdom=vdom) + current_data = fos.get('system', 'interface', vdom=vdom, mkey=mkey) + is_existed = current_data and current_data.get('http_status') == 200 \ + and isinstance(current_data.get('results'), list) \ + and len(current_data['results']) > 0 + + # 2. if it exists and the state is 'present' then compare current settings with desired + if state == 'present': + if mkey is None: + return False, True, filtered_data + + # if mkey exists then compare each other + # record exits and they're matched or not + if is_existed: + is_same = is_same_comparison( + serialize(current_data['results'][0]), serialize(filtered_data)) + return False, not is_same, filtered_data + + # record does not exist + return False, True, filtered_data + + if state == 'absent': + if mkey is None: + return False, False, filtered_data + + if is_existed: + return False, True, filtered_data + return False, False, filtered_data + + return True, False, {'reason: ': 'Must provide state parameter'} + + if state == "present": + return fos.set('system', + 'interface', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'interface', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos, check_mode): + + if data['system_interface']: + resp = system_interface(data, fos, check_mode) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_interface')) + if check_mode: + return resp + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "system_interface": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ac_name": {"required": False, "type": "str"}, + "aggregate": {"required": False, "type": "str"}, + "algorithm": {"required": False, "type": "str", + "choices": ["L2", + "L3", + "L4"]}, + "alias": {"required": False, "type": "str"}, + "allowaccess": {"required": False, "type": "list", + "choices": ["ping", + "https", + "ssh", + "snmp", + "http", + "telnet", + "fgfm", + "radius-acct", + "probe-response", + "capwap", + "ftm"]}, + "ap_discover": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "arpforward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_type": {"required": False, "type": "str", + "choices": ["auto", + "pap", + "chap", + "mschapv1", + "mschapv2"]}, + "auto_auth_extension_device": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bfd": {"required": False, "type": "str", + "choices": ["global", + "enable", + "disable"]}, + "bfd_desired_min_tx": {"required": False, "type": "int"}, + "bfd_detect_mult": {"required": False, "type": "int"}, + "bfd_required_min_rx": {"required": False, "type": "int"}, + "broadcast_forticlient_discovery": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "broadcast_forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "captive_portal": {"required": False, "type": "int"}, + "cli_conn_status": {"required": False, "type": "int"}, + "color": {"required": False, "type": "int"}, + "dedicated_to": {"required": False, "type": "str", + "choices": ["none", + "management"]}, + "defaultgw": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "description": {"required": False, "type": "str"}, + "detected_peer_mtu": {"required": False, "type": "int"}, + "detectprotocol": {"required": False, "type": "str", + "choices": ["ping", + "tcp-echo", + "udp-echo"]}, + "detectserver": {"required": False, "type": "str"}, + "device_access_list": {"required": False, "type": "str"}, + "device_identification": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "device_identification_active_scan": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "device_netscan": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "device_user_identification": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "devindex": {"required": False, "type": "int"}, + "dhcp_client_identifier": {"required": False, "type": "str"}, + "dhcp_relay_agent_option": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp_relay_ip": {"required": False, "type": "str"}, + "dhcp_relay_service": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "dhcp_relay_type": {"required": False, "type": "str", + "choices": ["regular", + "ipsec"]}, + "dhcp_renew_time": {"required": False, "type": "int"}, + "disc_retry_timeout": {"required": False, "type": "int"}, + "disconnect_threshold": {"required": False, "type": "int"}, + "distance": {"required": False, "type": "int"}, + "dns_server_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "drop_fragment": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "drop_overlapped_fragment": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "egress_shaping_profile": {"required": False, "type": "str"}, + "endpoint_compliance": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "estimated_downstream_bandwidth": {"required": False, "type": "int"}, + "estimated_upstream_bandwidth": {"required": False, "type": "int"}, + "explicit_ftp_proxy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "explicit_web_proxy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "external": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fail_action_on_extender": {"required": False, "type": "str", + "choices": ["soft-restart", + "hard-restart", + "reboot"]}, + "fail_alert_interfaces": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "fail_alert_method": {"required": False, "type": "str", + "choices": ["link-failed-signal", + "link-down"]}, + "fail_detect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fail_detect_option": {"required": False, "type": "str", + "choices": ["detectserver", + "link-down"]}, + "fortiheartbeat": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortilink": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortilink_backup_link": {"required": False, "type": "int"}, + "fortilink_split_interface": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortilink_stacking": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forward_domain": {"required": False, "type": "int"}, + "gwdetect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha_priority": {"required": False, "type": "int"}, + "icmp_redirect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ident_accept": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "idle_timeout": {"required": False, "type": "int"}, + "inbandwidth": {"required": False, "type": "int"}, + "ingress_spillover_threshold": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "internal": {"required": False, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "ipmac": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ips_sniffer_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipunnumbered": {"required": False, "type": "str"}, + "ipv6": {"required": False, "type": "dict", + "options": { + "autoconf": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp6_client_options": {"required": False, "type": "str", + "choices": ["rapid", + "iapd", + "iana"]}, + "dhcp6_information_request": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp6_prefix_delegation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp6_prefix_hint": {"required": False, "type": "str"}, + "dhcp6_prefix_hint_plt": {"required": False, "type": "int"}, + "dhcp6_prefix_hint_vlt": {"required": False, "type": "int"}, + "dhcp6_relay_ip": {"required": False, "type": "str"}, + "dhcp6_relay_service": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "dhcp6_relay_type": {"required": False, "type": "str", + "choices": ["regular"]}, + "ip6_address": {"required": False, "type": "str"}, + "ip6_allowaccess": {"required": False, "type": "list", + "choices": ["ping", + "https", + "ssh", + "snmp", + "http", + "telnet", + "fgfm", + "capwap"]}, + "ip6_default_life": {"required": False, "type": "int"}, + "ip6_delegated_prefix_list": {"required": False, "type": "list", + "options": { + "autonomous_flag": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "onlink_flag": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "prefix_id": {"required": False, "type": "int"}, + "rdnss": {"required": False, "type": "str"}, + "rdnss_service": {"required": False, "type": "str", + "choices": ["delegated", + "default", + "specify"]}, + "subnet": {"required": False, "type": "str"}, + "upstream_interface": {"required": False, "type": "str"} + }}, + "ip6_dns_server_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ip6_extra_addr": {"required": False, "type": "list", + "options": { + "prefix": {"required": True, "type": "str"} + }}, + "ip6_hop_limit": {"required": False, "type": "int"}, + "ip6_link_mtu": {"required": False, "type": "int"}, + "ip6_manage_flag": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ip6_max_interval": {"required": False, "type": "int"}, + "ip6_min_interval": {"required": False, "type": "int"}, + "ip6_mode": {"required": False, "type": "str", + "choices": ["static", + "dhcp", + "pppoe", + "delegated"]}, + "ip6_other_flag": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ip6_prefix_list": {"required": False, "type": "list", + "options": { + "autonomous_flag": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dnssl": {"required": False, "type": "list", + "options": { + "domain": {"required": True, "type": "str"} + }}, + "onlink_flag": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "preferred_life_time": {"required": False, "type": "int"}, + "prefix": {"required": True, "type": "str"}, + "rdnss": {"required": False, "type": "str"}, + "valid_life_time": {"required": False, "type": "int"} + }}, + "ip6_reachable_time": {"required": False, "type": "int"}, + "ip6_retrans_time": {"required": False, "type": "int"}, + "ip6_send_adv": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ip6_subnet": {"required": False, "type": "str"}, + "ip6_upstream_interface": {"required": False, "type": "str"}, + "nd_cert": {"required": False, "type": "str"}, + "nd_cga_modifier": {"required": False, "type": "str"}, + "nd_mode": {"required": False, "type": "str", + "choices": ["basic", + "SEND-compatible"]}, + "nd_security_level": {"required": False, "type": "int"}, + "nd_timestamp_delta": {"required": False, "type": "int"}, + "nd_timestamp_fuzz": {"required": False, "type": "int"}, + "vrip6_link_local": {"required": False, "type": "str"}, + "vrrp_virtual_mac6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vrrp6": {"required": False, "type": "list", + "options": { + "accept_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "adv_interval": {"required": False, "type": "int"}, + "preempt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "priority": {"required": False, "type": "int"}, + "start_time": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vrdst6": {"required": False, "type": "str"}, + "vrgrp": {"required": False, "type": "int"}, + "vrid": {"required": True, "type": "int"}, + "vrip6": {"required": False, "type": "str"} + }} + }}, + "l2forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "lacp_ha_slave": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "lacp_mode": {"required": False, "type": "str", + "choices": ["static", + "passive", + "active"]}, + "lacp_speed": {"required": False, "type": "str", + "choices": ["slow", + "fast"]}, + "lcp_echo_interval": {"required": False, "type": "int"}, + "lcp_max_echo_fails": {"required": False, "type": "int"}, + "link_up_delay": {"required": False, "type": "int"}, + "lldp_transmission": {"required": False, "type": "str", + "choices": ["enable", + "disable", + "vdom"]}, + "macaddr": {"required": False, "type": "str"}, + "managed_device": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "management_ip": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "min_links": {"required": False, "type": "int"}, + "min_links_down": {"required": False, "type": "str", + "choices": ["operational", + "administrative"]}, + "mode": {"required": False, "type": "str", + "choices": ["static", + "dhcp", + "pppoe"]}, + "mtu": {"required": False, "type": "int"}, + "mtu_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "ndiscforward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "netbios_forward": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "netflow_sampler": {"required": False, "type": "str", + "choices": ["disable", + "tx", + "rx", + "both"]}, + "outbandwidth": {"required": False, "type": "int"}, + "padt_retry_timeout": {"required": False, "type": "int"}, + "password": {"required": False, "type": "str"}, + "ping_serv_status": {"required": False, "type": "int"}, + "polling_interval": {"required": False, "type": "int"}, + "pppoe_unnumbered_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pptp_auth_type": {"required": False, "type": "str", + "choices": ["auto", + "pap", + "chap", + "mschapv1", + "mschapv2"]}, + "pptp_client": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pptp_password": {"required": False, "type": "str"}, + "pptp_server_ip": {"required": False, "type": "str"}, + "pptp_timeout": {"required": False, "type": "int"}, + "pptp_user": {"required": False, "type": "str"}, + "preserve_session_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "priority": {"required": False, "type": "int"}, + "priority_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "proxy_captive_portal": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "redundant_interface": {"required": False, "type": "str"}, + "remote_ip": {"required": False, "type": "str"}, + "replacemsg_override_group": {"required": False, "type": "str"}, + "role": {"required": False, "type": "str", + "choices": ["lan", + "wan", + "dmz", + "undefined"]}, + "sample_direction": {"required": False, "type": "str", + "choices": ["tx", + "rx", + "both"]}, + "sample_rate": {"required": False, "type": "int"}, + "scan_botnet_connections": {"required": False, "type": "str", + "choices": ["disable", + "block", + "monitor"]}, + "secondary_IP": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "secondaryip": {"required": False, "type": "list", + "options": { + "allowaccess": {"required": False, "type": "str", + "choices": ["ping", + "https", + "ssh", + "snmp", + "http", + "telnet", + "fgfm", + "radius-acct", + "probe-response", + "capwap", + "ftm"]}, + "detectprotocol": {"required": False, "type": "str", + "choices": ["ping", + "tcp-echo", + "udp-echo"]}, + "detectserver": {"required": False, "type": "str"}, + "gwdetect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ha_priority": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "ping_serv_status": {"required": False, "type": "int"} + }}, + "security_exempt_list": {"required": False, "type": "str"}, + "security_external_logout": {"required": False, "type": "str"}, + "security_external_web": {"required": False, "type": "str"}, + "security_groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "security_mac_auth_bypass": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "security_mode": {"required": False, "type": "str", + "choices": ["none", + "captive-portal", + "802.1X"]}, + "security_redirect_url": {"required": False, "type": "str"}, + "service_name": {"required": False, "type": "str"}, + "sflow_sampler": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "snmp_index": {"required": False, "type": "int"}, + "speed": {"required": False, "type": "str", + "choices": ["auto", + "10full", + "10half", + "100full", + "100half", + "1000full", + "1000half", + "1000auto"]}, + "spillover_threshold": {"required": False, "type": "int"}, + "src_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["up", + "down"]}, + "stpforward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "stpforward_mode": {"required": False, "type": "str", + "choices": ["rpl-all-ext-id", + "rpl-bridge-ext-id", + "rpl-nothing"]}, + "subst": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "substitute_dst_mac": {"required": False, "type": "str"}, + "switch": {"required": False, "type": "str"}, + "switch_controller_access_vlan": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switch_controller_arp_inspection": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switch_controller_dhcp_snooping": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switch_controller_dhcp_snooping_option82": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switch_controller_dhcp_snooping_verify_mac": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switch_controller_igmp_snooping": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "switch_controller_learning_limit": {"required": False, "type": "int"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "tcp_mss": {"required": False, "type": "int"}, + "trust_ip_1": {"required": False, "type": "str"}, + "trust_ip_2": {"required": False, "type": "str"}, + "trust_ip_3": {"required": False, "type": "str"}, + "trust_ip6_1": {"required": False, "type": "str"}, + "trust_ip6_2": {"required": False, "type": "str"}, + "trust_ip6_3": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["physical", + "vlan", + "aggregate", + "redundant", + "tunnel", + "vdom-link", + "loopback", + "switch", + "hard-switch", + "vap-switch", + "wl-mesh", + "fext-wan", + "vxlan", + "hdlc", + "switch-vlan"]}, + "username": {"required": False, "type": "str"}, + "vdom": {"required": False, "type": "str"}, + "vindex": {"required": False, "type": "int"}, + "vlanforward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vlanid": {"required": False, "type": "int"}, + "vrf": {"required": False, "type": "int"}, + "vrrp": {"required": False, "type": "list", + "options": { + "accept_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "adv_interval": {"required": False, "type": "int"}, + "preempt": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "priority": {"required": False, "type": "int"}, + "proxy_arp": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"} + }}, + "start_time": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "version": {"required": False, "type": "str", + "choices": ["2", + "3"]}, + "vrdst": {"required": False, "type": "str"}, + "vrdst_priority": {"required": False, "type": "int"}, + "vrgrp": {"required": False, "type": "int"}, + "vrid": {"required": True, "type": "int"}, + "vrip": {"required": False, "type": "str"} + }}, + "vrrp_virtual_mac": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wccp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "weight": {"required": False, "type": "int"}, + "wins_ip": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=True) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos, module.check_mode) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipip_tunnel.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipip_tunnel.py new file mode 100644 index 00000000..cf851b7b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipip_tunnel.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ipip_tunnel +short_description: Configure IP in IP Tunneling in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ipip_tunnel category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_ipip_tunnel: + description: + - Configure IP in IP Tunneling. + default: null + type: dict + suboptions: + interface: + description: + - Interface name that is associated with the incoming traffic from available options. Source system.interface.name. + type: str + local_gw: + description: + - IPv4 address for the local gateway. + type: str + name: + description: + - IPIP Tunnel name. + required: true + type: str + remote_gw: + description: + - IPv4 address for the remote gateway. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP in IP Tunneling. + fortios_system_ipip_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ipip_tunnel: + interface: " (source system.interface.name)" + local_gw: "" + name: "default_name_5" + remote_gw: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ipip_tunnel_data(json): + option_list = ['interface', 'local_gw', 'name', + 'remote_gw'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ipip_tunnel(data, fos): + vdom = data['vdom'] + state = data['state'] + system_ipip_tunnel_data = data['system_ipip_tunnel'] + filtered_data = underscore_to_hyphen(filter_system_ipip_tunnel_data(system_ipip_tunnel_data)) + + if state == "present": + return fos.set('system', + 'ipip-tunnel', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'ipip-tunnel', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ipip_tunnel']: + resp = system_ipip_tunnel(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ipip_tunnel')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_ipip_tunnel": { + "required": False, "type": "dict", "default": None, + "options": { + "interface": {"required": False, "type": "str"}, + "local_gw": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "remote_gw": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns.py new file mode 100644 index 00000000..01bf5552 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns.py @@ -0,0 +1,303 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ips_urlfilter_dns +short_description: Configure IPS URL filter DNS servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ips_urlfilter_dns category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_ips_urlfilter_dns: + description: + - Configure IPS URL filter DNS servers. + default: null + type: dict + suboptions: + address: + description: + - DNS server IP address. + required: true + type: str + ipv6_capability: + description: + - Enable/disable this server for IPv6 queries. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable using this DNS server for IPS URL filter DNS queries. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter DNS servers. + fortios_system_ips_urlfilter_dns: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ips_urlfilter_dns: + address: "" + ipv6_capability: "enable" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ips_urlfilter_dns_data(json): + option_list = ['address', 'ipv6_capability', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ips_urlfilter_dns(data, fos): + vdom = data['vdom'] + state = data['state'] + system_ips_urlfilter_dns_data = data['system_ips_urlfilter_dns'] + filtered_data = underscore_to_hyphen(filter_system_ips_urlfilter_dns_data(system_ips_urlfilter_dns_data)) + + if state == "present": + return fos.set('system', + 'ips-urlfilter-dns', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'ips-urlfilter-dns', + mkey=filtered_data['address'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ips_urlfilter_dns']: + resp = system_ips_urlfilter_dns(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ips_urlfilter_dns')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'address' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_ips_urlfilter_dns": { + "required": False, "type": "dict", "default": None, + "options": { + "address": {"required": True, "type": "str"}, + "ipv6_capability": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns6.py new file mode 100644 index 00000000..00001cbe --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ips_urlfilter_dns6.py @@ -0,0 +1,292 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ips_urlfilter_dns6 +short_description: Configure IPS URL filter IPv6 DNS servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ips_urlfilter_dns6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_ips_urlfilter_dns6: + description: + - Configure IPS URL filter IPv6 DNS servers. + default: null + type: dict + suboptions: + address6: + description: + - IPv6 address of DNS server. + required: true + type: str + status: + description: + - Enable/disable this server for IPv6 DNS queries. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter IPv6 DNS servers. + fortios_system_ips_urlfilter_dns6: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ips_urlfilter_dns6: + address6: "" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ips_urlfilter_dns6_data(json): + option_list = ['address6', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ips_urlfilter_dns6(data, fos): + vdom = data['vdom'] + state = data['state'] + system_ips_urlfilter_dns6_data = data['system_ips_urlfilter_dns6'] + filtered_data = underscore_to_hyphen(filter_system_ips_urlfilter_dns6_data(system_ips_urlfilter_dns6_data)) + + if state == "present": + return fos.set('system', + 'ips-urlfilter-dns6', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'ips-urlfilter-dns6', + mkey=filtered_data['address6'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ips_urlfilter_dns6']: + resp = system_ips_urlfilter_dns6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ips_urlfilter_dns6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'address6' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_ips_urlfilter_dns6": { + "required": False, "type": "dict", "default": None, + "options": { + "address6": {"required": True, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_neighbor_cache.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_neighbor_cache.py new file mode 100644 index 00000000..aae66746 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_neighbor_cache.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ipv6_neighbor_cache +short_description: Configure IPv6 neighbor cache table in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ipv6_neighbor_cache category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_ipv6_neighbor_cache: + description: + - Configure IPv6 neighbor cache table. + default: null + type: dict + suboptions: + id: + description: + - Unique integer ID of the entry. + required: true + type: int + interface: + description: + - Select the associated interface name from available options. Source system.interface.name. + type: str + ipv6: + description: + - 'IPv6 address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).' + type: str + mac: + description: + - 'MAC address (format: xx:xx:xx:xx:xx:xx).' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 neighbor cache table. + fortios_system_ipv6_neighbor_cache: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ipv6_neighbor_cache: + id: "3" + interface: " (source system.interface.name)" + ipv6: "" + mac: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ipv6_neighbor_cache_data(json): + option_list = ['id', 'interface', 'ipv6', + 'mac'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ipv6_neighbor_cache(data, fos): + vdom = data['vdom'] + state = data['state'] + system_ipv6_neighbor_cache_data = data['system_ipv6_neighbor_cache'] + filtered_data = underscore_to_hyphen(filter_system_ipv6_neighbor_cache_data(system_ipv6_neighbor_cache_data)) + + if state == "present": + return fos.set('system', + 'ipv6-neighbor-cache', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'ipv6-neighbor-cache', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ipv6_neighbor_cache']: + resp = system_ipv6_neighbor_cache(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ipv6_neighbor_cache')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_ipv6_neighbor_cache": { + "required": False, "type": "dict", "default": None, + "options": { + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ipv6": {"required": False, "type": "str"}, + "mac": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_tunnel.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_tunnel.py new file mode 100644 index 00000000..9d62c5e8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ipv6_tunnel.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ipv6_tunnel +short_description: Configure IPv6/IPv4 in IPv6 tunnel in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ipv6_tunnel category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_ipv6_tunnel: + description: + - Configure IPv6/IPv4 in IPv6 tunnel. + default: null + type: dict + suboptions: + destination: + description: + - Remote IPv6 address of the tunnel. + type: str + interface: + description: + - Interface name. Source system.interface.name. + type: str + name: + description: + - IPv6 tunnel name. + required: true + type: str + source: + description: + - Local IPv6 address of the tunnel. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6/IPv4 in IPv6 tunnel. + fortios_system_ipv6_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_ipv6_tunnel: + destination: "" + interface: " (source system.interface.name)" + name: "default_name_5" + source: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ipv6_tunnel_data(json): + option_list = ['destination', 'interface', 'name', + 'source'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ipv6_tunnel(data, fos): + vdom = data['vdom'] + state = data['state'] + system_ipv6_tunnel_data = data['system_ipv6_tunnel'] + filtered_data = underscore_to_hyphen(filter_system_ipv6_tunnel_data(system_ipv6_tunnel_data)) + + if state == "present": + return fos.set('system', + 'ipv6-tunnel', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'ipv6-tunnel', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ipv6_tunnel']: + resp = system_ipv6_tunnel(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ipv6_tunnel')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_ipv6_tunnel": { + "required": False, "type": "dict", "default": None, + "options": { + "destination": {"required": False, "type": "str"}, + "interface": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "source": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_link_monitor.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_link_monitor.py new file mode 100644 index 00000000..ca731ad8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_link_monitor.py @@ -0,0 +1,463 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_link_monitor +short_description: Configure Link Health Monitor in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and link_monitor category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_link_monitor: + description: + - Configure Link Health Monitor. + default: null + type: dict + suboptions: + addr_mode: + description: + - Address mode (IPv4 or IPv6). + type: str + choices: + - ipv4 + - ipv6 + failtime: + description: + - Number of retry attempts before the server is considered down (1 - 10) + type: int + gateway_ip: + description: + - Gateway IP address used to probe the server. + type: str + gateway_ip6: + description: + - Gateway IPv6 address used to probe the server. + type: str + ha_priority: + description: + - HA election priority (1 - 50). + type: int + http_get: + description: + - If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string. + type: str + http_match: + description: + - String that you expect to see in the HTTP-GET requests of the traffic to be monitored. + type: str + interval: + description: + - Detection interval (1 - 3600 sec). + type: int + name: + description: + - Link monitor name. + required: true + type: str + packet_size: + description: + - Packet size of a twamp test session, + type: int + password: + description: + - Twamp controller password in authentication mode + type: str + port: + description: + - Port number of the traffic to be used to monitor the server. + type: int + protocol: + description: + - Protocols used to monitor the server. + type: str + choices: + - ping + - tcp-echo + - udp-echo + - http + - twamp + - ping6 + recoverytime: + description: + - Number of successful responses received before server is considered recovered (1 - 10). + type: int + security_mode: + description: + - Twamp controller security mode. + type: str + choices: + - none + - authentication + server: + description: + - IP address of the server(s) to be monitored. + type: list + suboptions: + address: + description: + - Server address. + required: true + type: str + source_ip: + description: + - Source IP address used in packet to the server. + type: str + source_ip6: + description: + - Source IPv6 address used in packet to the server. + type: str + srcintf: + description: + - Interface that receives the traffic to be monitored. Source system.interface.name. + type: str + status: + description: + - Enable/disable this link monitor. + type: str + choices: + - enable + - disable + update_cascade_interface: + description: + - Enable/disable update cascade interface. + type: str + choices: + - enable + - disable + update_static_route: + description: + - Enable/disable updating the static route. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Link Health Monitor. + fortios_system_link_monitor: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_link_monitor: + addr_mode: "ipv4" + failtime: "4" + gateway_ip: "" + gateway_ip6: "" + ha_priority: "7" + http_get: "" + http_match: "" + interval: "10" + name: "default_name_11" + packet_size: "12" + password: "" + port: "14" + protocol: "ping" + recoverytime: "16" + security_mode: "none" + server: + - + address: "" + source_ip: "84.230.14.43" + source_ip6: "" + srcintf: " (source system.interface.name)" + status: "enable" + update_cascade_interface: "enable" + update_static_route: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_link_monitor_data(json): + option_list = ['addr_mode', 'failtime', 'gateway_ip', + 'gateway_ip6', 'ha_priority', 'http_get', + 'http_match', 'interval', 'name', + 'packet_size', 'password', 'port', + 'protocol', 'recoverytime', 'security_mode', + 'server', 'source_ip', 'source_ip6', + 'srcintf', 'status', 'update_cascade_interface', + 'update_static_route'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_link_monitor(data, fos): + vdom = data['vdom'] + state = data['state'] + system_link_monitor_data = data['system_link_monitor'] + filtered_data = underscore_to_hyphen(filter_system_link_monitor_data(system_link_monitor_data)) + + if state == "present": + return fos.set('system', + 'link-monitor', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'link-monitor', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_link_monitor']: + resp = system_link_monitor(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_link_monitor')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_link_monitor": { + "required": False, "type": "dict", "default": None, + "options": { + "addr_mode": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "failtime": {"required": False, "type": "int"}, + "gateway_ip": {"required": False, "type": "str"}, + "gateway_ip6": {"required": False, "type": "str"}, + "ha_priority": {"required": False, "type": "int"}, + "http_get": {"required": False, "type": "str"}, + "http_match": {"required": False, "type": "str"}, + "interval": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "packet_size": {"required": False, "type": "int"}, + "password": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "str", + "choices": ["ping", + "tcp-echo", + "udp-echo", + "http", + "twamp", + "ping6"]}, + "recoverytime": {"required": False, "type": "int"}, + "security_mode": {"required": False, "type": "str", + "choices": ["none", + "authentication"]}, + "server": {"required": False, "type": "list", + "options": { + "address": {"required": True, "type": "str"} + }}, + "source_ip": {"required": False, "type": "str"}, + "source_ip6": {"required": False, "type": "str"}, + "srcintf": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "update_cascade_interface": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "update_static_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_lte_modem.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_lte_modem.py new file mode 100644 index 00000000..6b970b4f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_lte_modem.py @@ -0,0 +1,332 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_lte_modem +short_description: Configure USB LTE/WIMAX devices in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and lte_modem category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_lte_modem: + description: + - Configure USB LTE/WIMAX devices. + default: null + type: dict + suboptions: + apn: + description: + - Login APN string for PDP-IP packet data calls. + type: str + authtype: + description: + - Authentication type for PDP-IP packet data calls. + type: str + choices: + - none + - pap + - chap + extra_init: + description: + - Extra initialization string for USB LTE/WIMAX devices. + type: str + holddown_timer: + description: + - Hold down timer (10 - 60 sec). + type: int + interface: + description: + - The interface that the modem is acting as a redundant interface for. Source system.interface.name. + type: str + mode: + description: + - Modem operation mode. + type: str + choices: + - standalone + - redundant + modem_port: + description: + - Modem port index (0 - 20). + type: int + passwd: + description: + - Authentication password for PDP-IP packet data calls. + type: str + status: + description: + - Enable/disable USB LTE/WIMAX device. + type: str + choices: + - enable + - disable + username: + description: + - Authentication username for PDP-IP packet data calls. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure USB LTE/WIMAX devices. + fortios_system_lte_modem: + vdom: "{{ vdom }}" + system_lte_modem: + apn: "" + authtype: "none" + extra_init: "" + holddown_timer: "6" + interface: " (source system.interface.name)" + mode: "standalone" + modem_port: "9" + passwd: "" + status: "enable" + username: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_lte_modem_data(json): + option_list = ['apn', 'authtype', 'extra_init', + 'holddown_timer', 'interface', 'mode', + 'modem_port', 'passwd', 'status', + 'username'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_lte_modem(data, fos): + vdom = data['vdom'] + system_lte_modem_data = data['system_lte_modem'] + filtered_data = underscore_to_hyphen(filter_system_lte_modem_data(system_lte_modem_data)) + + return fos.set('system', + 'lte-modem', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_lte_modem']: + resp = system_lte_modem(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_lte_modem')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_lte_modem": { + "required": False, "type": "dict", "default": None, + "options": { + "apn": {"required": False, "type": "str"}, + "authtype": {"required": False, "type": "str", + "choices": ["none", + "pap", + "chap"]}, + "extra_init": {"required": False, "type": "str"}, + "holddown_timer": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "mode": {"required": False, "type": "str", + "choices": ["standalone", + "redundant"]}, + "modem_port": {"required": False, "type": "int"}, + "passwd": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "username": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mac_address_table.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mac_address_table.py new file mode 100644 index 00000000..5bc2e73c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mac_address_table.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_mac_address_table +short_description: Configure MAC address tables in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and mac_address_table category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_mac_address_table: + description: + - Configure MAC address tables. + default: null + type: dict + suboptions: + interface: + description: + - Interface name. Source system.interface.name. + type: str + mac: + description: + - MAC address. + required: true + type: str + reply_substitute: + description: + - New MAC for reply traffic. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MAC address tables. + fortios_system_mac_address_table: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_mac_address_table: + interface: " (source system.interface.name)" + mac: "" + reply_substitute: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_mac_address_table_data(json): + option_list = ['interface', 'mac', 'reply_substitute'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_mac_address_table(data, fos): + vdom = data['vdom'] + state = data['state'] + system_mac_address_table_data = data['system_mac_address_table'] + filtered_data = underscore_to_hyphen(filter_system_mac_address_table_data(system_mac_address_table_data)) + + if state == "present": + return fos.set('system', + 'mac-address-table', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'mac-address-table', + mkey=filtered_data['mac'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_mac_address_table']: + resp = system_mac_address_table(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_mac_address_table')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'mac' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_mac_address_table": { + "required": False, "type": "dict", "default": None, + "options": { + "interface": {"required": False, "type": "str"}, + "mac": {"required": True, "type": "str"}, + "reply_substitute": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_management_tunnel.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_management_tunnel.py new file mode 100644 index 00000000..6431ec22 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_management_tunnel.py @@ -0,0 +1,326 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_management_tunnel +short_description: Management tunnel configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and management_tunnel category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_management_tunnel: + description: + - Management tunnel configuration. + default: null + type: dict + suboptions: + allow_collect_statistics: + description: + - Enable/disable collection of run time statistics. + type: str + choices: + - enable + - disable + allow_config_restore: + description: + - Enable/disable allow config restore. + type: str + choices: + - enable + - disable + allow_push_configuration: + description: + - Enable/disable push configuration. + type: str + choices: + - enable + - disable + allow_push_firmware: + description: + - Enable/disable push firmware. + type: str + choices: + - enable + - disable + authorized_manager_only: + description: + - Enable/disable restriction of authorized manager only. + type: str + choices: + - enable + - disable + serial_number: + description: + - Serial number. + type: str + status: + description: + - Enable/disable FGFM tunnel. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Management tunnel configuration. + fortios_system_management_tunnel: + vdom: "{{ vdom }}" + system_management_tunnel: + allow_collect_statistics: "enable" + allow_config_restore: "enable" + allow_push_configuration: "enable" + allow_push_firmware: "enable" + authorized_manager_only: "enable" + serial_number: "" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_management_tunnel_data(json): + option_list = ['allow_collect_statistics', 'allow_config_restore', 'allow_push_configuration', + 'allow_push_firmware', 'authorized_manager_only', 'serial_number', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_management_tunnel(data, fos): + vdom = data['vdom'] + system_management_tunnel_data = data['system_management_tunnel'] + filtered_data = underscore_to_hyphen(filter_system_management_tunnel_data(system_management_tunnel_data)) + + return fos.set('system', + 'management-tunnel', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_management_tunnel']: + resp = system_management_tunnel(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_management_tunnel')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_management_tunnel": { + "required": False, "type": "dict", "default": None, + "options": { + "allow_collect_statistics": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allow_config_restore": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allow_push_configuration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "allow_push_firmware": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "authorized_manager_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "serial_number": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mobile_tunnel.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mobile_tunnel.py new file mode 100644 index 00000000..4002d3f4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_mobile_tunnel.py @@ -0,0 +1,409 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_mobile_tunnel +short_description: Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177 in Fortinet's FortiOS and + FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and mobile_tunnel category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_mobile_tunnel: + description: + - Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177. + default: null + type: dict + suboptions: + hash_algorithm: + description: + - Hash Algorithm (Keyed MD5). + type: str + choices: + - hmac-md5 + home_address: + description: + - 'Home IP address (Format: xxx.xxx.xxx.xxx).' + type: str + home_agent: + description: + - 'IPv4 address of the NEMO HA (Format: xxx.xxx.xxx.xxx).' + type: str + lifetime: + description: + - NMMO HA registration request lifetime (180 - 65535 sec). + type: int + n_mhae_key: + description: + - NEMO authentication key. + type: str + n_mhae_key_type: + description: + - NEMO authentication key type (ascii or base64). + type: str + choices: + - ascii + - base64 + n_mhae_spi: + description: + - 'NEMO authentication SPI .' + type: int + name: + description: + - Tunnel name. + required: true + type: str + network: + description: + - NEMO network configuration. + type: list + suboptions: + id: + description: + - Network entry ID. + required: true + type: int + interface: + description: + - Select the associated interface name from available options. Source system.interface.name. + type: str + prefix: + description: + - 'Class IP and Netmask with correction (Format:xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx or xxx.xxx.xxx.xxx/x).' + type: str + reg_interval: + description: + - NMMO HA registration interval (5 - 300). + type: int + reg_retry: + description: + - Maximum number of NMMO HA registration retries (1 to 30). + type: int + renew_interval: + description: + - Time before lifetime expiraton to send NMMO HA re-registration (5 - 60). + type: int + roaming_interface: + description: + - Select the associated interface name from available options. Source system.interface.name. + type: str + status: + description: + - Enable/disable this mobile tunnel. + type: str + choices: + - disable + - enable + tunnel_mode: + description: + - NEMO tunnnel mode (GRE tunnel). + type: str + choices: + - gre +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177. + fortios_system_mobile_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_mobile_tunnel: + hash_algorithm: "hmac-md5" + home_address: "" + home_agent: "" + lifetime: "6" + n_mhae_key: "" + n_mhae_key_type: "ascii" + n_mhae_spi: "9" + name: "default_name_10" + network: + - + id: "12" + interface: " (source system.interface.name)" + prefix: "" + reg_interval: "15" + reg_retry: "16" + renew_interval: "17" + roaming_interface: " (source system.interface.name)" + status: "disable" + tunnel_mode: "gre" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_mobile_tunnel_data(json): + option_list = ['hash_algorithm', 'home_address', 'home_agent', + 'lifetime', 'n_mhae_key', 'n_mhae_key_type', + 'n_mhae_spi', 'name', 'network', + 'reg_interval', 'reg_retry', 'renew_interval', + 'roaming_interface', 'status', 'tunnel_mode'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_mobile_tunnel(data, fos): + vdom = data['vdom'] + state = data['state'] + system_mobile_tunnel_data = data['system_mobile_tunnel'] + filtered_data = underscore_to_hyphen(filter_system_mobile_tunnel_data(system_mobile_tunnel_data)) + + if state == "present": + return fos.set('system', + 'mobile-tunnel', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'mobile-tunnel', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_mobile_tunnel']: + resp = system_mobile_tunnel(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_mobile_tunnel')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_mobile_tunnel": { + "required": False, "type": "dict", "default": None, + "options": { + "hash_algorithm": {"required": False, "type": "str", + "choices": ["hmac-md5"]}, + "home_address": {"required": False, "type": "str"}, + "home_agent": {"required": False, "type": "str"}, + "lifetime": {"required": False, "type": "int"}, + "n_mhae_key": {"required": False, "type": "str"}, + "n_mhae_key_type": {"required": False, "type": "str", + "choices": ["ascii", + "base64"]}, + "n_mhae_spi": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "network": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "prefix": {"required": False, "type": "str"} + }}, + "reg_interval": {"required": False, "type": "int"}, + "reg_retry": {"required": False, "type": "int"}, + "renew_interval": {"required": False, "type": "int"}, + "roaming_interface": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "tunnel_mode": {"required": False, "type": "str", + "choices": ["gre"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_modem.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_modem.py new file mode 100644 index 00000000..01f394fb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_modem.py @@ -0,0 +1,681 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_modem +short_description: Configure MODEM in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and modem category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_modem: + description: + - Configure MODEM. + default: null + type: dict + suboptions: + action: + description: + - Dial up/stop MODEM. + type: str + choices: + - dial + - stop + - none + altmode: + description: + - Enable/disable altmode for installations using PPP in China. + type: str + choices: + - enable + - disable + authtype1: + description: + - Allowed authentication types for ISP 1. + type: str + choices: + - pap + - chap + - mschap + - mschapv2 + authtype2: + description: + - Allowed authentication types for ISP 2. + type: str + choices: + - pap + - chap + - mschap + - mschapv2 + authtype3: + description: + - Allowed authentication types for ISP 3. + type: str + choices: + - pap + - chap + - mschap + - mschapv2 + auto_dial: + description: + - Enable/disable auto-dial after a reboot or disconnection. + type: str + choices: + - enable + - disable + connect_timeout: + description: + - Connection completion timeout (30 - 255 sec). + type: int + dial_cmd1: + description: + - Dial command (this is often an ATD or ATDT command). + type: str + dial_cmd2: + description: + - Dial command (this is often an ATD or ATDT command). + type: str + dial_cmd3: + description: + - Dial command (this is often an ATD or ATDT command). + type: str + dial_on_demand: + description: + - Enable/disable to dial the modem when packets are routed to the modem interface. + type: str + choices: + - enable + - disable + distance: + description: + - Distance of learned routes (1 - 255). + type: int + dont_send_CR1: + description: + - Do not send CR when connected (ISP1). + type: str + choices: + - enable + - disable + dont_send_CR2: + description: + - Do not send CR when connected (ISP2). + type: str + choices: + - enable + - disable + dont_send_CR3: + description: + - Do not send CR when connected (ISP3). + type: str + choices: + - enable + - disable + extra_init1: + description: + - Extra initialization string to ISP 1. + type: str + extra_init2: + description: + - Extra initialization string to ISP 2. + type: str + extra_init3: + description: + - Extra initialization string to ISP 3. + type: str + holddown_timer: + description: + - Hold down timer in seconds (1 - 60 sec). + type: int + idle_timer: + description: + - MODEM connection idle time (1 - 9999 min). + type: int + interface: + description: + - Name of redundant interface. Source system.interface.name. + type: str + lockdown_lac: + description: + - Allow connection only to the specified Location Area Code (LAC). + type: str + mode: + description: + - Set MODEM operation mode to redundant or standalone. + type: str + choices: + - standalone + - redundant + network_init: + description: + - AT command to set the Network name/type (AT+COPS=,[,[,]]). + type: str + passwd1: + description: + - Password to access the specified dialup account. + type: str + passwd2: + description: + - Password to access the specified dialup account. + type: str + passwd3: + description: + - Password to access the specified dialup account. + type: str + peer_modem1: + description: + - Specify peer MODEM type for phone1. + type: str + choices: + - generic + - actiontec + - ascend_TNT + peer_modem2: + description: + - Specify peer MODEM type for phone2. + type: str + choices: + - generic + - actiontec + - ascend_TNT + peer_modem3: + description: + - Specify peer MODEM type for phone3. + type: str + choices: + - generic + - actiontec + - ascend_TNT + phone1: + description: + - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). + type: str + phone2: + description: + - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). + type: str + phone3: + description: + - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). + type: str + pin_init: + description: + - AT command to set the PIN (AT+PIN=). + type: str + ppp_echo_request1: + description: + - Enable/disable PPP echo-request to ISP 1. + type: str + choices: + - enable + - disable + ppp_echo_request2: + description: + - Enable/disable PPP echo-request to ISP 2. + type: str + choices: + - enable + - disable + ppp_echo_request3: + description: + - Enable/disable PPP echo-request to ISP 3. + type: str + choices: + - enable + - disable + priority: + description: + - Priority of learned routes (0 - 4294967295). + type: int + redial: + description: + - Redial limit (1 - 10 attempts, none = redial forever). + type: str + choices: + - none + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 + - 10 + reset: + description: + - Number of dial attempts before resetting modem (0 = never reset). + type: int + status: + description: + - Enable/disable Modem support (equivalent to bringing an interface up or down). + type: str + choices: + - enable + - disable + traffic_check: + description: + - Enable/disable traffic-check. + type: str + choices: + - enable + - disable + username1: + description: + - User name to access the specified dialup account. + type: str + username2: + description: + - User name to access the specified dialup account. + type: str + username3: + description: + - User name to access the specified dialup account. + type: str + wireless_port: + description: + - Enter wireless port number, 0 for default, 1 for first port, ... (0 - 4294967295) + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure MODEM. + fortios_system_modem: + vdom: "{{ vdom }}" + system_modem: + action: "dial" + altmode: "enable" + authtype1: "pap" + authtype2: "pap" + authtype3: "pap" + auto_dial: "enable" + connect_timeout: "9" + dial_cmd1: "" + dial_cmd2: "" + dial_cmd3: "" + dial_on_demand: "enable" + distance: "14" + dont_send_CR1: "enable" + dont_send_CR2: "enable" + dont_send_CR3: "enable" + extra_init1: "" + extra_init2: "" + extra_init3: "" + holddown_timer: "21" + idle_timer: "22" + interface: " (source system.interface.name)" + lockdown_lac: "" + mode: "standalone" + network_init: "" + passwd1: "" + passwd2: "" + passwd3: "" + peer_modem1: "generic" + peer_modem2: "generic" + peer_modem3: "generic" + phone1: "" + phone2: "" + phone3: "" + pin_init: "" + ppp_echo_request1: "enable" + ppp_echo_request2: "enable" + ppp_echo_request3: "enable" + priority: "40" + redial: "none" + reset: "42" + status: "enable" + traffic_check: "enable" + username1: "" + username2: "" + username3: "" + wireless_port: "48" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_modem_data(json): + option_list = ['action', 'altmode', 'authtype1', + 'authtype2', 'authtype3', 'auto_dial', + 'connect_timeout', 'dial_cmd1', 'dial_cmd2', + 'dial_cmd3', 'dial_on_demand', 'distance', + 'dont_send_CR1', 'dont_send_CR2', 'dont_send_CR3', + 'extra_init1', 'extra_init2', 'extra_init3', + 'holddown_timer', 'idle_timer', 'interface', + 'lockdown_lac', 'mode', 'network_init', + 'passwd1', 'passwd2', 'passwd3', + 'peer_modem1', 'peer_modem2', 'peer_modem3', + 'phone1', 'phone2', 'phone3', + 'pin_init', 'ppp_echo_request1', 'ppp_echo_request2', + 'ppp_echo_request3', 'priority', 'redial', + 'reset', 'status', 'traffic_check', + 'username1', 'username2', 'username3', + 'wireless_port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_modem(data, fos): + vdom = data['vdom'] + system_modem_data = data['system_modem'] + filtered_data = underscore_to_hyphen(filter_system_modem_data(system_modem_data)) + + return fos.set('system', + 'modem', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_modem']: + resp = system_modem(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_modem')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_modem": { + "required": False, "type": "dict", "default": None, + "options": { + "action": {"required": False, "type": "str", + "choices": ["dial", + "stop", + "none"]}, + "altmode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "authtype1": {"required": False, "type": "str", + "choices": ["pap", + "chap", + "mschap", + "mschapv2"]}, + "authtype2": {"required": False, "type": "str", + "choices": ["pap", + "chap", + "mschap", + "mschapv2"]}, + "authtype3": {"required": False, "type": "str", + "choices": ["pap", + "chap", + "mschap", + "mschapv2"]}, + "auto_dial": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "connect_timeout": {"required": False, "type": "int"}, + "dial_cmd1": {"required": False, "type": "str"}, + "dial_cmd2": {"required": False, "type": "str"}, + "dial_cmd3": {"required": False, "type": "str"}, + "dial_on_demand": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "distance": {"required": False, "type": "int"}, + "dont_send_CR1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dont_send_CR2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dont_send_CR3": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "extra_init1": {"required": False, "type": "str"}, + "extra_init2": {"required": False, "type": "str"}, + "extra_init3": {"required": False, "type": "str"}, + "holddown_timer": {"required": False, "type": "int"}, + "idle_timer": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "lockdown_lac": {"required": False, "type": "str"}, + "mode": {"required": False, "type": "str", + "choices": ["standalone", + "redundant"]}, + "network_init": {"required": False, "type": "str"}, + "passwd1": {"required": False, "type": "str"}, + "passwd2": {"required": False, "type": "str"}, + "passwd3": {"required": False, "type": "str"}, + "peer_modem1": {"required": False, "type": "str", + "choices": ["generic", + "actiontec", + "ascend_TNT"]}, + "peer_modem2": {"required": False, "type": "str", + "choices": ["generic", + "actiontec", + "ascend_TNT"]}, + "peer_modem3": {"required": False, "type": "str", + "choices": ["generic", + "actiontec", + "ascend_TNT"]}, + "phone1": {"required": False, "type": "str"}, + "phone2": {"required": False, "type": "str"}, + "phone3": {"required": False, "type": "str"}, + "pin_init": {"required": False, "type": "str"}, + "ppp_echo_request1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ppp_echo_request2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ppp_echo_request3": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "priority": {"required": False, "type": "int"}, + "redial": {"required": False, "type": "str", + "choices": ["none", + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10"]}, + "reset": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "traffic_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "username1": {"required": False, "type": "str"}, + "username2": {"required": False, "type": "str"}, + "username3": {"required": False, "type": "str"}, + "wireless_port": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_nat64.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_nat64.py new file mode 100644 index 00000000..95fad112 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_nat64.py @@ -0,0 +1,326 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_nat64 +short_description: Configure NAT64 in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and nat64 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_nat64: + description: + - Configure NAT64. + default: null + type: dict + suboptions: + always_synthesize_aaaa_record: + description: + - Enable/disable AAAA record synthesis . + type: str + choices: + - enable + - disable + generate_ipv6_fragment_header: + description: + - Enable/disable IPv6 fragment header generation. + type: str + choices: + - enable + - disable + nat64_prefix: + description: + - 'NAT64 prefix must be ::/96 .' + type: str + secondary_prefix: + description: + - Secondary NAT64 prefix. + type: list + suboptions: + name: + description: + - NAT64 prefix name. + required: true + type: str + nat64_prefix: + description: + - NAT64 prefix. + type: str + secondary_prefix_status: + description: + - Enable/disable secondary NAT64 prefix. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable NAT64 . + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NAT64. + fortios_system_nat64: + vdom: "{{ vdom }}" + system_nat64: + always_synthesize_aaaa_record: "enable" + generate_ipv6_fragment_header: "enable" + nat64_prefix: "" + secondary_prefix: + - + name: "default_name_7" + nat64_prefix: "" + secondary_prefix_status: "enable" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_nat64_data(json): + option_list = ['always_synthesize_aaaa_record', 'generate_ipv6_fragment_header', 'nat64_prefix', + 'secondary_prefix', 'secondary_prefix_status', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_nat64(data, fos): + vdom = data['vdom'] + system_nat64_data = data['system_nat64'] + filtered_data = underscore_to_hyphen(filter_system_nat64_data(system_nat64_data)) + + return fos.set('system', + 'nat64', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_nat64']: + resp = system_nat64(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_nat64')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_nat64": { + "required": False, "type": "dict", "default": None, + "options": { + "always_synthesize_aaaa_record": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "generate_ipv6_fragment_header": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "nat64_prefix": {"required": False, "type": "str"}, + "secondary_prefix": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "nat64_prefix": {"required": False, "type": "str"} + }}, + "secondary_prefix_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_netflow.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_netflow.py new file mode 100644 index 00000000..779364e5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_netflow.py @@ -0,0 +1,296 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_netflow +short_description: Configure NetFlow in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and netflow category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_netflow: + description: + - Configure NetFlow. + default: null + type: dict + suboptions: + active_flow_timeout: + description: + - Timeout to report active flows (1 - 60 min). + type: int + collector_ip: + description: + - Collector IP. + type: str + collector_port: + description: + - NetFlow collector port number. + type: int + inactive_flow_timeout: + description: + - Timeout for periodic report of finished flows (10 - 600 sec). + type: int + source_ip: + description: + - Source IP address for communication with the NetFlow agent. + type: str + template_tx_counter: + description: + - Counter of flowset records before resending a template flowset record. + type: int + template_tx_timeout: + description: + - Timeout for periodic template flowset transmission (1 - 1440 min). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NetFlow. + fortios_system_netflow: + vdom: "{{ vdom }}" + system_netflow: + active_flow_timeout: "3" + collector_ip: "" + collector_port: "5" + inactive_flow_timeout: "6" + source_ip: "84.230.14.43" + template_tx_counter: "8" + template_tx_timeout: "9" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_netflow_data(json): + option_list = ['active_flow_timeout', 'collector_ip', 'collector_port', + 'inactive_flow_timeout', 'source_ip', 'template_tx_counter', + 'template_tx_timeout'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_netflow(data, fos): + vdom = data['vdom'] + system_netflow_data = data['system_netflow'] + filtered_data = underscore_to_hyphen(filter_system_netflow_data(system_netflow_data)) + + return fos.set('system', + 'netflow', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_netflow']: + resp = system_netflow(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_netflow')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_netflow": { + "required": False, "type": "dict", "default": None, + "options": { + "active_flow_timeout": {"required": False, "type": "int"}, + "collector_ip": {"required": False, "type": "str"}, + "collector_port": {"required": False, "type": "int"}, + "inactive_flow_timeout": {"required": False, "type": "int"}, + "source_ip": {"required": False, "type": "str"}, + "template_tx_counter": {"required": False, "type": "int"}, + "template_tx_timeout": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_network_visibility.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_network_visibility.py new file mode 100644 index 00000000..f66b9132 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_network_visibility.py @@ -0,0 +1,309 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_network_visibility +short_description: Configure network visibility settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and network_visibility category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_network_visibility: + description: + - Configure network visibility settings. + default: null + type: dict + suboptions: + destination_hostname_visibility: + description: + - Enable/disable logging of destination hostname visibility. + type: str + choices: + - disable + - enable + destination_location: + description: + - Enable/disable logging of destination geographical location visibility. + type: str + choices: + - disable + - enable + destination_visibility: + description: + - Enable/disable logging of destination visibility. + type: str + choices: + - disable + - enable + hostname_limit: + description: + - Limit of the number of hostname table entries (0 - 50000). + type: int + hostname_ttl: + description: + - TTL of hostname table entries (60 - 86400). + type: int + source_location: + description: + - Enable/disable logging of source geographical location visibility. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network visibility settings. + fortios_system_network_visibility: + vdom: "{{ vdom }}" + system_network_visibility: + destination_hostname_visibility: "disable" + destination_location: "disable" + destination_visibility: "disable" + hostname_limit: "6" + hostname_ttl: "7" + source_location: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_network_visibility_data(json): + option_list = ['destination_hostname_visibility', 'destination_location', 'destination_visibility', + 'hostname_limit', 'hostname_ttl', 'source_location'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_network_visibility(data, fos): + vdom = data['vdom'] + system_network_visibility_data = data['system_network_visibility'] + filtered_data = underscore_to_hyphen(filter_system_network_visibility_data(system_network_visibility_data)) + + return fos.set('system', + 'network-visibility', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_network_visibility']: + resp = system_network_visibility(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_network_visibility')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_network_visibility": { + "required": False, "type": "dict", "default": None, + "options": { + "destination_hostname_visibility": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "destination_location": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "destination_visibility": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "hostname_limit": {"required": False, "type": "int"}, + "hostname_ttl": {"required": False, "type": "int"}, + "source_location": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ntp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ntp.py new file mode 100644 index 00000000..4a9dcce0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ntp.py @@ -0,0 +1,373 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_ntp +short_description: Configure system NTP information in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and ntp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_ntp: + description: + - Configure system NTP information. + default: null + type: dict + suboptions: + interface: + description: + - FortiGate interface(s) with NTP server mode enabled. Devices on your network can contact these interfaces for NTP services. + type: list + suboptions: + interface_name: + description: + - Interface name. Source system.interface.name. + type: str + ntpserver: + description: + - Configure the FortiGate to connect to any available third-party NTP server. + type: list + suboptions: + authentication: + description: + - Enable/disable MD5 authentication. + type: str + choices: + - enable + - disable + id: + description: + - NTP server ID. + required: true + type: int + key: + description: + - Key for MD5 authentication. + type: str + key_id: + description: + - Key ID for authentication. + type: int + ntpv3: + description: + - Enable to use NTPv3 instead of NTPv4. + type: str + choices: + - enable + - disable + server: + description: + - IP address or hostname of the NTP Server. + type: str + ntpsync: + description: + - Enable/disable setting the FortiGate system time by synchronizing with an NTP Server. + type: str + choices: + - enable + - disable + server_mode: + description: + - Enable/disable FortiGate NTP Server Mode. Your FortiGate becomes an NTP server for other devices on your network. The FortiGate relays + NTP requests to its configured NTP server. + type: str + choices: + - enable + - disable + source_ip: + description: + - Source IP for communications to the NTP server. + type: str + syncinterval: + description: + - NTP synchronization interval (1 - 1440 min). + type: int + type: + description: + - Use the FortiGuard NTP server or any other available NTP Server. + type: str + choices: + - fortiguard + - custom +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure system NTP information. + fortios_system_ntp: + vdom: "{{ vdom }}" + system_ntp: + interface: + - + interface_name: " (source system.interface.name)" + ntpserver: + - + authentication: "enable" + id: "7" + key: "" + key_id: "9" + ntpv3: "enable" + server: "192.168.100.40" + ntpsync: "enable" + server_mode: "enable" + source_ip: "84.230.14.43" + syncinterval: "15" + type: "fortiguard" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_ntp_data(json): + option_list = ['interface', 'ntpserver', 'ntpsync', + 'server_mode', 'source_ip', 'syncinterval', + 'type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_ntp(data, fos): + vdom = data['vdom'] + system_ntp_data = data['system_ntp'] + filtered_data = underscore_to_hyphen(filter_system_ntp_data(system_ntp_data)) + + return fos.set('system', + 'ntp', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_ntp']: + resp = system_ntp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_ntp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_ntp": { + "required": False, "type": "dict", "default": None, + "options": { + "interface": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "ntpserver": {"required": False, "type": "list", + "options": { + "authentication": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "key": {"required": False, "type": "str"}, + "key_id": {"required": False, "type": "int"}, + "ntpv3": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server": {"required": False, "type": "str"} + }}, + "ntpsync": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "server_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "source_ip": {"required": False, "type": "str"}, + "syncinterval": {"required": False, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["fortiguard", + "custom"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_object_tagging.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_object_tagging.py new file mode 100644 index 00000000..db6c78f2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_object_tagging.py @@ -0,0 +1,356 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_object_tagging +short_description: Configure object tagging in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and object_tagging category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_object_tagging: + description: + - Configure object tagging. + default: null + type: dict + suboptions: + address: + description: + - Address. + type: str + choices: + - disable + - mandatory + - optional + category: + description: + - Tag Category. + required: true + type: str + color: + description: + - Color of icon on the GUI. + type: int + device: + description: + - Device. + type: str + choices: + - disable + - mandatory + - optional + interface: + description: + - Interface. + type: str + choices: + - disable + - mandatory + - optional + multiple: + description: + - Allow multiple tag selection. + type: str + choices: + - enable + - disable + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure object tagging. + fortios_system_object_tagging: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_object_tagging: + address: "disable" + category: "" + color: "5" + device: "disable" + interface: "disable" + multiple: "enable" + tags: + - + name: "default_name_10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_object_tagging_data(json): + option_list = ['address', 'category', 'color', + 'device', 'interface', 'multiple', + 'tags'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_object_tagging(data, fos): + vdom = data['vdom'] + state = data['state'] + system_object_tagging_data = data['system_object_tagging'] + filtered_data = underscore_to_hyphen(filter_system_object_tagging_data(system_object_tagging_data)) + + if state == "present": + return fos.set('system', + 'object-tagging', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'object-tagging', + mkey=filtered_data['category'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_object_tagging']: + resp = system_object_tagging(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_object_tagging')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'category' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_object_tagging": { + "required": False, "type": "dict", "default": None, + "options": { + "address": {"required": False, "type": "str", + "choices": ["disable", + "mandatory", + "optional"]}, + "category": {"required": True, "type": "str"}, + "color": {"required": False, "type": "int"}, + "device": {"required": False, "type": "str", + "choices": ["disable", + "mandatory", + "optional"]}, + "interface": {"required": False, "type": "str", + "choices": ["disable", + "mandatory", + "optional"]}, + "multiple": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy.py new file mode 100644 index 00000000..ecc1fc9c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy.py @@ -0,0 +1,346 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_password_policy +short_description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and password_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_password_policy: + description: + - Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. + default: null + type: dict + suboptions: + apply_to: + description: + - Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space. + type: str + choices: + - admin-password + - ipsec-preshared-key + change_4_characters: + description: + - Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled). + type: str + choices: + - enable + - disable + expire_day: + description: + - Number of days after which passwords expire (1 - 999 days). + type: int + expire_status: + description: + - Enable/disable password expiration. + type: str + choices: + - enable + - disable + min_lower_case_letter: + description: + - Minimum number of lowercase characters in password (0 - 128). + type: int + min_non_alphanumeric: + description: + - Minimum number of non-alphanumeric characters in password (0 - 128). + type: int + min_number: + description: + - Minimum number of numeric characters in password (0 - 128). + type: int + min_upper_case_letter: + description: + - Minimum number of uppercase characters in password (0 - 128). + type: int + minimum_length: + description: + - Minimum password length (8 - 128). + type: int + reuse_password: + description: + - Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides). + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. + fortios_system_password_policy: + vdom: "{{ vdom }}" + system_password_policy: + apply_to: "admin-password" + change_4_characters: "enable" + expire_day: "5" + expire_status: "enable" + min_lower_case_letter: "7" + min_non_alphanumeric: "8" + min_number: "9" + min_upper_case_letter: "10" + minimum_length: "11" + reuse_password: "enable" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_password_policy_data(json): + option_list = ['apply_to', 'change_4_characters', 'expire_day', + 'expire_status', 'min_lower_case_letter', 'min_non_alphanumeric', + 'min_number', 'min_upper_case_letter', 'minimum_length', + 'reuse_password', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_password_policy(data, fos): + vdom = data['vdom'] + system_password_policy_data = data['system_password_policy'] + filtered_data = underscore_to_hyphen(filter_system_password_policy_data(system_password_policy_data)) + + return fos.set('system', + 'password-policy', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_password_policy']: + resp = system_password_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_password_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_password_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "apply_to": {"required": False, "type": "str", + "choices": ["admin-password", + "ipsec-preshared-key"]}, + "change_4_characters": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "expire_day": {"required": False, "type": "int"}, + "expire_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "min_lower_case_letter": {"required": False, "type": "int"}, + "min_non_alphanumeric": {"required": False, "type": "int"}, + "min_number": {"required": False, "type": "int"}, + "min_upper_case_letter": {"required": False, "type": "int"}, + "minimum_length": {"required": False, "type": "int"}, + "reuse_password": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy_guest_admin.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy_guest_admin.py new file mode 100644 index 00000000..92abe747 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_password_policy_guest_admin.py @@ -0,0 +1,344 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_password_policy_guest_admin +short_description: Configure the password policy for guest administrators in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and password_policy_guest_admin category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_password_policy_guest_admin: + description: + - Configure the password policy for guest administrators. + default: null + type: dict + suboptions: + apply_to: + description: + - Guest administrator to which this password policy applies. + type: str + choices: + - guest-admin-password + change_4_characters: + description: + - Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled). + type: str + choices: + - enable + - disable + expire_day: + description: + - Number of days after which passwords expire (1 - 999 days). + type: int + expire_status: + description: + - Enable/disable password expiration. + type: str + choices: + - enable + - disable + min_lower_case_letter: + description: + - Minimum number of lowercase characters in password (0 - 128). + type: int + min_non_alphanumeric: + description: + - Minimum number of non-alphanumeric characters in password (0 - 128). + type: int + min_number: + description: + - Minimum number of numeric characters in password (0 - 128). + type: int + min_upper_case_letter: + description: + - Minimum number of uppercase characters in password (0 - 128). + type: int + minimum_length: + description: + - Minimum password length (8 - 128). + type: int + reuse_password: + description: + - Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides). + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the password policy for guest administrators. + fortios_system_password_policy_guest_admin: + vdom: "{{ vdom }}" + system_password_policy_guest_admin: + apply_to: "guest-admin-password" + change_4_characters: "enable" + expire_day: "5" + expire_status: "enable" + min_lower_case_letter: "7" + min_non_alphanumeric: "8" + min_number: "9" + min_upper_case_letter: "10" + minimum_length: "11" + reuse_password: "enable" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_password_policy_guest_admin_data(json): + option_list = ['apply_to', 'change_4_characters', 'expire_day', + 'expire_status', 'min_lower_case_letter', 'min_non_alphanumeric', + 'min_number', 'min_upper_case_letter', 'minimum_length', + 'reuse_password', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_password_policy_guest_admin(data, fos): + vdom = data['vdom'] + system_password_policy_guest_admin_data = data['system_password_policy_guest_admin'] + filtered_data = underscore_to_hyphen(filter_system_password_policy_guest_admin_data(system_password_policy_guest_admin_data)) + + return fos.set('system', + 'password-policy-guest-admin', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_password_policy_guest_admin']: + resp = system_password_policy_guest_admin(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_password_policy_guest_admin')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_password_policy_guest_admin": { + "required": False, "type": "dict", "default": None, + "options": { + "apply_to": {"required": False, "type": "str", + "choices": ["guest-admin-password"]}, + "change_4_characters": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "expire_day": {"required": False, "type": "int"}, + "expire_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "min_lower_case_letter": {"required": False, "type": "int"}, + "min_non_alphanumeric": {"required": False, "type": "int"}, + "min_number": {"required": False, "type": "int"}, + "min_upper_case_letter": {"required": False, "type": "int"}, + "minimum_length": {"required": False, "type": "int"}, + "reuse_password": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_physical_switch.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_physical_switch.py new file mode 100644 index 00000000..d8ed79e8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_physical_switch.py @@ -0,0 +1,350 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_physical_switch +short_description: Configure physical switches in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and physical_switch category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_physical_switch: + description: + - Configure physical switches. + default: null + type: dict + suboptions: + age_enable: + description: + - Enable/disable layer 2 age timer. + type: str + choices: + - enable + - disable + age_val: + description: + - Layer 2 table age timer Value. + type: int + name: + description: + - Name. + required: true + type: str + port: + description: + - Configure member ports. + type: list + suboptions: + name: + description: + - Physical port name. + required: true + type: str + speed: + description: + - Speed. + type: str + choices: + - auto + - 10full + - 10half + - 100full + - 100half + - 1000full + - 1000half + - 1000auto + status: + description: + - Interface status. + type: str + choices: + - up + - down +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure physical switches. + fortios_system_physical_switch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_physical_switch: + age_enable: "enable" + age_val: "4" + name: "default_name_5" + port: + - + name: "default_name_7" + speed: "auto" + status: "up" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_physical_switch_data(json): + option_list = ['age_enable', 'age_val', 'name', + 'port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_physical_switch(data, fos): + vdom = data['vdom'] + state = data['state'] + system_physical_switch_data = data['system_physical_switch'] + filtered_data = underscore_to_hyphen(filter_system_physical_switch_data(system_physical_switch_data)) + + if state == "present": + return fos.set('system', + 'physical-switch', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'physical-switch', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_physical_switch']: + resp = system_physical_switch(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_physical_switch')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_physical_switch": { + "required": False, "type": "dict", "default": None, + "options": { + "age_enable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "age_val": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "speed": {"required": False, "type": "str", + "choices": ["auto", + "10full", + "10half", + "100full", + "100half", + "1000full", + "1000half", + "1000auto"]}, + "status": {"required": False, "type": "str", + "choices": ["up", + "down"]} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_pppoe_interface.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_pppoe_interface.py new file mode 100644 index 00000000..31abe178 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_pppoe_interface.py @@ -0,0 +1,402 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_pppoe_interface +short_description: Configure the PPPoE interfaces in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and pppoe_interface category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_pppoe_interface: + description: + - Configure the PPPoE interfaces. + default: null + type: dict + suboptions: + ac_name: + description: + - PPPoE AC name. + type: str + auth_type: + description: + - PPP authentication type to use. + type: str + choices: + - auto + - pap + - chap + - mschapv1 + - mschapv2 + device: + description: + - Name for the physical interface. Source system.interface.name. + type: str + dial_on_demand: + description: + - Enable/disable dial on demand to dial the PPPoE interface when packets are routed to the PPPoE interface. + type: str + choices: + - enable + - disable + disc_retry_timeout: + description: + - PPPoE discovery init timeout value in (0-4294967295 sec). + type: int + idle_timeout: + description: + - PPPoE auto disconnect after idle timeout (0-4294967295 sec). + type: int + ipunnumbered: + description: + - PPPoE unnumbered IP. + type: str + ipv6: + description: + - Enable/disable IPv6 Control Protocol (IPv6CP). + type: str + choices: + - enable + - disable + lcp_echo_interval: + description: + - PPPoE LCP echo interval in (0-4294967295 sec). + type: int + lcp_max_echo_fails: + description: + - Maximum missed LCP echo messages before disconnect (0-4294967295). + type: int + name: + description: + - Name of the PPPoE interface. + required: true + type: str + padt_retry_timeout: + description: + - PPPoE terminate timeout value in (0-4294967295 sec). + type: int + password: + description: + - Enter the password. + type: str + pppoe_unnumbered_negotiate: + description: + - Enable/disable PPPoE unnumbered negotiation. + type: str + choices: + - enable + - disable + service_name: + description: + - PPPoE service name. + type: str + username: + description: + - User name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure the PPPoE interfaces. + fortios_system_pppoe_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_pppoe_interface: + ac_name: "" + auth_type: "auto" + device: " (source system.interface.name)" + dial_on_demand: "enable" + disc_retry_timeout: "7" + idle_timeout: "8" + ipunnumbered: "" + ipv6: "enable" + lcp_echo_interval: "11" + lcp_max_echo_fails: "12" + name: "default_name_13" + padt_retry_timeout: "14" + password: "" + pppoe_unnumbered_negotiate: "enable" + service_name: "" + username: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_pppoe_interface_data(json): + option_list = ['ac_name', 'auth_type', 'device', + 'dial_on_demand', 'disc_retry_timeout', 'idle_timeout', + 'ipunnumbered', 'ipv6', 'lcp_echo_interval', + 'lcp_max_echo_fails', 'name', 'padt_retry_timeout', + 'password', 'pppoe_unnumbered_negotiate', 'service_name', + 'username'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_pppoe_interface(data, fos): + vdom = data['vdom'] + state = data['state'] + system_pppoe_interface_data = data['system_pppoe_interface'] + filtered_data = underscore_to_hyphen(filter_system_pppoe_interface_data(system_pppoe_interface_data)) + + if state == "present": + return fos.set('system', + 'pppoe-interface', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'pppoe-interface', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_pppoe_interface']: + resp = system_pppoe_interface(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_pppoe_interface')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_pppoe_interface": { + "required": False, "type": "dict", "default": None, + "options": { + "ac_name": {"required": False, "type": "str"}, + "auth_type": {"required": False, "type": "str", + "choices": ["auto", + "pap", + "chap", + "mschapv1", + "mschapv2"]}, + "device": {"required": False, "type": "str"}, + "dial_on_demand": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "disc_retry_timeout": {"required": False, "type": "int"}, + "idle_timeout": {"required": False, "type": "int"}, + "ipunnumbered": {"required": False, "type": "str"}, + "ipv6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "lcp_echo_interval": {"required": False, "type": "int"}, + "lcp_max_echo_fails": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "padt_retry_timeout": {"required": False, "type": "int"}, + "password": {"required": False, "type": "str"}, + "pppoe_unnumbered_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "service_name": {"required": False, "type": "str"}, + "username": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_probe_response.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_probe_response.py new file mode 100644 index 00000000..41405deb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_probe_response.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_probe_response +short_description: Configure system probe response in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and probe_response category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_probe_response: + description: + - Configure system probe response. + default: null + type: dict + suboptions: + http_probe_value: + description: + - Value to respond to the monitoring server. + type: str + mode: + description: + - SLA response mode. + type: str + choices: + - none + - http-probe + - twamp + password: + description: + - Twamp respondor password in authentication mode + type: str + port: + description: + - Port number to response. + type: int + security_mode: + description: + - Twamp respondor security mode. + type: str + choices: + - none + - authentication + timeout: + description: + - An inactivity timer for a twamp test session. + type: int + ttl_mode: + description: + - Mode for TWAMP packet TTL modification. + type: str + choices: + - reinit + - decrease + - retain +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure system probe response. + fortios_system_probe_response: + vdom: "{{ vdom }}" + system_probe_response: + http_probe_value: "" + mode: "none" + password: "" + port: "6" + security_mode: "none" + timeout: "8" + ttl_mode: "reinit" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_probe_response_data(json): + option_list = ['http_probe_value', 'mode', 'password', + 'port', 'security_mode', 'timeout', + 'ttl_mode'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_probe_response(data, fos): + vdom = data['vdom'] + system_probe_response_data = data['system_probe_response'] + filtered_data = underscore_to_hyphen(filter_system_probe_response_data(system_probe_response_data)) + + return fos.set('system', + 'probe-response', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_probe_response']: + resp = system_probe_response(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_probe_response')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_probe_response": { + "required": False, "type": "dict", "default": None, + "options": { + "http_probe_value": {"required": False, "type": "str"}, + "mode": {"required": False, "type": "str", + "choices": ["none", + "http-probe", + "twamp"]}, + "password": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "security_mode": {"required": False, "type": "str", + "choices": ["none", + "authentication"]}, + "timeout": {"required": False, "type": "int"}, + "ttl_mode": {"required": False, "type": "str", + "choices": ["reinit", + "decrease", + "retain"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_proxy_arp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_proxy_arp.py new file mode 100644 index 00000000..62b82b64 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_proxy_arp.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_proxy_arp +short_description: Configure proxy-ARP in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and proxy_arp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_proxy_arp: + description: + - Configure proxy-ARP. + default: null + type: dict + suboptions: + end_ip: + description: + - End IP of IP range to be proxied. + type: str + id: + description: + - Unique integer ID of the entry. + required: true + type: int + interface: + description: + - Interface acting proxy-ARP. Source system.interface.name. + type: str + ip: + description: + - IP address or start IP to be proxied. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure proxy-ARP. + fortios_system_proxy_arp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_proxy_arp: + end_ip: "" + id: "4" + interface: " (source system.interface.name)" + ip: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_proxy_arp_data(json): + option_list = ['end_ip', 'id', 'interface', + 'ip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_proxy_arp(data, fos): + vdom = data['vdom'] + state = data['state'] + system_proxy_arp_data = data['system_proxy_arp'] + filtered_data = underscore_to_hyphen(filter_system_proxy_arp_data(system_proxy_arp_data)) + + if state == "present": + return fos.set('system', + 'proxy-arp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'proxy-arp', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_proxy_arp']: + resp = system_proxy_arp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_proxy_arp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_proxy_arp": { + "required": False, "type": "dict", "default": None, + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_admin.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_admin.py new file mode 100644 index 00000000..882da9a8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_admin.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_admin +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and admin category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_admin: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_admin: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_admin: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_admin_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_admin(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_admin_data = data['system_replacemsg_admin'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_admin_data(system_replacemsg_admin_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'admin', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'admin', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_admin']: + resp = system_replacemsg_admin(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_admin')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_admin": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_alertmail.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_alertmail.py new file mode 100644 index 00000000..486d39a6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_alertmail.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_alertmail +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and alertmail category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_alertmail: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_alertmail: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_alertmail: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_alertmail_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_alertmail(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_alertmail_data = data['system_replacemsg_alertmail'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_alertmail_data(system_replacemsg_alertmail_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'alertmail', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'alertmail', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_alertmail']: + resp = system_replacemsg_alertmail(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_alertmail')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_alertmail": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_auth.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_auth.py new file mode 100644 index 00000000..37936b20 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_auth.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_auth +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and auth category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_auth: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_auth: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_auth: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_auth_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_auth(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_auth_data = data['system_replacemsg_auth'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_auth_data(system_replacemsg_auth_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'auth', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'auth', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_auth']: + resp = system_replacemsg_auth(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_auth')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_auth": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_device_detection_portal.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_device_detection_portal.py new file mode 100644 index 00000000..a1f5f573 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_device_detection_portal.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_device_detection_portal +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and device_detection_portal category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_device_detection_portal: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_device_detection_portal: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_device_detection_portal: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_device_detection_portal_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_device_detection_portal(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_device_detection_portal_data = data['system_replacemsg_device_detection_portal'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_device_detection_portal_data(system_replacemsg_device_detection_portal_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'device-detection-portal', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'device-detection-portal', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_device_detection_portal']: + resp = system_replacemsg_device_detection_portal(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_device_detection_portal')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_device_detection_portal": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ec.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ec.py new file mode 100644 index 00000000..6ea39bf0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ec.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_ec +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and ec category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_ec: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_ec: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_ec: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_ec_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_ec(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_ec_data = data['system_replacemsg_ec'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_ec_data(system_replacemsg_ec_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'ec', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'ec', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_ec']: + resp = system_replacemsg_ec(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_ec')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_ec": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_fortiguard_wf.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_fortiguard_wf.py new file mode 100644 index 00000000..6d2a2261 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_fortiguard_wf.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_fortiguard_wf +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and fortiguard_wf category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_fortiguard_wf: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_fortiguard_wf: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_fortiguard_wf: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_fortiguard_wf_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_fortiguard_wf(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_fortiguard_wf_data = data['system_replacemsg_fortiguard_wf'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_fortiguard_wf_data(system_replacemsg_fortiguard_wf_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'fortiguard-wf', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'fortiguard-wf', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_fortiguard_wf']: + resp = system_replacemsg_fortiguard_wf(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_fortiguard_wf')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_fortiguard_wf": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ftp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ftp.py new file mode 100644 index 00000000..1f1bdc31 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_ftp.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_ftp +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and ftp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_ftp: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_ftp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_ftp: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_ftp_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_ftp(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_ftp_data = data['system_replacemsg_ftp'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_ftp_data(system_replacemsg_ftp_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'ftp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'ftp', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_ftp']: + resp = system_replacemsg_ftp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_ftp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_ftp": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_group.py new file mode 100644 index 00000000..3a1f36ad --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_group.py @@ -0,0 +1,1208 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_group +short_description: Configure replacement message groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and replacemsg_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_group: + description: + - Configure replacement message groups. + default: null + type: dict + suboptions: + admin: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + alertmail: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + auth: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + comment: + description: + - Comment. + type: str + custom_message: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + device_detection_portal: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + ec: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + fortiguard_wf: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + ftp: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + group_type: + description: + - Group type. + type: str + choices: + - default + - utm + - auth + - ec + http: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + icap: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + mail: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + nac_quar: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + name: + description: + - Group name. + required: true + type: str + nntp: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + spam: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + sslvpn: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + traffic_quota: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + utm: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str + webproxy: + description: + - Replacement message table entries. + type: list + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure replacement message groups. + fortios_system_replacemsg_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_group: + admin: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + alertmail: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + auth: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + comment: "Comment." + custom_message: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + device_detection_portal: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + ec: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + fortiguard_wf: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + ftp: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + group_type: "default" + http: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + icap: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + mail: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + nac_quar: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + name: "default_name_65" + nntp: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + spam: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + sslvpn: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + traffic_quota: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + utm: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + webproxy: + - + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_group_data(json): + option_list = ['admin', 'alertmail', 'auth', + 'comment', 'custom_message', 'device_detection_portal', + 'ec', 'fortiguard_wf', 'ftp', + 'group_type', 'http', 'icap', + 'mail', 'nac_quar', 'name', + 'nntp', 'spam', 'sslvpn', + 'traffic_quota', 'utm', 'webproxy'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_group(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_group_data = data['system_replacemsg_group'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_group_data(system_replacemsg_group_data)) + + if state == "present": + return fos.set('system', + 'replacemsg-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'replacemsg-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_replacemsg_group']: + resp = system_replacemsg_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_group": { + "required": False, "type": "dict", "default": None, + "options": { + "admin": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "alertmail": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "auth": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "comment": {"required": False, "type": "str"}, + "custom_message": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "device_detection_portal": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "ec": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "fortiguard_wf": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "ftp": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "group_type": {"required": False, "type": "str", + "choices": ["default", + "utm", + "auth", + "ec"]}, + "http": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "icap": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "mail": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "nac_quar": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "nntp": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "spam": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "sslvpn": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "traffic_quota": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "utm": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }}, + "webproxy": {"required": False, "type": "list", + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_http.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_http.py new file mode 100644 index 00000000..ce9ad567 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_http.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_http +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and http category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_http: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_http: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_http: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_http_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_http(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_http_data = data['system_replacemsg_http'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_http_data(system_replacemsg_http_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'http', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'http', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_http']: + resp = system_replacemsg_http(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_http')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_http": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_icap.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_icap.py new file mode 100644 index 00000000..96cc07d4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_icap.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_icap +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and icap category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_icap: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_icap: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_icap: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_icap_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_icap(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_icap_data = data['system_replacemsg_icap'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_icap_data(system_replacemsg_icap_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'icap', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'icap', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_icap']: + resp = system_replacemsg_icap(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_icap')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_icap": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_image.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_image.py new file mode 100644 index 00000000..f4603def --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_image.py @@ -0,0 +1,302 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_image +short_description: Configure replacement message images in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and replacemsg_image category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_image: + description: + - Configure replacement message images. + default: null + type: dict + suboptions: + image_base64: + description: + - Image data. + type: str + image_type: + description: + - Image type. + type: str + choices: + - gif + - jpg + - tiff + - png + name: + description: + - Image name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure replacement message images. + fortios_system_replacemsg_image: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_image: + image_base64: "" + image_type: "gif" + name: "default_name_5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_image_data(json): + option_list = ['image_base64', 'image_type', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_image(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_image_data = data['system_replacemsg_image'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_image_data(system_replacemsg_image_data)) + + if state == "present": + return fos.set('system', + 'replacemsg-image', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'replacemsg-image', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_replacemsg_image']: + resp = system_replacemsg_image(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_image')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_image": { + "required": False, "type": "dict", "default": None, + "options": { + "image_base64": {"required": False, "type": "str"}, + "image_type": {"required": False, "type": "str", + "choices": ["gif", + "jpg", + "tiff", + "png"]}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_mail.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_mail.py new file mode 100644 index 00000000..2ed2c806 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_mail.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_mail +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and mail category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_mail: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_mail: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_mail: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_mail_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_mail(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_mail_data = data['system_replacemsg_mail'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_mail_data(system_replacemsg_mail_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'mail', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'mail', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_mail']: + resp = system_replacemsg_mail(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_mail')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_mail": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nac_quar.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nac_quar.py new file mode 100644 index 00000000..6fe28337 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nac_quar.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_nac_quar +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and nac_quar category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_nac_quar: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_nac_quar: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_nac_quar: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_nac_quar_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_nac_quar(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_nac_quar_data = data['system_replacemsg_nac_quar'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_nac_quar_data(system_replacemsg_nac_quar_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'nac-quar', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'nac-quar', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_nac_quar']: + resp = system_replacemsg_nac_quar(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_nac_quar')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_nac_quar": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nntp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nntp.py new file mode 100644 index 00000000..94314d25 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_nntp.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_nntp +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and nntp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_nntp: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_nntp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_nntp: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_nntp_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_nntp(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_nntp_data = data['system_replacemsg_nntp'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_nntp_data(system_replacemsg_nntp_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'nntp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'nntp', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_nntp']: + resp = system_replacemsg_nntp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_nntp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_nntp": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_spam.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_spam.py new file mode 100644 index 00000000..7b31dbfd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_spam.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_spam +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and spam category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_spam: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_spam: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_spam: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_spam_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_spam(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_spam_data = data['system_replacemsg_spam'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_spam_data(system_replacemsg_spam_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'spam', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'spam', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_spam']: + resp = system_replacemsg_spam(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_spam')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_spam": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_sslvpn.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_sslvpn.py new file mode 100644 index 00000000..774015f6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_sslvpn.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_sslvpn +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and sslvpn category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_sslvpn: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_sslvpn: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_sslvpn: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_sslvpn_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_sslvpn(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_sslvpn_data = data['system_replacemsg_sslvpn'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_sslvpn_data(system_replacemsg_sslvpn_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'sslvpn', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'sslvpn', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_sslvpn']: + resp = system_replacemsg_sslvpn(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_sslvpn')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_sslvpn": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_traffic_quota.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_traffic_quota.py new file mode 100644 index 00000000..5341da50 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_traffic_quota.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_traffic_quota +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and traffic_quota category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_traffic_quota: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_traffic_quota: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_traffic_quota: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_traffic_quota_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_traffic_quota(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_traffic_quota_data = data['system_replacemsg_traffic_quota'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_traffic_quota_data(system_replacemsg_traffic_quota_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'traffic-quota', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'traffic-quota', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_traffic_quota']: + resp = system_replacemsg_traffic_quota(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_traffic_quota')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_traffic_quota": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_utm.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_utm.py new file mode 100644 index 00000000..06dd5328 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_utm.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_utm +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and utm category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_utm: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_utm: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_utm: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_utm_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_utm(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_utm_data = data['system_replacemsg_utm'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_utm_data(system_replacemsg_utm_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'utm', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'utm', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_utm']: + resp = system_replacemsg_utm(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_utm')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_utm": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_webproxy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_webproxy.py new file mode 100644 index 00000000..2f18da22 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_replacemsg_webproxy.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_replacemsg_webproxy +short_description: Replacement messages in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_replacemsg feature and webproxy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_replacemsg_webproxy: + description: + - Replacement messages. + default: null + type: dict + suboptions: + buffer: + description: + - Message string. + type: str + format: + description: + - Format flag. + type: str + choices: + - none + - text + - html + - wml + header: + description: + - Header flag. + type: str + choices: + - none + - http + - 8bit + msg_type: + description: + - Message type. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Replacement messages. + fortios_system_replacemsg_webproxy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_replacemsg_webproxy: + buffer: "" + format: "none" + header: "none" + msg_type: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_replacemsg_webproxy_data(json): + option_list = ['buffer', 'format', 'header', + 'msg_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_replacemsg_webproxy(data, fos): + vdom = data['vdom'] + state = data['state'] + system_replacemsg_webproxy_data = data['system_replacemsg_webproxy'] + filtered_data = underscore_to_hyphen(filter_system_replacemsg_webproxy_data(system_replacemsg_webproxy_data)) + + if state == "present": + return fos.set('system.replacemsg', + 'webproxy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.replacemsg', + 'webproxy', + mkey=filtered_data['msg-type'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_replacemsg(data, fos): + + if data['system_replacemsg_webproxy']: + resp = system_replacemsg_webproxy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_replacemsg_webproxy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'msg-type' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_replacemsg_webproxy": { + "required": False, "type": "dict", "default": None, + "options": { + "buffer": {"required": False, "type": "str"}, + "format": {"required": False, "type": "str", + "choices": ["none", + "text", + "html", + "wml"]}, + "header": {"required": False, "type": "str", + "choices": ["none", + "http", + "8bit"]}, + "msg_type": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_resource_limits.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_resource_limits.py new file mode 100644 index 00000000..fefb2977 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_resource_limits.py @@ -0,0 +1,365 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_resource_limits +short_description: Configure resource limits in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and resource_limits category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_resource_limits: + description: + - Configure resource limits. + default: null + type: dict + suboptions: + custom_service: + description: + - Maximum number of firewall custom services. + type: int + dialup_tunnel: + description: + - Maximum number of dial-up tunnels. + type: int + firewall_address: + description: + - Maximum number of firewall addresses. + type: int + firewall_addrgrp: + description: + - Maximum number of firewall address groups. + type: int + firewall_policy: + description: + - Maximum number of firewall policies. + type: int + ipsec_phase1: + description: + - Maximum number of VPN IPsec phase1 tunnels. + type: int + ipsec_phase1_interface: + description: + - Maximum number of VPN IPsec phase1 interface tunnels. + type: int + ipsec_phase2: + description: + - Maximum number of VPN IPsec phase2 tunnels. + type: int + ipsec_phase2_interface: + description: + - Maximum number of VPN IPsec phase2 interface tunnels. + type: int + log_disk_quota: + description: + - Log disk quota in MB. + type: int + onetime_schedule: + description: + - Maximum number of firewall one-time schedules. + type: int + proxy: + description: + - Maximum number of concurrent proxy users. + type: int + recurring_schedule: + description: + - Maximum number of firewall recurring schedules. + type: int + service_group: + description: + - Maximum number of firewall service groups. + type: int + session: + description: + - Maximum number of sessions. + type: int + sslvpn: + description: + - Maximum number of SSL-VPN. + type: int + user: + description: + - Maximum number of local users. + type: int + user_group: + description: + - Maximum number of user groups. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure resource limits. + fortios_system_resource_limits: + vdom: "{{ vdom }}" + system_resource_limits: + custom_service: "3" + dialup_tunnel: "4" + firewall_address: "5" + firewall_addrgrp: "6" + firewall_policy: "7" + ipsec_phase1: "8" + ipsec_phase1_interface: "9" + ipsec_phase2: "10" + ipsec_phase2_interface: "11" + log_disk_quota: "12" + onetime_schedule: "13" + proxy: "14" + recurring_schedule: "15" + service_group: "16" + session: "17" + sslvpn: "18" + user: "19" + user_group: "20" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_resource_limits_data(json): + option_list = ['custom_service', 'dialup_tunnel', 'firewall_address', + 'firewall_addrgrp', 'firewall_policy', 'ipsec_phase1', + 'ipsec_phase1_interface', 'ipsec_phase2', 'ipsec_phase2_interface', + 'log_disk_quota', 'onetime_schedule', 'proxy', + 'recurring_schedule', 'service_group', 'session', + 'sslvpn', 'user', 'user_group'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_resource_limits(data, fos): + vdom = data['vdom'] + system_resource_limits_data = data['system_resource_limits'] + filtered_data = underscore_to_hyphen(filter_system_resource_limits_data(system_resource_limits_data)) + + return fos.set('system', + 'resource-limits', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_resource_limits']: + resp = system_resource_limits(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_resource_limits')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_resource_limits": { + "required": False, "type": "dict", "default": None, + "options": { + "custom_service": {"required": False, "type": "int"}, + "dialup_tunnel": {"required": False, "type": "int"}, + "firewall_address": {"required": False, "type": "int"}, + "firewall_addrgrp": {"required": False, "type": "int"}, + "firewall_policy": {"required": False, "type": "int"}, + "ipsec_phase1": {"required": False, "type": "int"}, + "ipsec_phase1_interface": {"required": False, "type": "int"}, + "ipsec_phase2": {"required": False, "type": "int"}, + "ipsec_phase2_interface": {"required": False, "type": "int"}, + "log_disk_quota": {"required": False, "type": "int"}, + "onetime_schedule": {"required": False, "type": "int"}, + "proxy": {"required": False, "type": "int"}, + "recurring_schedule": {"required": False, "type": "int"}, + "service_group": {"required": False, "type": "int"}, + "session": {"required": False, "type": "int"}, + "sslvpn": {"required": False, "type": "int"}, + "user": {"required": False, "type": "int"}, + "user_group": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sdn_connector.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sdn_connector.py new file mode 100644 index 00000000..be598878 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sdn_connector.py @@ -0,0 +1,548 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_sdn_connector +short_description: Configure connection to SDN Connector in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and sdn_connector category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + system_sdn_connector: + description: + - Configure connection to SDN Connector. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + access_key: + description: + - AWS access key ID. + type: str + azure_region: + description: + - Azure Region (Global/China). + type: str + choices: + - global + - china + client_id: + description: + - Azure client ID (application ID). + type: str + client_secret: + description: + - Azure client secret (application key). + type: str + external_ip: + description: + - Configure GCP external IP. + type: list + suboptions: + name: + description: + - External IP name. + required: true + type: str + name: + description: + - SDN connector name. + required: true + type: str + nic: + description: + - Configure Azure network interface. + type: list + suboptions: + ip: + description: + - Configure IP configuration. + type: list + suboptions: + name: + description: + - IP configuration name. + required: true + type: str + public_ip: + description: + - Public IP name. + type: str + name: + description: + - Network interface name. + required: true + type: str + password: + description: + - Password of the remote SDN connector as login credentials. + type: str + region: + description: + - AWS region name. + type: str + resource_group: + description: + - Azure resource group. + type: str + route: + description: + - Configure GCP route. + type: list + suboptions: + name: + description: + - Route name. + required: true + type: str + route_table: + description: + - Configure Azure route table. + type: list + suboptions: + name: + description: + - Route table name. + required: true + type: str + route: + description: + - Configure Azure route. + type: list + suboptions: + name: + description: + - Route name. + required: true + type: str + next_hop: + description: + - Next hop address. + type: str + secret_key: + description: + - AWS secret access key. + type: str + server: + description: + - Server address of the remote SDN connector. + type: str + server_port: + description: + - Port number of the remote SDN connector. + type: int + status: + description: + - Enable/disable connection to the remote SDN connector. + type: str + choices: + - disable + - enable + subscription_id: + description: + - Azure subscription ID. + type: str + tenant_id: + description: + - Azure tenant ID (directory ID). + type: str + type: + description: + - Type of SDN connector. + type: str + choices: + - aci + - aws + - azure + - nsx + - nuage + - gcp + update_interval: + description: + - Dynamic object update interval (0 - 3600 sec, 0 means disabled). + type: int + username: + description: + - Username of the remote SDN connector as login credentials. + type: str + vpc_id: + description: + - AWS VPC ID. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure connection to SDN Connector. + fortios_system_sdn_connector: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sdn_connector: + access_key: "" + azure_region: "global" + client_id: "" + client_secret: "" + external_ip: + - + name: "default_name_8" + name: "default_name_9" + nic: + - + ip: + - + name: "default_name_12" + public_ip: "" + name: "default_name_14" + password: "" + region: "" + resource_group: "" + route: + - + name: "default_name_19" + route_table: + - + name: "default_name_21" + route: + - + name: "default_name_23" + next_hop: "" + secret_key: "" + server: "192.168.100.40" + server_port: "27" + status: "disable" + subscription_id: "" + tenant_id: "" + type: "aci" + update_interval: "32" + username: "" + vpc_id: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_sdn_connector_data(json): + option_list = ['access_key', 'azure_region', 'client_id', + 'client_secret', 'external_ip', 'name', + 'nic', 'password', 'region', + 'resource_group', 'route', 'route_table', + 'secret_key', 'server', 'server_port', + 'status', 'subscription_id', 'tenant_id', + 'type', 'update_interval', 'username', + 'vpc_id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_sdn_connector(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['system_sdn_connector'] and data['system_sdn_connector']['state']: + state = data['system_sdn_connector']['state'] + else: + state = True + system_sdn_connector_data = data['system_sdn_connector'] + filtered_data = underscore_to_hyphen(filter_system_sdn_connector_data(system_sdn_connector_data)) + + if state == "present": + return fos.set('system', + 'sdn-connector', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'sdn-connector', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_sdn_connector']: + resp = system_sdn_connector(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_sdn_connector')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "system_sdn_connector": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "access_key": {"required": False, "type": "str"}, + "azure_region": {"required": False, "type": "str", + "choices": ["global", + "china"]}, + "client_id": {"required": False, "type": "str"}, + "client_secret": {"required": False, "type": "str"}, + "external_ip": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "nic": {"required": False, "type": "list", + "options": { + "ip": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "public_ip": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + }}, + "password": {"required": False, "type": "str"}, + "region": {"required": False, "type": "str"}, + "resource_group": {"required": False, "type": "str"}, + "route": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "route_table": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "route": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "next_hop": {"required": False, "type": "str"} + }} + }}, + "secret_key": {"required": False, "type": "str"}, + "server": {"required": False, "type": "str"}, + "server_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "subscription_id": {"required": False, "type": "str"}, + "tenant_id": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["aci", + "aws", + "azure", + "nsx", + "nuage", + "gcp"]}, + "update_interval": {"required": False, "type": "int"}, + "username": {"required": False, "type": "str"}, + "vpc_id": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_helper.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_helper.py new file mode 100644 index 00000000..497dd7ce --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_helper.py @@ -0,0 +1,337 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_session_helper +short_description: Configure session helper in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and session_helper category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_session_helper: + description: + - Configure session helper. + default: null + type: dict + suboptions: + id: + description: + - Session helper ID. + required: true + type: int + name: + description: + - Helper name. + type: str + choices: + - ftp + - tftp + - ras + - h323 + - tns + - mms + - sip + - pptp + - rtsp + - dns-udp + - dns-tcp + - pmap + - rsh + - dcerpc + - mgcp + - gtp-c + - gtp-u + - gtp-b + port: + description: + - Protocol port. + type: int + protocol: + description: + - Protocol number. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure session helper. + fortios_system_session_helper: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_session_helper: + id: "3" + name: "default_name_4" + port: "5" + protocol: "6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_session_helper_data(json): + option_list = ['id', 'name', 'port', + 'protocol'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_session_helper(data, fos): + vdom = data['vdom'] + state = data['state'] + system_session_helper_data = data['system_session_helper'] + filtered_data = underscore_to_hyphen(filter_system_session_helper_data(system_session_helper_data)) + + if state == "present": + return fos.set('system', + 'session-helper', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'session-helper', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_session_helper']: + resp = system_session_helper(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_session_helper')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_session_helper": { + "required": False, "type": "dict", "default": None, + "options": { + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str", + "choices": ["ftp", + "tftp", + "ras", + "h323", + "tns", + "mms", + "sip", + "pptp", + "rtsp", + "dns-udp", + "dns-tcp", + "pmap", + "rsh", + "dcerpc", + "mgcp", + "gtp-c", + "gtp-u", + "gtp-b"]}, + "port": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_ttl.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_ttl.py new file mode 100644 index 00000000..55725223 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_session_ttl.py @@ -0,0 +1,299 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_session_ttl +short_description: Configure global session TTL timers for this FortiGate in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and session_ttl category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_session_ttl: + description: + - Configure global session TTL timers for this FortiGate. + default: null + type: dict + suboptions: + default: + description: + - Default timeout. + type: str + port: + description: + - Session TTL port. + type: list + suboptions: + end_port: + description: + - End port number. + type: int + id: + description: + - Table entry ID. + required: true + type: int + protocol: + description: + - Protocol (0 - 255). + type: int + start_port: + description: + - Start port number. + type: int + timeout: + description: + - Session timeout (TTL). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global session TTL timers for this FortiGate. + fortios_system_session_ttl: + vdom: "{{ vdom }}" + system_session_ttl: + default: "" + port: + - + end_port: "5" + id: "6" + protocol: "7" + start_port: "8" + timeout: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_session_ttl_data(json): + option_list = ['default', 'port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_session_ttl(data, fos): + vdom = data['vdom'] + system_session_ttl_data = data['system_session_ttl'] + filtered_data = underscore_to_hyphen(filter_system_session_ttl_data(system_session_ttl_data)) + + return fos.set('system', + 'session-ttl', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_session_ttl']: + resp = system_session_ttl(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_session_ttl')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_session_ttl": { + "required": False, "type": "dict", "default": None, + "options": { + "default": {"required": False, "type": "str"}, + "port": {"required": False, "type": "list", + "options": { + "end_port": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "protocol": {"required": False, "type": "int"}, + "start_port": {"required": False, "type": "int"}, + "timeout": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_settings.py new file mode 100644 index 00000000..9dad45f2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_settings.py @@ -0,0 +1,1407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_settings +short_description: Configure VDOM settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_settings: + description: + - Configure VDOM settings. + default: null + type: dict + suboptions: + allow_subnet_overlap: + description: + - Enable/disable allowing interface subnets to use overlapping IP addresses. + type: str + choices: + - enable + - disable + asymroute: + description: + - Enable/disable IPv4 asymmetric routing. + type: str + choices: + - enable + - disable + asymroute_icmp: + description: + - Enable/disable ICMP asymmetric routing. + type: str + choices: + - enable + - disable + asymroute6: + description: + - Enable/disable asymmetric IPv6 routing. + type: str + choices: + - enable + - disable + asymroute6_icmp: + description: + - Enable/disable asymmetric ICMPv6 routing. + type: str + choices: + - enable + - disable + bfd: + description: + - Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. + type: str + choices: + - enable + - disable + bfd_desired_min_tx: + description: + - BFD desired minimal transmit interval (1 - 100000 ms). + type: int + bfd_detect_mult: + description: + - BFD detection multiplier (1 - 50). + type: int + bfd_dont_enforce_src_port: + description: + - Enable to not enforce verifying the source port of BFD Packets. + type: str + choices: + - enable + - disable + bfd_required_min_rx: + description: + - BFD required minimal receive interval (1 - 100000 ms). + type: int + block_land_attack: + description: + - Enable/disable blocking of land attacks. + type: str + choices: + - disable + - enable + central_nat: + description: + - Enable/disable central NAT. + type: str + choices: + - enable + - disable + comments: + description: + - VDOM comments. + type: str + compliance_check: + description: + - Enable/disable PCI DSS compliance checking. + type: str + choices: + - enable + - disable + default_voip_alg_mode: + description: + - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn"t include a VoIP profile. + type: str + choices: + - proxy-based + - kernel-helper-based + deny_tcp_with_icmp: + description: + - Enable/disable denying TCP by sending an ICMP communication prohibited packet. + type: str + choices: + - enable + - disable + device: + description: + - Interface to use for management access for NAT mode. Source system.interface.name. + type: str + dhcp_proxy: + description: + - Enable/disable the DHCP Proxy. + type: str + choices: + - enable + - disable + dhcp_server_ip: + description: + - DHCP Server IPv4 address. + type: str + dhcp6_server_ip: + description: + - DHCPv6 server IPv6 address. + type: str + discovered_device_timeout: + description: + - Timeout for discovered devices (1 - 365 days). + type: int + ecmp_max_paths: + description: + - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 100). + type: int + email_portal_check_dns: + description: + - Enable/disable using DNS to validate email addresses collected by a captive portal. + type: str + choices: + - disable + - enable + firewall_session_dirty: + description: + - Select how to manage sessions affected by firewall policy configuration changes. + type: str + choices: + - check-all + - check-new + - check-policy-option + fw_session_hairpin: + description: + - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. + type: str + choices: + - enable + - disable + gateway: + description: + - Transparent mode IPv4 default gateway IP address. + type: str + gateway6: + description: + - Transparent mode IPv4 default gateway IP address. + type: str + gui_advanced_policy: + description: + - Enable/disable advanced policy configuration on the GUI. + type: str + choices: + - enable + - disable + gui_allow_unnamed_policy: + description: + - Enable/disable the requirement for policy naming on the GUI. + type: str + choices: + - enable + - disable + gui_antivirus: + description: + - Enable/disable AntiVirus on the GUI. + type: str + choices: + - enable + - disable + gui_ap_profile: + description: + - Enable/disable FortiAP profiles on the GUI. + type: str + choices: + - enable + - disable + gui_application_control: + description: + - Enable/disable application control on the GUI. + type: str + choices: + - enable + - disable + gui_default_policy_columns: + description: + - Default columns to display for policy lists on GUI. + type: list + suboptions: + name: + description: + - Select column name. + required: true + type: str + gui_dhcp_advanced: + description: + - Enable/disable advanced DHCP options on the GUI. + type: str + choices: + - enable + - disable + gui_dlp: + description: + - Enable/disable DLP on the GUI. + type: str + choices: + - enable + - disable + gui_dns_database: + description: + - Enable/disable DNS database settings on the GUI. + type: str + choices: + - enable + - disable + gui_dnsfilter: + description: + - Enable/disable DNS Filtering on the GUI. + type: str + choices: + - enable + - disable + gui_domain_ip_reputation: + description: + - Enable/disable Domain and IP Reputation on the GUI. + type: str + choices: + - enable + - disable + gui_dos_policy: + description: + - Enable/disable DoS policies on the GUI. + type: str + choices: + - enable + - disable + gui_dynamic_profile_display: + description: + - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. + type: str + choices: + - enable + - disable + gui_dynamic_routing: + description: + - Enable/disable dynamic routing on the GUI. + type: str + choices: + - enable + - disable + gui_email_collection: + description: + - Enable/disable email collection on the GUI. + type: str + choices: + - enable + - disable + gui_endpoint_control: + description: + - Enable/disable endpoint control on the GUI. + type: str + choices: + - enable + - disable + gui_endpoint_control_advanced: + description: + - Enable/disable advanced endpoint control options on the GUI. + type: str + choices: + - enable + - disable + gui_explicit_proxy: + description: + - Enable/disable the explicit proxy on the GUI. + type: str + choices: + - enable + - disable + gui_fortiap_split_tunneling: + description: + - Enable/disable FortiAP split tunneling on the GUI. + type: str + choices: + - enable + - disable + gui_fortiextender_controller: + description: + - Enable/disable FortiExtender on the GUI. + type: str + choices: + - enable + - disable + gui_icap: + description: + - Enable/disable ICAP on the GUI. + type: str + choices: + - enable + - disable + gui_implicit_policy: + description: + - Enable/disable implicit firewall policies on the GUI. + type: str + choices: + - enable + - disable + gui_ips: + description: + - Enable/disable IPS on the GUI. + type: str + choices: + - enable + - disable + gui_load_balance: + description: + - Enable/disable server load balancing on the GUI. + type: str + choices: + - enable + - disable + gui_local_in_policy: + description: + - Enable/disable Local-In policies on the GUI. + type: str + choices: + - enable + - disable + gui_local_reports: + description: + - Enable/disable local reports on the GUI. + type: str + choices: + - enable + - disable + gui_multicast_policy: + description: + - Enable/disable multicast firewall policies on the GUI. + type: str + choices: + - enable + - disable + gui_multiple_interface_policy: + description: + - Enable/disable adding multiple interfaces to a policy on the GUI. + type: str + choices: + - enable + - disable + gui_multiple_utm_profiles: + description: + - Enable/disable multiple UTM profiles on the GUI. + type: str + choices: + - enable + - disable + gui_nat46_64: + description: + - Enable/disable NAT46 and NAT64 settings on the GUI. + type: str + choices: + - enable + - disable + gui_object_colors: + description: + - Enable/disable object colors on the GUI. + type: str + choices: + - enable + - disable + gui_policy_based_ipsec: + description: + - Enable/disable policy-based IPsec VPN on the GUI. + type: str + choices: + - enable + - disable + gui_policy_learning: + description: + - Enable/disable firewall policy learning mode on the GUI. + type: str + choices: + - enable + - disable + gui_replacement_message_groups: + description: + - Enable/disable replacement message groups on the GUI. + type: str + choices: + - enable + - disable + gui_spamfilter: + description: + - Enable/disable Antispam on the GUI. + type: str + choices: + - enable + - disable + gui_sslvpn_personal_bookmarks: + description: + - Enable/disable SSL-VPN personal bookmark management on the GUI. + type: str + choices: + - enable + - disable + gui_sslvpn_realms: + description: + - Enable/disable SSL-VPN realms on the GUI. + type: str + choices: + - enable + - disable + gui_switch_controller: + description: + - Enable/disable the switch controller on the GUI. + type: str + choices: + - enable + - disable + gui_threat_weight: + description: + - Enable/disable threat weight on the GUI. + type: str + choices: + - enable + - disable + gui_traffic_shaping: + description: + - Enable/disable traffic shaping on the GUI. + type: str + choices: + - enable + - disable + gui_voip_profile: + description: + - Enable/disable VoIP profiles on the GUI. + type: str + choices: + - enable + - disable + gui_vpn: + description: + - Enable/disable VPN tunnels on the GUI. + type: str + choices: + - enable + - disable + gui_waf_profile: + description: + - Enable/disable Web Application Firewall on the GUI. + type: str + choices: + - enable + - disable + gui_wan_load_balancing: + description: + - Enable/disable SD-WAN on the GUI. + type: str + choices: + - enable + - disable + gui_wanopt_cache: + description: + - Enable/disable WAN Optimization and Web Caching on the GUI. + type: str + choices: + - enable + - disable + gui_webfilter: + description: + - Enable/disable Web filtering on the GUI. + type: str + choices: + - enable + - disable + gui_webfilter_advanced: + description: + - Enable/disable advanced web filtering on the GUI. + type: str + choices: + - enable + - disable + gui_wireless_controller: + description: + - Enable/disable the wireless controller on the GUI. + type: str + choices: + - enable + - disable + http_external_dest: + description: + - Offload HTTP traffic to FortiWeb or FortiCache. + type: str + choices: + - fortiweb + - forticache + ike_dn_format: + description: + - Configure IKE ASN.1 Distinguished Name format conventions. + type: str + choices: + - with-space + - no-space + ike_quick_crash_detect: + description: + - Enable/disable IKE quick crash detection (RFC 6290). + type: str + choices: + - enable + - disable + ike_session_resume: + description: + - Enable/disable IKEv2 session resumption (RFC 5723). + type: str + choices: + - enable + - disable + implicit_allow_dns: + description: + - Enable/disable implicitly allowing DNS traffic. + type: str + choices: + - enable + - disable + inspection_mode: + description: + - Inspection mode (proxy-based or flow-based). + type: str + choices: + - proxy + - flow + ip: + description: + - IP address and netmask. + type: str + ip6: + description: + - IPv6 address prefix for NAT mode. + type: str + link_down_access: + description: + - Enable/disable link down access traffic. + type: str + choices: + - enable + - disable + lldp_transmission: + description: + - Enable/disable Link Layer Discovery Protocol (LLDP) for this VDOM or apply global settings to this VDOM. + type: str + choices: + - enable + - disable + - global + mac_ttl: + description: + - Duration of MAC addresses in Transparent mode (300 - 8640000 sec). + type: int + manageip: + description: + - Transparent mode IPv4 management IP address and netmask. + type: str + manageip6: + description: + - Transparent mode IPv6 management IP address and netmask. + type: str + multicast_forward: + description: + - Enable/disable multicast forwarding. + type: str + choices: + - enable + - disable + multicast_skip_policy: + description: + - Enable/disable allowing multicast traffic through the FortiGate without a policy check. + type: str + choices: + - enable + - disable + multicast_ttl_notchange: + description: + - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. + type: str + choices: + - enable + - disable + ngfw_mode: + description: + - Next Generation Firewall (NGFW) mode. + type: str + choices: + - profile-based + - policy-based + opmode: + description: + - Firewall operation mode (NAT or Transparent). + type: str + choices: + - nat + - transparent + sccp_port: + description: + - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535). + type: int + ses_denied_traffic: + description: + - Enable/disable including denied session in the session table. + type: str + choices: + - enable + - disable + sip_helper: + description: + - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway + (ALG). + type: str + choices: + - enable + - disable + sip_nat_trace: + description: + - Enable/disable recording the original SIP source IP address when NAT is used. + type: str + choices: + - enable + - disable + sip_ssl_port: + description: + - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535). + type: int + sip_tcp_port: + description: + - TCP port the SIP proxy monitors for SIP traffic (0 - 65535). + type: int + sip_udp_port: + description: + - UDP port the SIP proxy monitors for SIP traffic (0 - 65535). + type: int + snat_hairpin_traffic: + description: + - Enable/disable source NAT (SNAT) for hairpin traffic. + type: str + choices: + - enable + - disable + ssl_ssh_profile: + description: + - Profile for SSL/SSH inspection. Source firewall.ssl-ssh-profile.name. + type: str + status: + description: + - Enable/disable this VDOM. + type: str + choices: + - enable + - disable + strict_src_check: + description: + - Enable/disable strict source verification. + type: str + choices: + - enable + - disable + tcp_session_without_syn: + description: + - Enable/disable allowing TCP session without SYN flags. + type: str + choices: + - enable + - disable + utf8_spam_tagging: + description: + - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. + type: str + choices: + - enable + - disable + v4_ecmp_mode: + description: + - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. + type: str + choices: + - source-ip-based + - weight-based + - usage-based + - source-dest-ip-based + vpn_stats_log: + description: + - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. + type: str + choices: + - ipsec + - pptp + - l2tp + - ssl + vpn_stats_period: + description: + - Period to send VPN log statistics (60 - 86400 sec). + type: int + wccp_cache_engine: + description: + - Enable/disable WCCP cache engine. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VDOM settings. + fortios_system_settings: + vdom: "{{ vdom }}" + system_settings: + allow_subnet_overlap: "enable" + asymroute: "enable" + asymroute_icmp: "enable" + asymroute6: "enable" + asymroute6_icmp: "enable" + bfd: "enable" + bfd_desired_min_tx: "9" + bfd_detect_mult: "10" + bfd_dont_enforce_src_port: "enable" + bfd_required_min_rx: "12" + block_land_attack: "disable" + central_nat: "enable" + comments: "" + compliance_check: "enable" + default_voip_alg_mode: "proxy-based" + deny_tcp_with_icmp: "enable" + device: " (source system.interface.name)" + dhcp_proxy: "enable" + dhcp_server_ip: "" + dhcp6_server_ip: "" + discovered_device_timeout: "23" + ecmp_max_paths: "24" + email_portal_check_dns: "disable" + firewall_session_dirty: "check-all" + fw_session_hairpin: "enable" + gateway: "" + gateway6: "" + gui_advanced_policy: "enable" + gui_allow_unnamed_policy: "enable" + gui_antivirus: "enable" + gui_ap_profile: "enable" + gui_application_control: "enable" + gui_default_policy_columns: + - + name: "default_name_36" + gui_dhcp_advanced: "enable" + gui_dlp: "enable" + gui_dns_database: "enable" + gui_dnsfilter: "enable" + gui_domain_ip_reputation: "enable" + gui_dos_policy: "enable" + gui_dynamic_profile_display: "enable" + gui_dynamic_routing: "enable" + gui_email_collection: "enable" + gui_endpoint_control: "enable" + gui_endpoint_control_advanced: "enable" + gui_explicit_proxy: "enable" + gui_fortiap_split_tunneling: "enable" + gui_fortiextender_controller: "enable" + gui_icap: "enable" + gui_implicit_policy: "enable" + gui_ips: "enable" + gui_load_balance: "enable" + gui_local_in_policy: "enable" + gui_local_reports: "enable" + gui_multicast_policy: "enable" + gui_multiple_interface_policy: "enable" + gui_multiple_utm_profiles: "enable" + gui_nat46_64: "enable" + gui_object_colors: "enable" + gui_policy_based_ipsec: "enable" + gui_policy_learning: "enable" + gui_replacement_message_groups: "enable" + gui_spamfilter: "enable" + gui_sslvpn_personal_bookmarks: "enable" + gui_sslvpn_realms: "enable" + gui_switch_controller: "enable" + gui_threat_weight: "enable" + gui_traffic_shaping: "enable" + gui_voip_profile: "enable" + gui_vpn: "enable" + gui_waf_profile: "enable" + gui_wan_load_balancing: "enable" + gui_wanopt_cache: "enable" + gui_webfilter: "enable" + gui_webfilter_advanced: "enable" + gui_wireless_controller: "enable" + http_external_dest: "fortiweb" + ike_dn_format: "with-space" + ike_quick_crash_detect: "enable" + ike_session_resume: "enable" + implicit_allow_dns: "enable" + inspection_mode: "proxy" + ip: "" + ip6: "" + link_down_access: "enable" + lldp_transmission: "enable" + mac_ttl: "89" + manageip: "" + manageip6: "" + multicast_forward: "enable" + multicast_skip_policy: "enable" + multicast_ttl_notchange: "enable" + ngfw_mode: "profile-based" + opmode: "nat" + sccp_port: "97" + ses_denied_traffic: "enable" + sip_helper: "enable" + sip_nat_trace: "enable" + sip_ssl_port: "101" + sip_tcp_port: "102" + sip_udp_port: "103" + snat_hairpin_traffic: "enable" + ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" + status: "enable" + strict_src_check: "enable" + tcp_session_without_syn: "enable" + utf8_spam_tagging: "enable" + v4_ecmp_mode: "source-ip-based" + vpn_stats_log: "ipsec" + vpn_stats_period: "112" + wccp_cache_engine: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_settings_data(json): + option_list = ['allow_subnet_overlap', 'asymroute', 'asymroute_icmp', + 'asymroute6', 'asymroute6_icmp', 'bfd', + 'bfd_desired_min_tx', 'bfd_detect_mult', 'bfd_dont_enforce_src_port', + 'bfd_required_min_rx', 'block_land_attack', 'central_nat', + 'comments', 'compliance_check', 'default_voip_alg_mode', + 'deny_tcp_with_icmp', 'device', 'dhcp_proxy', + 'dhcp_server_ip', 'dhcp6_server_ip', 'discovered_device_timeout', + 'ecmp_max_paths', 'email_portal_check_dns', 'firewall_session_dirty', + 'fw_session_hairpin', 'gateway', 'gateway6', + 'gui_advanced_policy', 'gui_allow_unnamed_policy', 'gui_antivirus', + 'gui_ap_profile', 'gui_application_control', 'gui_default_policy_columns', + 'gui_dhcp_advanced', 'gui_dlp', 'gui_dns_database', + 'gui_dnsfilter', 'gui_domain_ip_reputation', 'gui_dos_policy', + 'gui_dynamic_profile_display', 'gui_dynamic_routing', 'gui_email_collection', + 'gui_endpoint_control', 'gui_endpoint_control_advanced', 'gui_explicit_proxy', + 'gui_fortiap_split_tunneling', 'gui_fortiextender_controller', 'gui_icap', + 'gui_implicit_policy', 'gui_ips', 'gui_load_balance', + 'gui_local_in_policy', 'gui_local_reports', 'gui_multicast_policy', + 'gui_multiple_interface_policy', 'gui_multiple_utm_profiles', 'gui_nat46_64', + 'gui_object_colors', 'gui_policy_based_ipsec', 'gui_policy_learning', + 'gui_replacement_message_groups', 'gui_spamfilter', 'gui_sslvpn_personal_bookmarks', + 'gui_sslvpn_realms', 'gui_switch_controller', 'gui_threat_weight', + 'gui_traffic_shaping', 'gui_voip_profile', 'gui_vpn', + 'gui_waf_profile', 'gui_wan_load_balancing', 'gui_wanopt_cache', + 'gui_webfilter', 'gui_webfilter_advanced', 'gui_wireless_controller', + 'http_external_dest', 'ike_dn_format', 'ike_quick_crash_detect', + 'ike_session_resume', 'implicit_allow_dns', 'inspection_mode', + 'ip', 'ip6', 'link_down_access', + 'lldp_transmission', 'mac_ttl', 'manageip', + 'manageip6', 'multicast_forward', 'multicast_skip_policy', + 'multicast_ttl_notchange', 'ngfw_mode', 'opmode', + 'sccp_port', 'ses_denied_traffic', 'sip_helper', + 'sip_nat_trace', 'sip_ssl_port', 'sip_tcp_port', + 'sip_udp_port', 'snat_hairpin_traffic', 'ssl_ssh_profile', + 'status', 'strict_src_check', 'tcp_session_without_syn', + 'utf8_spam_tagging', 'v4_ecmp_mode', 'vpn_stats_log', + 'vpn_stats_period', 'wccp_cache_engine'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_settings(data, fos): + vdom = data['vdom'] + system_settings_data = data['system_settings'] + filtered_data = underscore_to_hyphen(filter_system_settings_data(system_settings_data)) + + return fos.set('system', + 'settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_settings']: + resp = system_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "allow_subnet_overlap": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "asymroute": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "asymroute_icmp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "asymroute6": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "asymroute6_icmp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bfd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bfd_desired_min_tx": {"required": False, "type": "int"}, + "bfd_detect_mult": {"required": False, "type": "int"}, + "bfd_dont_enforce_src_port": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bfd_required_min_rx": {"required": False, "type": "int"}, + "block_land_attack": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "central_nat": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comments": {"required": False, "type": "str"}, + "compliance_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_voip_alg_mode": {"required": False, "type": "str", + "choices": ["proxy-based", + "kernel-helper-based"]}, + "deny_tcp_with_icmp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "device": {"required": False, "type": "str"}, + "dhcp_proxy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp_server_ip": {"required": False, "type": "str"}, + "dhcp6_server_ip": {"required": False, "type": "str"}, + "discovered_device_timeout": {"required": False, "type": "int"}, + "ecmp_max_paths": {"required": False, "type": "int"}, + "email_portal_check_dns": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "firewall_session_dirty": {"required": False, "type": "str", + "choices": ["check-all", + "check-new", + "check-policy-option"]}, + "fw_session_hairpin": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gateway": {"required": False, "type": "str"}, + "gateway6": {"required": False, "type": "str"}, + "gui_advanced_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_allow_unnamed_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_antivirus": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_ap_profile": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_application_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_default_policy_columns": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "gui_dhcp_advanced": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_dlp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_dns_database": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_dnsfilter": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_domain_ip_reputation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_dos_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_dynamic_profile_display": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_dynamic_routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_email_collection": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_endpoint_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_endpoint_control_advanced": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_explicit_proxy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_fortiap_split_tunneling": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_fortiextender_controller": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_icap": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_implicit_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_ips": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_load_balance": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_local_in_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_local_reports": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_multicast_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_multiple_interface_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_multiple_utm_profiles": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_nat46_64": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_object_colors": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_policy_based_ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_policy_learning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_replacement_message_groups": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_spamfilter": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_sslvpn_personal_bookmarks": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_sslvpn_realms": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_switch_controller": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_threat_weight": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_traffic_shaping": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_voip_profile": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_vpn": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_waf_profile": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_wan_load_balancing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_wanopt_cache": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_webfilter": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_webfilter_advanced": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gui_wireless_controller": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "http_external_dest": {"required": False, "type": "str", + "choices": ["fortiweb", + "forticache"]}, + "ike_dn_format": {"required": False, "type": "str", + "choices": ["with-space", + "no-space"]}, + "ike_quick_crash_detect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ike_session_resume": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "implicit_allow_dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "inspection_mode": {"required": False, "type": "str", + "choices": ["proxy", + "flow"]}, + "ip": {"required": False, "type": "str"}, + "ip6": {"required": False, "type": "str"}, + "link_down_access": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "lldp_transmission": {"required": False, "type": "str", + "choices": ["enable", + "disable", + "global"]}, + "mac_ttl": {"required": False, "type": "int"}, + "manageip": {"required": False, "type": "str"}, + "manageip6": {"required": False, "type": "str"}, + "multicast_forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_skip_policy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_ttl_notchange": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ngfw_mode": {"required": False, "type": "str", + "choices": ["profile-based", + "policy-based"]}, + "opmode": {"required": False, "type": "str", + "choices": ["nat", + "transparent"]}, + "sccp_port": {"required": False, "type": "int"}, + "ses_denied_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sip_helper": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sip_nat_trace": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sip_ssl_port": {"required": False, "type": "int"}, + "sip_tcp_port": {"required": False, "type": "int"}, + "sip_udp_port": {"required": False, "type": "int"}, + "snat_hairpin_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_ssh_profile": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strict_src_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tcp_session_without_syn": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "utf8_spam_tagging": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "v4_ecmp_mode": {"required": False, "type": "str", + "choices": ["source-ip-based", + "weight-based", + "usage-based", + "source-dest-ip-based"]}, + "vpn_stats_log": {"required": False, "type": "str", + "choices": ["ipsec", + "pptp", + "l2tp", + "ssl"]}, + "vpn_stats_period": {"required": False, "type": "int"}, + "wccp_cache_engine": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sflow.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sflow.py new file mode 100644 index 00000000..426c5ba2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sflow.py @@ -0,0 +1,271 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_sflow +short_description: Configure sFlow in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and sflow category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_sflow: + description: + - Configure sFlow. + default: null + type: dict + suboptions: + collector_ip: + description: + - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . + type: str + collector_port: + description: + - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - + 65535). + type: int + source_ip: + description: + - Source IP address for sFlow agent. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure sFlow. + fortios_system_sflow: + vdom: "{{ vdom }}" + system_sflow: + collector_ip: "" + collector_port: "4" + source_ip: "84.230.14.43" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_sflow_data(json): + option_list = ['collector_ip', 'collector_port', 'source_ip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_sflow(data, fos): + vdom = data['vdom'] + system_sflow_data = data['system_sflow'] + filtered_data = underscore_to_hyphen(filter_system_sflow_data(system_sflow_data)) + + return fos.set('system', + 'sflow', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_sflow']: + resp = system_sflow(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_sflow')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_sflow": { + "required": False, "type": "dict", "default": None, + "options": { + "collector_ip": {"required": False, "type": "str"}, + "collector_port": {"required": False, "type": "int"}, + "source_ip": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sit_tunnel.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sit_tunnel.py new file mode 100644 index 00000000..d7defd5b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sit_tunnel.py @@ -0,0 +1,306 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_sit_tunnel +short_description: Configure IPv6 tunnel over IPv4 in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and sit_tunnel category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_sit_tunnel: + description: + - Configure IPv6 tunnel over IPv4. + default: null + type: dict + suboptions: + destination: + description: + - Destination IP address of the tunnel. + type: str + interface: + description: + - Interface name. Source system.interface.name. + type: str + ip6: + description: + - IPv6 address of the tunnel. + type: str + name: + description: + - Tunnel name. + required: true + type: str + source: + description: + - Source IP address of the tunnel. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPv6 tunnel over IPv4. + fortios_system_sit_tunnel: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sit_tunnel: + destination: "" + interface: " (source system.interface.name)" + ip6: "" + name: "default_name_6" + source: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_sit_tunnel_data(json): + option_list = ['destination', 'interface', 'ip6', + 'name', 'source'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_sit_tunnel(data, fos): + vdom = data['vdom'] + state = data['state'] + system_sit_tunnel_data = data['system_sit_tunnel'] + filtered_data = underscore_to_hyphen(filter_system_sit_tunnel_data(system_sit_tunnel_data)) + + if state == "present": + return fos.set('system', + 'sit-tunnel', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'sit-tunnel', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_sit_tunnel']: + resp = system_sit_tunnel(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_sit_tunnel')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_sit_tunnel": { + "required": False, "type": "dict", "default": None, + "options": { + "destination": {"required": False, "type": "str"}, + "interface": {"required": False, "type": "str"}, + "ip6": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "source": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sms_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sms_server.py new file mode 100644 index 00000000..7c9fb8f6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_sms_server.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_sms_server +short_description: Configure SMS server for sending SMS messages to support user authentication in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and sms_server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_sms_server: + description: + - Configure SMS server for sending SMS messages to support user authentication. + default: null + type: dict + suboptions: + mail_server: + description: + - Email-to-SMS server domain name. + type: str + name: + description: + - Name of SMS server. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SMS server for sending SMS messages to support user authentication. + fortios_system_sms_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_sms_server: + mail_server: "" + name: "default_name_4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_sms_server_data(json): + option_list = ['mail_server', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_sms_server(data, fos): + vdom = data['vdom'] + state = data['state'] + system_sms_server_data = data['system_sms_server'] + filtered_data = underscore_to_hyphen(filter_system_sms_server_data(system_sms_server_data)) + + if state == "present": + return fos.set('system', + 'sms-server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'sms-server', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_sms_server']: + resp = system_sms_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_sms_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_sms_server": { + "required": False, "type": "dict", "default": None, + "options": { + "mail_server": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_community.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_community.py new file mode 100644 index 00000000..2d65e0d1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_community.py @@ -0,0 +1,582 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_snmp_community +short_description: SNMP community configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_snmp feature and community category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_snmp_community: + description: + - SNMP community configuration. + default: null + type: dict + suboptions: + events: + description: + - SNMP trap events. + type: list + choices: + - cpu-high + - mem-low + - log-full + - intf-ip + - vpn-tun-up + - vpn-tun-down + - ha-switch + - ha-hb-failure + - ips-signature + - ips-anomaly + - av-virus + - av-oversize + - av-pattern + - av-fragmented + - fm-if-change + - fm-conf-change + - bgp-established + - bgp-backward-transition + - ha-member-up + - ha-member-down + - ent-conf-change + - av-conserve + - av-bypass + - av-oversize-passed + - av-oversize-blocked + - ips-pkg-update + - ips-fail-open + - faz-disconnect + - wc-ap-up + - wc-ap-down + - fswctl-session-up + - fswctl-session-down + - load-balance-real-server-down + - device-new + - per-cpu-high + hosts: + description: + - Configure IPv4 SNMP managers (hosts). + type: list + suboptions: + ha_direct: + description: + - Enable/disable direct management of HA cluster members. + type: str + choices: + - enable + - disable + host_type: + description: + - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. + type: str + choices: + - any + - query + - trap + id: + description: + - Host entry ID. + required: true + type: int + ip: + description: + - IPv4 address of the SNMP manager (host). + type: str + source_ip: + description: + - Source IPv4 address for SNMP traps. + type: str + hosts6: + description: + - Configure IPv6 SNMP managers. + type: list + suboptions: + ha_direct: + description: + - Enable/disable direct management of HA cluster members. + type: str + choices: + - enable + - disable + host_type: + description: + - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. + type: str + choices: + - any + - query + - trap + id: + description: + - Host6 entry ID. + required: true + type: int + ipv6: + description: + - SNMP manager IPv6 address prefix. + type: str + source_ipv6: + description: + - Source IPv6 address for SNMP traps. + type: str + id: + description: + - Community ID. + required: true + type: int + name: + description: + - Community name. + type: str + query_v1_port: + description: + - SNMP v1 query port . + type: int + query_v1_status: + description: + - Enable/disable SNMP v1 queries. + type: str + choices: + - enable + - disable + query_v2c_port: + description: + - SNMP v2c query port . + type: int + query_v2c_status: + description: + - Enable/disable SNMP v2c queries. + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable this SNMP community. + type: str + choices: + - enable + - disable + trap_v1_lport: + description: + - SNMP v1 trap local port . + type: int + trap_v1_rport: + description: + - SNMP v1 trap remote port . + type: int + trap_v1_status: + description: + - Enable/disable SNMP v1 traps. + type: str + choices: + - enable + - disable + trap_v2c_lport: + description: + - SNMP v2c trap local port . + type: int + trap_v2c_rport: + description: + - SNMP v2c trap remote port . + type: int + trap_v2c_status: + description: + - Enable/disable SNMP v2c traps. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SNMP community configuration. + fortios_system_snmp_community: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_snmp_community: + events: "cpu-high" + hosts: + - + ha_direct: "enable" + host_type: "any" + id: "7" + ip: "" + source_ip: "84.230.14.43" + hosts6: + - + ha_direct: "enable" + host_type: "any" + id: "13" + ipv6: "" + source_ipv6: "" + id: "16" + name: "default_name_17" + query_v1_port: "18" + query_v1_status: "enable" + query_v2c_port: "20" + query_v2c_status: "enable" + status: "enable" + trap_v1_lport: "23" + trap_v1_rport: "24" + trap_v1_status: "enable" + trap_v2c_lport: "26" + trap_v2c_rport: "27" + trap_v2c_status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_snmp_community_data(json): + option_list = ['events', 'hosts', 'hosts6', + 'id', 'name', 'query_v1_port', + 'query_v1_status', 'query_v2c_port', 'query_v2c_status', + 'status', 'trap_v1_lport', 'trap_v1_rport', + 'trap_v1_status', 'trap_v2c_lport', 'trap_v2c_rport', + 'trap_v2c_status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'events']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_snmp_community(data, fos): + vdom = data['vdom'] + state = data['state'] + system_snmp_community_data = data['system_snmp_community'] + system_snmp_community_data = flatten_multilists_attributes(system_snmp_community_data) + filtered_data = underscore_to_hyphen(filter_system_snmp_community_data(system_snmp_community_data)) + + if state == "present": + return fos.set('system.snmp', + 'community', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.snmp', + 'community', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_snmp(data, fos): + + if data['system_snmp_community']: + resp = system_snmp_community(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_snmp_community')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_snmp_community": { + "required": False, "type": "dict", "default": None, + "options": { + "events": {"required": False, "type": "list", + "choices": ["cpu-high", + "mem-low", + "log-full", + "intf-ip", + "vpn-tun-up", + "vpn-tun-down", + "ha-switch", + "ha-hb-failure", + "ips-signature", + "ips-anomaly", + "av-virus", + "av-oversize", + "av-pattern", + "av-fragmented", + "fm-if-change", + "fm-conf-change", + "bgp-established", + "bgp-backward-transition", + "ha-member-up", + "ha-member-down", + "ent-conf-change", + "av-conserve", + "av-bypass", + "av-oversize-passed", + "av-oversize-blocked", + "ips-pkg-update", + "ips-fail-open", + "faz-disconnect", + "wc-ap-up", + "wc-ap-down", + "fswctl-session-up", + "fswctl-session-down", + "load-balance-real-server-down", + "device-new", + "per-cpu-high"]}, + "hosts": {"required": False, "type": "list", + "options": { + "ha_direct": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "host_type": {"required": False, "type": "str", + "choices": ["any", + "query", + "trap"]}, + "id": {"required": True, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"} + }}, + "hosts6": {"required": False, "type": "list", + "options": { + "ha_direct": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "host_type": {"required": False, "type": "str", + "choices": ["any", + "query", + "trap"]}, + "id": {"required": True, "type": "int"}, + "ipv6": {"required": False, "type": "str"}, + "source_ipv6": {"required": False, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"}, + "query_v1_port": {"required": False, "type": "int"}, + "query_v1_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "query_v2c_port": {"required": False, "type": "int"}, + "query_v2c_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trap_v1_lport": {"required": False, "type": "int"}, + "trap_v1_rport": {"required": False, "type": "int"}, + "trap_v1_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trap_v2c_lport": {"required": False, "type": "int"}, + "trap_v2c_rport": {"required": False, "type": "int"}, + "trap_v2c_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_snmp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_sysinfo.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_sysinfo.py new file mode 100644 index 00000000..52183fa4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_sysinfo.py @@ -0,0 +1,307 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_snmp_sysinfo +short_description: SNMP system info configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_snmp feature and sysinfo category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_snmp_sysinfo: + description: + - SNMP system info configuration. + default: null + type: dict + suboptions: + contact_info: + description: + - Contact information. + type: str + description: + description: + - System description. + type: str + engine_id: + description: + - Local SNMP engineID string (maximum 24 characters). + type: str + location: + description: + - System location. + type: str + status: + description: + - Enable/disable SNMP. + type: str + choices: + - enable + - disable + trap_high_cpu_threshold: + description: + - CPU usage when trap is sent. + type: int + trap_log_full_threshold: + description: + - Log disk usage when trap is sent. + type: int + trap_low_memory_threshold: + description: + - Memory usage when trap is sent. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SNMP system info configuration. + fortios_system_snmp_sysinfo: + vdom: "{{ vdom }}" + system_snmp_sysinfo: + contact_info: "" + description: "" + engine_id: "" + location: "" + status: "enable" + trap_high_cpu_threshold: "8" + trap_log_full_threshold: "9" + trap_low_memory_threshold: "10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_snmp_sysinfo_data(json): + option_list = ['contact_info', 'description', 'engine_id', + 'location', 'status', 'trap_high_cpu_threshold', + 'trap_log_full_threshold', 'trap_low_memory_threshold'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_snmp_sysinfo(data, fos): + vdom = data['vdom'] + system_snmp_sysinfo_data = data['system_snmp_sysinfo'] + filtered_data = underscore_to_hyphen(filter_system_snmp_sysinfo_data(system_snmp_sysinfo_data)) + + return fos.set('system.snmp', + 'sysinfo', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_snmp(data, fos): + + if data['system_snmp_sysinfo']: + resp = system_snmp_sysinfo(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_snmp_sysinfo')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_snmp_sysinfo": { + "required": False, "type": "dict", "default": None, + "options": { + "contact_info": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "engine_id": {"required": False, "type": "str"}, + "location": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trap_high_cpu_threshold": {"required": False, "type": "int"}, + "trap_log_full_threshold": {"required": False, "type": "int"}, + "trap_low_memory_threshold": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_snmp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_user.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_user.py new file mode 100644 index 00000000..f913071a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_snmp_user.py @@ -0,0 +1,516 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_snmp_user +short_description: SNMP user configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system_snmp feature and user category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_snmp_user: + description: + - SNMP user configuration. + default: null + type: dict + suboptions: + auth_proto: + description: + - Authentication protocol. + type: str + choices: + - md5 + - sha + auth_pwd: + description: + - Password for authentication protocol. + type: str + events: + description: + - SNMP notifications (traps) to send. + type: list + choices: + - cpu-high + - mem-low + - log-full + - intf-ip + - vpn-tun-up + - vpn-tun-down + - ha-switch + - ha-hb-failure + - ips-signature + - ips-anomaly + - av-virus + - av-oversize + - av-pattern + - av-fragmented + - fm-if-change + - fm-conf-change + - bgp-established + - bgp-backward-transition + - ha-member-up + - ha-member-down + - ent-conf-change + - av-conserve + - av-bypass + - av-oversize-passed + - av-oversize-blocked + - ips-pkg-update + - ips-fail-open + - faz-disconnect + - wc-ap-up + - wc-ap-down + - fswctl-session-up + - fswctl-session-down + - load-balance-real-server-down + - device-new + - per-cpu-high + ha_direct: + description: + - Enable/disable direct management of HA cluster members. + type: str + choices: + - enable + - disable + name: + description: + - SNMP user name. + required: true + type: str + notify_hosts: + description: + - SNMP managers to send notifications (traps) to. + type: list + notify_hosts6: + description: + - IPv6 SNMP managers to send notifications (traps) to. + type: list + priv_proto: + description: + - Privacy (encryption) protocol. + type: str + choices: + - aes + - des + - aes256 + - aes256cisco + priv_pwd: + description: + - Password for privacy (encryption) protocol. + type: str + queries: + description: + - Enable/disable SNMP queries for this user. + type: str + choices: + - enable + - disable + query_port: + description: + - SNMPv3 query port . + type: int + security_level: + description: + - Security level for message authentication and encryption. + type: str + choices: + - no-auth-no-priv + - auth-no-priv + - auth-priv + source_ip: + description: + - Source IP for SNMP trap. + type: str + source_ipv6: + description: + - Source IPv6 for SNMP trap. + type: str + status: + description: + - Enable/disable this SNMP user. + type: str + choices: + - enable + - disable + trap_lport: + description: + - SNMPv3 local trap port . + type: int + trap_rport: + description: + - SNMPv3 trap remote port . + type: int + trap_status: + description: + - Enable/disable traps for this SNMP user. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SNMP user configuration. + fortios_system_snmp_user: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_snmp_user: + auth_proto: "md5" + auth_pwd: "" + events: "cpu-high" + ha_direct: "enable" + name: "default_name_7" + notify_hosts: "" + notify_hosts6: "" + priv_proto: "aes" + priv_pwd: "" + queries: "enable" + query_port: "13" + security_level: "no-auth-no-priv" + source_ip: "84.230.14.43" + source_ipv6: "" + status: "enable" + trap_lport: "18" + trap_rport: "19" + trap_status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_snmp_user_data(json): + option_list = ['auth_proto', 'auth_pwd', 'events', + 'ha_direct', 'name', 'notify_hosts', + 'notify_hosts6', 'priv_proto', 'priv_pwd', + 'queries', 'query_port', 'security_level', + 'source_ip', 'source_ipv6', 'status', + 'trap_lport', 'trap_rport', 'trap_status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'events'], [u'notify_hosts'], [u'notify_hosts6']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_snmp_user(data, fos): + vdom = data['vdom'] + state = data['state'] + system_snmp_user_data = data['system_snmp_user'] + system_snmp_user_data = flatten_multilists_attributes(system_snmp_user_data) + filtered_data = underscore_to_hyphen(filter_system_snmp_user_data(system_snmp_user_data)) + + if state == "present": + return fos.set('system.snmp', + 'user', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system.snmp', + 'user', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system_snmp(data, fos): + + if data['system_snmp_user']: + resp = system_snmp_user(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_snmp_user')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_snmp_user": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_proto": {"required": False, "type": "str", + "choices": ["md5", + "sha"]}, + "auth_pwd": {"required": False, "type": "str"}, + "events": {"required": False, "type": "list", + "choices": ["cpu-high", + "mem-low", + "log-full", + "intf-ip", + "vpn-tun-up", + "vpn-tun-down", + "ha-switch", + "ha-hb-failure", + "ips-signature", + "ips-anomaly", + "av-virus", + "av-oversize", + "av-pattern", + "av-fragmented", + "fm-if-change", + "fm-conf-change", + "bgp-established", + "bgp-backward-transition", + "ha-member-up", + "ha-member-down", + "ent-conf-change", + "av-conserve", + "av-bypass", + "av-oversize-passed", + "av-oversize-blocked", + "ips-pkg-update", + "ips-fail-open", + "faz-disconnect", + "wc-ap-up", + "wc-ap-down", + "fswctl-session-up", + "fswctl-session-down", + "load-balance-real-server-down", + "device-new", + "per-cpu-high"]}, + "ha_direct": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "notify_hosts": {"required": False, "type": "list"}, + "notify_hosts6": {"required": False, "type": "list"}, + "priv_proto": {"required": False, "type": "str", + "choices": ["aes", + "des", + "aes256", + "aes256cisco"]}, + "priv_pwd": {"required": False, "type": "str"}, + "queries": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "query_port": {"required": False, "type": "int"}, + "security_level": {"required": False, "type": "str", + "choices": ["no-auth-no-priv", + "auth-no-priv", + "auth-priv"]}, + "source_ip": {"required": False, "type": "str"}, + "source_ipv6": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trap_lport": {"required": False, "type": "int"}, + "trap_rport": {"required": False, "type": "int"}, + "trap_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system_snmp(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_storage.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_storage.py new file mode 100644 index 00000000..9df6b2b6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_storage.py @@ -0,0 +1,355 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_storage +short_description: Configure logical storage in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and storage category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_storage: + description: + - Configure logical storage. + default: null + type: dict + suboptions: + device: + description: + - Partition device. + type: str + media_status: + description: + - The physical status of current media. + type: str + choices: + - enable + - disable + - fail + name: + description: + - Storage name. + required: true + type: str + order: + description: + - Set storage order. + type: int + partition: + description: + - Label of underlying partition. + type: str + size: + description: + - Partition size. + type: int + status: + description: + - Enable/disable storage. + type: str + choices: + - enable + - disable + usage: + description: + - Use hard disk for logging and WAN Optimization. + type: str + choices: + - mix + - wanopt + wanopt_mode: + description: + - WAN Optimization mode . + type: str + choices: + - mix + - wanopt + - webcache +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure logical storage. + fortios_system_storage: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_storage: + device: "" + media_status: "enable" + name: "default_name_5" + order: "6" + partition: "" + size: "8" + status: "enable" + usage: "mix" + wanopt_mode: "mix" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_storage_data(json): + option_list = ['device', 'media_status', 'name', + 'order', 'partition', 'size', + 'status', 'usage', 'wanopt_mode'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_storage(data, fos): + vdom = data['vdom'] + state = data['state'] + system_storage_data = data['system_storage'] + filtered_data = underscore_to_hyphen(filter_system_storage_data(system_storage_data)) + + if state == "present": + return fos.set('system', + 'storage', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'storage', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_storage']: + resp = system_storage(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_storage')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_storage": { + "required": False, "type": "dict", "default": None, + "options": { + "device": {"required": False, "type": "str"}, + "media_status": {"required": False, "type": "str", + "choices": ["enable", + "disable", + "fail"]}, + "name": {"required": True, "type": "str"}, + "order": {"required": False, "type": "int"}, + "partition": {"required": False, "type": "str"}, + "size": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "usage": {"required": False, "type": "str", + "choices": ["mix", + "wanopt"]}, + "wanopt_mode": {"required": False, "type": "str", + "choices": ["mix", + "wanopt", + "webcache"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_stp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_stp.py new file mode 100644 index 00000000..99bc1572 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_stp.py @@ -0,0 +1,334 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_stp +short_description: Configure Spanning Tree Protocol (STP) in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and stp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_stp: + description: + - Configure Spanning Tree Protocol (STP). + default: null + type: dict + suboptions: + config_revision: + description: + - STP configuration revision (0 - 4294967295). + type: int + forward_delay: + description: + - Forward delay (4 - 30 sec). + type: int + hello_time: + description: + - Hello time (1 - 10 sec). + type: int + max_age: + description: + - Maximum packet age (6 - 40 sec). + type: int + max_hops: + description: + - Maximum number of hops (1 - 40). + type: int + region_name: + description: + - Set region name. + type: str + status: + description: + - Enable/disable STP settings. + type: str + switch_priority: + description: + - STP switch priority; the lower the number the higher the priority (select from 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, + 36864, 40960, 45056, 49152, 53248, and 57344). + type: str + choices: + - 0 + - 4096 + - 8192 + - 12288 + - 16384 + - 20480 + - 24576 + - 28672 + - 32768 + - 36864 + - 40960 + - 45056 + - 49152 + - 53248 + - 57344 +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Spanning Tree Protocol (STP). + fortios_system_stp: + vdom: "{{ vdom }}" + system_stp: + config_revision: "3" + forward_delay: "4" + hello_time: "5" + max_age: "6" + max_hops: "7" + region_name: "" + status: "" + switch_priority: "0" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_stp_data(json): + option_list = ['config_revision', 'forward_delay', 'hello_time', + 'max_age', 'max_hops', 'region_name', + 'status', 'switch_priority'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_stp(data, fos): + vdom = data['vdom'] + system_stp_data = data['system_stp'] + filtered_data = underscore_to_hyphen(filter_system_stp_data(system_stp_data)) + + return fos.set('system', + 'stp', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_stp']: + resp = system_stp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_stp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_stp": { + "required": False, "type": "dict", "default": None, + "options": { + "config_revision": {"required": False, "type": "int"}, + "forward_delay": {"required": False, "type": "int"}, + "hello_time": {"required": False, "type": "int"}, + "max_age": {"required": False, "type": "int"}, + "max_hops": {"required": False, "type": "int"}, + "region_name": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str"}, + "switch_priority": {"required": False, "type": "str", + "choices": ["0", + "4096", + "8192", + "12288", + "16384", + "20480", + "24576", + "28672", + "32768", + "36864", + "40960", + "45056", + "49152", + "53248", + "57344"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_switch_interface.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_switch_interface.py new file mode 100644 index 00000000..633aa508 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_switch_interface.py @@ -0,0 +1,373 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_switch_interface +short_description: Configure software switch interfaces by grouping physical and WiFi interfaces in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and switch_interface category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_switch_interface: + description: + - Configure software switch interfaces by grouping physical and WiFi interfaces. + default: null + type: dict + suboptions: + intra_switch_policy: + description: + - Allow any traffic between switch interfaces or require firewall policies to allow traffic between switch interfaces. + type: str + choices: + - implicit + - explicit + member: + description: + - Names of the interfaces that belong to the virtual switch. + type: list + suboptions: + interface_name: + description: + - Physical interface name. Source system.interface.name. + type: str + name: + description: + - Interface name (name cannot be in use by any other interfaces, VLANs, or inter-VDOM links). + required: true + type: str + span: + description: + - Enable/disable port spanning. Port spanning echoes traffic received by the software switch to the span destination port. + type: str + choices: + - disable + - enable + span_dest_port: + description: + - SPAN destination port name. All traffic on the SPAN source ports is echoed to the SPAN destination port. Source system.interface.name. + type: str + span_direction: + description: + - 'The direction in which the SPAN port operates, either: rx, tx, or both.' + type: str + choices: + - rx + - tx + - both + span_source_port: + description: + - Physical interface name. Port spanning echoes all traffic on the SPAN source ports to the SPAN destination port. + type: list + suboptions: + interface_name: + description: + - Physical interface name. Source system.interface.name. + type: str + type: + description: + - 'Type of switch based on functionality: switch for normal functionality, or hub to duplicate packets to all port members.' + type: str + choices: + - switch + - hub + vdom: + description: + - VDOM that the software switch belongs to. Source system.vdom.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure software switch interfaces by grouping physical and WiFi interfaces. + fortios_system_switch_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_switch_interface: + intra_switch_policy: "implicit" + member: + - + interface_name: " (source system.interface.name)" + name: "default_name_6" + span: "disable" + span_dest_port: " (source system.interface.name)" + span_direction: "rx" + span_source_port: + - + interface_name: " (source system.interface.name)" + type: "switch" + vdom: " (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_switch_interface_data(json): + option_list = ['intra_switch_policy', 'member', 'name', + 'span', 'span_dest_port', 'span_direction', + 'span_source_port', 'type', 'vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_switch_interface(data, fos): + vdom = data['vdom'] + state = data['state'] + system_switch_interface_data = data['system_switch_interface'] + filtered_data = underscore_to_hyphen(filter_system_switch_interface_data(system_switch_interface_data)) + + if state == "present": + return fos.set('system', + 'switch-interface', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'switch-interface', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_switch_interface']: + resp = system_switch_interface(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_switch_interface')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_switch_interface": { + "required": False, "type": "dict", "default": None, + "options": { + "intra_switch_policy": {"required": False, "type": "str", + "choices": ["implicit", + "explicit"]}, + "member": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "span": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "span_dest_port": {"required": False, "type": "str"}, + "span_direction": {"required": False, "type": "str", + "choices": ["rx", + "tx", + "both"]}, + "span_source_port": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "type": {"required": False, "type": "str", + "choices": ["switch", + "hub"]}, + "vdom": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_tos_based_priority.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_tos_based_priority.py new file mode 100644 index 00000000..1db463e3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_tos_based_priority.py @@ -0,0 +1,301 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_tos_based_priority +short_description: Configure Type of Service (ToS) based priority table to set network traffic priorities in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and tos_based_priority category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_tos_based_priority: + description: + - Configure Type of Service (ToS) based priority table to set network traffic priorities. + default: null + type: dict + suboptions: + id: + description: + - Item ID. + required: true + type: int + priority: + description: + - ToS based priority level to low, medium or high (these priorities match firewall traffic shaping priorities) . + type: str + choices: + - low + - medium + - high + tos: + description: + - 'Value of the ToS byte in the IP datagram header (0-15, 8: minimize delay, 4: maximize throughput, 2: maximize reliability, 1: minimize + monetary cost, and 0: ).' + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Type of Service (ToS) based priority table to set network traffic priorities. + fortios_system_tos_based_priority: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_tos_based_priority: + id: "3" + priority: "low" + tos: "5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_tos_based_priority_data(json): + option_list = ['id', 'priority', 'tos'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_tos_based_priority(data, fos): + vdom = data['vdom'] + state = data['state'] + system_tos_based_priority_data = data['system_tos_based_priority'] + filtered_data = underscore_to_hyphen(filter_system_tos_based_priority_data(system_tos_based_priority_data)) + + if state == "present": + return fos.set('system', + 'tos-based-priority', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'tos-based-priority', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_tos_based_priority']: + resp = system_tos_based_priority(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_tos_based_priority')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_tos_based_priority": { + "required": False, "type": "dict", "default": None, + "options": { + "id": {"required": True, "type": "int"}, + "priority": {"required": False, "type": "str", + "choices": ["low", + "medium", + "high"]}, + "tos": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom.py new file mode 100644 index 00000000..ce44393d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom.py @@ -0,0 +1,321 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom +short_description: Configure virtual domain in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + system_vdom: + description: + - Configure virtual domain. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + name: + description: + - VDOM name. + required: true + type: str + short_name: + description: + - VDOM short name. + type: str + temporary: + description: + - Temporary. + type: int + vcluster_id: + description: + - Virtual cluster ID (0 - 4294967295). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual domain. + fortios_system_vdom: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom: + name: "default_name_3" + short_name: "" + temporary: "5" + vcluster_id: "6" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_data(json): + option_list = ['name', 'short_name', 'temporary', + 'vcluster_id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['system_vdom'] and data['system_vdom']['state']: + state = data['system_vdom']['state'] + else: + state = True + system_vdom_data = data['system_vdom'] + filtered_data = underscore_to_hyphen(filter_system_vdom_data(system_vdom_data)) + + if state == "present": + return fos.set('system', + 'vdom', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'vdom', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom']: + resp = system_vdom(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "system_vdom": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "name": {"required": True, "type": "str"}, + "short_name": {"required": False, "type": "str"}, + "temporary": {"required": False, "type": "int"}, + "vcluster_id": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_dns.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_dns.py new file mode 100644 index 00000000..7b91ff27 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_dns.py @@ -0,0 +1,294 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom_dns +short_description: Configure DNS servers for a non-management VDOM in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom_dns category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_vdom_dns: + description: + - Configure DNS servers for a non-management VDOM. + default: null + type: dict + suboptions: + ip6_primary: + description: + - Primary IPv6 DNS server IP address for the VDOM. + type: str + ip6_secondary: + description: + - Secondary IPv6 DNS server IP address for the VDOM. + type: str + primary: + description: + - Primary DNS server IP address for the VDOM. + type: str + secondary: + description: + - Secondary DNS server IP address for the VDOM. + type: str + source_ip: + description: + - Source IP for communications with the DNS server. + type: str + vdom_dns: + description: + - Enable/disable configuring DNS servers for the current VDOM. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure DNS servers for a non-management VDOM. + fortios_system_vdom_dns: + vdom: "{{ vdom }}" + system_vdom_dns: + ip6_primary: "" + ip6_secondary: "" + primary: "" + secondary: "" + source_ip: "84.230.14.43" + vdom_dns: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_dns_data(json): + option_list = ['ip6_primary', 'ip6_secondary', 'primary', + 'secondary', 'source_ip', 'vdom_dns'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom_dns(data, fos): + vdom = data['vdom'] + system_vdom_dns_data = data['system_vdom_dns'] + filtered_data = underscore_to_hyphen(filter_system_vdom_dns_data(system_vdom_dns_data)) + + return fos.set('system', + 'vdom-dns', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom_dns']: + resp = system_vdom_dns(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom_dns')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_vdom_dns": { + "required": False, "type": "dict", "default": None, + "options": { + "ip6_primary": {"required": False, "type": "str"}, + "ip6_secondary": {"required": False, "type": "str"}, + "primary": {"required": False, "type": "str"}, + "secondary": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "vdom_dns": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_exception.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_exception.py new file mode 100644 index 00000000..b2fa8e3e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_exception.py @@ -0,0 +1,330 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom_exception +short_description: Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope in Fortinet's FortiOS and + FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom_exception category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_vdom_exception: + description: + - Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope. + default: null + type: dict + suboptions: + id: + description: + - Index <1-4096>. + required: true + type: int + object: + description: + - Name of the configuration object that can be configured independently for all VDOMs. + type: str + choices: + - log.fortianalyzer.setting + - log.fortianalyzer.override-setting + oid: + description: + - Object ID. + type: int + scope: + description: + - Determine whether the configuration object can be configured separately for all VDOMs or if some VDOMs share the same configuration. + type: str + choices: + - all + - inclusive + - exclusive + vdom: + description: + - Names of the VDOMs. + type: list + suboptions: + name: + description: + - VDOM name. Source system.vdom.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope. + fortios_system_vdom_exception: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_exception: + id: "3" + object: "log.fortianalyzer.setting" + oid: "5" + scope: "all" + vdom: + - + name: "default_name_8 (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_exception_data(json): + option_list = ['id', 'object', 'oid', + 'scope', 'vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom_exception(data, fos): + vdom = data['vdom'] + state = data['state'] + system_vdom_exception_data = data['system_vdom_exception'] + filtered_data = underscore_to_hyphen(filter_system_vdom_exception_data(system_vdom_exception_data)) + + if state == "present": + return fos.set('system', + 'vdom-exception', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'vdom-exception', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom_exception']: + resp = system_vdom_exception(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom_exception')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_vdom_exception": { + "required": False, "type": "dict", "default": None, + "options": { + "id": {"required": True, "type": "int"}, + "object": {"required": False, "type": "str", + "choices": ["log.fortianalyzer.setting", + "log.fortianalyzer.override-setting"]}, + "oid": {"required": False, "type": "int"}, + "scope": {"required": False, "type": "str", + "choices": ["all", + "inclusive", + "exclusive"]}, + "vdom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_link.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_link.py new file mode 100644 index 00000000..b94b0cd3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_link.py @@ -0,0 +1,303 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom_link +short_description: Configure VDOM links in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom_link category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_vdom_link: + description: + - Configure VDOM links. + default: null + type: dict + suboptions: + name: + description: + - VDOM link name (maximum = 8 characters). + required: true + type: str + type: + description: + - 'VDOM link type: PPP or Ethernet.' + type: str + choices: + - ppp + - ethernet + vcluster: + description: + - Virtual cluster. + type: str + choices: + - vcluster1 + - vcluster2 +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VDOM links. + fortios_system_vdom_link: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_link: + name: "default_name_3" + type: "ppp" + vcluster: "vcluster1" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_link_data(json): + option_list = ['name', 'type', 'vcluster'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom_link(data, fos): + vdom = data['vdom'] + state = data['state'] + system_vdom_link_data = data['system_vdom_link'] + filtered_data = underscore_to_hyphen(filter_system_vdom_link_data(system_vdom_link_data)) + + if state == "present": + return fos.set('system', + 'vdom-link', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'vdom-link', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom_link']: + resp = system_vdom_link(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom_link')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_vdom_link": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["ppp", + "ethernet"]}, + "vcluster": {"required": False, "type": "str", + "choices": ["vcluster1", + "vcluster2"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_netflow.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_netflow.py new file mode 100644 index 00000000..9352168f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_netflow.py @@ -0,0 +1,282 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom_netflow +short_description: Configure NetFlow per VDOM in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom_netflow category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_vdom_netflow: + description: + - Configure NetFlow per VDOM. + default: null + type: dict + suboptions: + collector_ip: + description: + - NetFlow collector IP address. + type: str + collector_port: + description: + - NetFlow collector port number. + type: int + source_ip: + description: + - Source IP address for communication with the NetFlow agent. + type: str + vdom_netflow: + description: + - Enable/disable NetFlow per VDOM. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure NetFlow per VDOM. + fortios_system_vdom_netflow: + vdom: "{{ vdom }}" + system_vdom_netflow: + collector_ip: "" + collector_port: "4" + source_ip: "84.230.14.43" + vdom_netflow: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_netflow_data(json): + option_list = ['collector_ip', 'collector_port', 'source_ip', + 'vdom_netflow'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom_netflow(data, fos): + vdom = data['vdom'] + system_vdom_netflow_data = data['system_vdom_netflow'] + filtered_data = underscore_to_hyphen(filter_system_vdom_netflow_data(system_vdom_netflow_data)) + + return fos.set('system', + 'vdom-netflow', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom_netflow']: + resp = system_vdom_netflow(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom_netflow')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_vdom_netflow": { + "required": False, "type": "dict", "default": None, + "options": { + "collector_ip": {"required": False, "type": "str"}, + "collector_port": {"required": False, "type": "int"}, + "source_ip": {"required": False, "type": "str"}, + "vdom_netflow": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_property.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_property.py new file mode 100644 index 00000000..3bf5a089 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_property.py @@ -0,0 +1,407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom_property +short_description: Configure VDOM property in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom_property category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_vdom_property: + description: + - Configure VDOM property. + default: null + type: dict + suboptions: + custom_service: + description: + - Maximum guaranteed number of firewall custom services. + type: str + description: + description: + - Description. + type: str + dialup_tunnel: + description: + - Maximum guaranteed number of dial-up tunnels. + type: str + firewall_address: + description: + - Maximum guaranteed number of firewall addresses. + type: str + firewall_addrgrp: + description: + - Maximum guaranteed number of firewall address groups. + type: str + firewall_policy: + description: + - Maximum guaranteed number of firewall policies. + type: str + ipsec_phase1: + description: + - Maximum guaranteed number of VPN IPsec phase 1 tunnels. + type: str + ipsec_phase1_interface: + description: + - Maximum guaranteed number of VPN IPsec phase1 interface tunnels. + type: str + ipsec_phase2: + description: + - Maximum guaranteed number of VPN IPsec phase 2 tunnels. + type: str + ipsec_phase2_interface: + description: + - Maximum guaranteed number of VPN IPsec phase2 interface tunnels. + type: str + log_disk_quota: + description: + - Log disk quota in MB (range depends on how much disk space is available). + type: str + name: + description: + - VDOM name. Source system.vdom.name. + required: true + type: str + onetime_schedule: + description: + - Maximum guaranteed number of firewall one-time schedules. + type: str + proxy: + description: + - Maximum guaranteed number of concurrent proxy users. + type: str + recurring_schedule: + description: + - Maximum guaranteed number of firewall recurring schedules. + type: str + service_group: + description: + - Maximum guaranteed number of firewall service groups. + type: str + session: + description: + - Maximum guaranteed number of sessions. + type: str + snmp_index: + description: + - Permanent SNMP Index of the virtual domain (0 - 4294967295). + type: int + sslvpn: + description: + - Maximum guaranteed number of SSL-VPNs. + type: str + user: + description: + - Maximum guaranteed number of local users. + type: str + user_group: + description: + - Maximum guaranteed number of user groups. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VDOM property. + fortios_system_vdom_property: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_property: + custom_service: "" + description: "" + dialup_tunnel: "" + firewall_address: "" + firewall_addrgrp: "" + firewall_policy: "" + ipsec_phase1: "" + ipsec_phase1_interface: "" + ipsec_phase2: "" + ipsec_phase2_interface: "" + log_disk_quota: "" + name: "default_name_14 (source system.vdom.name)" + onetime_schedule: "" + proxy: "" + recurring_schedule: "" + service_group: "" + session: "" + snmp_index: "20" + sslvpn: "" + user: "" + user_group: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_property_data(json): + option_list = ['custom_service', 'description', 'dialup_tunnel', + 'firewall_address', 'firewall_addrgrp', 'firewall_policy', + 'ipsec_phase1', 'ipsec_phase1_interface', 'ipsec_phase2', + 'ipsec_phase2_interface', 'log_disk_quota', 'name', + 'onetime_schedule', 'proxy', 'recurring_schedule', + 'service_group', 'session', 'snmp_index', + 'sslvpn', 'user', 'user_group'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom_property(data, fos): + vdom = data['vdom'] + state = data['state'] + system_vdom_property_data = data['system_vdom_property'] + filtered_data = underscore_to_hyphen(filter_system_vdom_property_data(system_vdom_property_data)) + + if state == "present": + return fos.set('system', + 'vdom-property', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'vdom-property', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom_property']: + resp = system_vdom_property(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom_property')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_vdom_property": { + "required": False, "type": "dict", "default": None, + "options": { + "custom_service": {"required": False, "type": "str"}, + "description": {"required": False, "type": "str"}, + "dialup_tunnel": {"required": False, "type": "str"}, + "firewall_address": {"required": False, "type": "str"}, + "firewall_addrgrp": {"required": False, "type": "str"}, + "firewall_policy": {"required": False, "type": "str"}, + "ipsec_phase1": {"required": False, "type": "str"}, + "ipsec_phase1_interface": {"required": False, "type": "str"}, + "ipsec_phase2": {"required": False, "type": "str"}, + "ipsec_phase2_interface": {"required": False, "type": "str"}, + "log_disk_quota": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "onetime_schedule": {"required": False, "type": "str"}, + "proxy": {"required": False, "type": "str"}, + "recurring_schedule": {"required": False, "type": "str"}, + "service_group": {"required": False, "type": "str"}, + "session": {"required": False, "type": "str"}, + "snmp_index": {"required": False, "type": "int"}, + "sslvpn": {"required": False, "type": "str"}, + "user": {"required": False, "type": "str"}, + "user_group": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_radius_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_radius_server.py new file mode 100644 index 00000000..a414c385 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_radius_server.py @@ -0,0 +1,298 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom_radius_server +short_description: Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom_radius_server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_vdom_radius_server: + description: + - Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM. + default: null + type: dict + suboptions: + name: + description: + - Name of the VDOM that you are adding the RADIUS server to. Source system.vdom.name. + required: true + type: str + radius_server_vdom: + description: + - Use this option to select another VDOM containing a VDOM RSSO RADIUS server to use for the current VDOM. Source system.vdom.name. + type: str + status: + description: + - Enable/disable the RSSO RADIUS server for this VDOM. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM. + fortios_system_vdom_radius_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vdom_radius_server: + name: "default_name_3 (source system.vdom.name)" + radius_server_vdom: " (source system.vdom.name)" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_radius_server_data(json): + option_list = ['name', 'radius_server_vdom', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom_radius_server(data, fos): + vdom = data['vdom'] + state = data['state'] + system_vdom_radius_server_data = data['system_vdom_radius_server'] + filtered_data = underscore_to_hyphen(filter_system_vdom_radius_server_data(system_vdom_radius_server_data)) + + if state == "present": + return fos.set('system', + 'vdom-radius-server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'vdom-radius-server', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom_radius_server']: + resp = system_vdom_radius_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom_radius_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_vdom_radius_server": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "radius_server_vdom": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_sflow.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_sflow.py new file mode 100644 index 00000000..1bfc0f2e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vdom_sflow.py @@ -0,0 +1,286 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vdom_sflow +short_description: Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams + to an sFlow collector in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vdom_sflow category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_vdom_sflow: + description: + - Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an + sFlow collector. + default: null + type: dict + suboptions: + collector_ip: + description: + - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . + type: str + collector_port: + description: + - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - + 65535). + type: int + source_ip: + description: + - Source IP address for sFlow agent. + type: str + vdom_sflow: + description: + - Enable/disable the sFlow configuration for the current VDOM. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an + sFlow collector. + fortios_system_vdom_sflow: + vdom: "{{ vdom }}" + system_vdom_sflow: + collector_ip: "" + collector_port: "4" + source_ip: "84.230.14.43" + vdom_sflow: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vdom_sflow_data(json): + option_list = ['collector_ip', 'collector_port', 'source_ip', + 'vdom_sflow'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vdom_sflow(data, fos): + vdom = data['vdom'] + system_vdom_sflow_data = data['system_vdom_sflow'] + filtered_data = underscore_to_hyphen(filter_system_vdom_sflow_data(system_vdom_sflow_data)) + + return fos.set('system', + 'vdom-sflow', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vdom_sflow']: + resp = system_vdom_sflow(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vdom_sflow')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_vdom_sflow": { + "required": False, "type": "dict", "default": None, + "options": { + "collector_ip": {"required": False, "type": "str"}, + "collector_port": {"required": False, "type": "int"}, + "source_ip": {"required": False, "type": "str"}, + "vdom_sflow": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_switch.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_switch.py new file mode 100644 index 00000000..26ef6000 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_switch.py @@ -0,0 +1,382 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_virtual_switch +short_description: Configure virtual hardware switch interfaces in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and virtual_switch category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.10" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_virtual_switch: + description: + - Configure virtual hardware switch interfaces. + default: null + type: dict + suboptions: + name: + description: + - Name of the virtual switch. + required: true + type: str + physical_switch: + description: + - Physical switch parent. Source system.physical-switch.name. + type: str + port: + description: + - Configure member ports. + type: list + suboptions: + alias: + description: + - Alias. + type: str + name: + description: + - Physical interface name. + required: true + type: str + speed: + description: + - Interface speed. + type: str + choices: + - auto + - 10full + - 10half + - 100full + - 100half + - 1000full + - 1000half + - 1000auto + status: + description: + - Interface status. + type: str + choices: + - up + - down + span: + description: + - Enable/disable SPAN. + type: str + choices: + - disable + - enable + span_dest_port: + description: + - SPAN destination port. + type: str + span_direction: + description: + - SPAN direction. + type: str + choices: + - rx + - tx + - both + span_source_port: + description: + - SPAN source ports. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual hardware switch interfaces. + fortios_system_virtual_switch: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_virtual_switch: + name: "default_name_3" + physical_switch: " (source system.physical-switch.name)" + port: + - + alias: "" + name: "default_name_7" + speed: "auto" + status: "up" + span: "disable" + span_dest_port: "" + span_direction: "rx" + span_source_port: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_virtual_switch_data(json): + option_list = ['name', 'physical_switch', 'port', + 'span', 'span_dest_port', 'span_direction', + 'span_source_port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_virtual_switch(data, fos): + vdom = data['vdom'] + state = data['state'] + system_virtual_switch_data = data['system_virtual_switch'] + filtered_data = underscore_to_hyphen(filter_system_virtual_switch_data(system_virtual_switch_data)) + + if state == "present": + return fos.set('system', + 'virtual-switch', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'virtual-switch', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_virtual_switch']: + resp = system_virtual_switch(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_virtual_switch')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_virtual_switch": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "physical_switch": {"required": False, "type": "str"}, + "port": {"required": False, "type": "list", + "options": { + "alias": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "speed": {"required": False, "type": "str", + "choices": ["auto", + "10full", + "10half", + "100full", + "100half", + "1000full", + "1000half", + "1000auto"]}, + "status": {"required": False, "type": "str", + "choices": ["up", + "down"]} + }}, + "span": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "span_dest_port": {"required": False, "type": "str"}, + "span_direction": {"required": False, "type": "str", + "choices": ["rx", + "tx", + "both"]}, + "span_source_port": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wan_link.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wan_link.py new file mode 100644 index 00000000..e4db26ec --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wan_link.py @@ -0,0 +1,1127 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_virtual_wan_link +short_description: Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and virtual_wan_link category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + system_virtual_wan_link: + description: + - Configure redundant internet connections using SD-WAN (formerly virtual WAN link). + default: null + type: dict + suboptions: + fail_alert_interfaces: + description: + - Physical interfaces that will be alerted. + type: list + suboptions: + name: + description: + - Physical interface name. Source system.interface.name. + required: true + type: str + fail_detect: + description: + - Enable/disable SD-WAN Internet connection status checking (failure detection). + type: str + choices: + - enable + - disable + health_check: + description: + - SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can + communicate with it. + type: list + suboptions: + addr_mode: + description: + - Address mode (IPv4 or IPv6). + type: str + choices: + - ipv4 + - ipv6 + failtime: + description: + - Number of failures before server is considered lost (1 - 10). + type: int + http_get: + description: + - URL used to communicate with the server if the protocol if the protocol is HTTP. + type: str + http_match: + description: + - Response string expected from the server if the protocol is HTTP. + type: str + interval: + description: + - Status check interval, or the time between attempting to connect to the server (1 - 3600 sec). + type: int + members: + description: + - Member sequence number list. + type: list + suboptions: + seq_num: + description: + - Member sequence number. Source system.virtual-wan-link.members.seq-num. + type: int + name: + description: + - Status check or health check name. + required: true + type: str + packet_size: + description: + - Packet size of a twamp test session, + type: int + password: + description: + - Twamp controller password in authentication mode + type: str + port: + description: + - Port number used to communicate with the server over the selected protocol. + type: int + protocol: + description: + - Protocol used to determine if the FortiGate can communicate with the server. + type: str + choices: + - ping + - tcp-echo + - udp-echo + - http + - twamp + - ping6 + recoverytime: + description: + - Number of successful responses received before server is considered recovered (1 - 10). + type: int + security_mode: + description: + - Twamp controller security mode. + type: str + choices: + - none + - authentication + server: + description: + - IP address or FQDN name of the server. + type: str + sla: + description: + - Service level agreement (SLA). + type: list + suboptions: + id: + description: + - SLA ID. + required: true + type: int + jitter_threshold: + description: + - Jitter for SLA to make decision in milliseconds. (0 - 10000000). + type: int + latency_threshold: + description: + - Latency for SLA to make decision in milliseconds. (0 - 10000000). + type: int + link_cost_factor: + description: + - Criteria on which to base link selection. + type: str + choices: + - latency + - jitter + - packet-loss + packetloss_threshold: + description: + - Packet loss for SLA to make decision in percentage. (0 - 100). + type: int + threshold_alert_jitter: + description: + - Alert threshold for jitter (ms). + type: int + threshold_alert_latency: + description: + - Alert threshold for latency (ms). + type: int + threshold_alert_packetloss: + description: + - Alert threshold for packet loss (percentage). + type: int + threshold_warning_jitter: + description: + - Warning threshold for jitter (ms). + type: int + threshold_warning_latency: + description: + - Warning threshold for latency (ms). + type: int + threshold_warning_packetloss: + description: + - Warning threshold for packet loss (percentage). + type: int + update_cascade_interface: + description: + - Enable/disable update cascade interface. + type: str + choices: + - enable + - disable + update_static_route: + description: + - Enable/disable updating the static route. + type: str + choices: + - enable + - disable + load_balance_mode: + description: + - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. + type: str + choices: + - source-ip-based + - weight-based + - usage-based + - source-dest-ip-based + - measured-volume-based + members: + description: + - Physical FortiGate interfaces added to the virtual-wan-link. + type: list + suboptions: + gateway: + description: + - The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is + connected to. + type: str + gateway6: + description: + - IPv6 gateway. + type: str + ingress_spillover_threshold: + description: + - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new + sessions spill over to other interfaces in the SD-WAN. + type: int + interface: + description: + - Interface name. Source system.interface.name. + type: str + priority: + description: + - Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules. + type: int + seq_num: + description: + - Sequence number(1-255). + type: int + source: + description: + - Source IP address used in the health-check packet to the server. + type: str + source6: + description: + - Source IPv6 address used in the health-check packet to the server. + type: str + spillover_threshold: + description: + - Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions + spill over to other interfaces in the SD-WAN. + type: int + status: + description: + - Enable/disable this interface in the SD-WAN. + type: str + choices: + - disable + - enable + volume_ratio: + description: + - Measured volume ratio (this value / sum of all values = percentage of link volume, 0 - 255). + type: int + weight: + description: + - Weight of this interface for weighted load balancing. (0 - 255) More traffic is directed to interfaces with higher weights. + type: int + service: + description: + - Create SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the + SD-WAN. + type: list + suboptions: + addr_mode: + description: + - Address mode (IPv4 or IPv6). + type: str + choices: + - ipv4 + - ipv6 + bandwidth_weight: + description: + - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. + type: int + dscp_forward: + description: + - Enable/disable forward traffic DSCP tag. + type: str + choices: + - enable + - disable + dscp_forward_tag: + description: + - Forward traffic DSCP tag. + type: str + dscp_reverse: + description: + - Enable/disable reverse traffic DSCP tag. + type: str + choices: + - enable + - disable + dscp_reverse_tag: + description: + - Reverse traffic DSCP tag. + type: str + dst: + description: + - Destination address name. + type: list + suboptions: + name: + description: + - Address or address group name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + dst_negate: + description: + - Enable/disable negation of destination address match. + type: str + choices: + - enable + - disable + dst6: + description: + - Destination address6 name. + type: list + suboptions: + name: + description: + - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + end_port: + description: + - End destination port number. + type: int + groups: + description: + - User groups. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + health_check: + description: + - Health check. Source system.virtual-wan-link.health-check.name. + type: str + id: + description: + - Priority rule ID (1 - 4000). + required: true + type: int + input_device: + description: + - Source interface name. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name. + required: true + type: str + internet_service: + description: + - Enable/disable use of Internet service for application-based load balancing. + type: str + choices: + - enable + - disable + internet_service_ctrl: + description: + - Control-based Internet Service ID list. + type: list + suboptions: + id: + description: + - Control-based Internet Service ID. + required: true + type: int + internet_service_ctrl_group: + description: + - Control-based Internet Service group list. + type: list + suboptions: + name: + description: + - Control-based Internet Service group name. Source application.group.name. + required: true + type: str + internet_service_custom: + description: + - Custom Internet service name list. + type: list + suboptions: + name: + description: + - Custom Internet service name. Source firewall.internet-service-custom.name. + required: true + type: str + internet_service_custom_group: + description: + - Custom Internet Service group list. + type: list + suboptions: + name: + description: + - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. + required: true + type: str + internet_service_group: + description: + - Internet Service group list. + type: list + suboptions: + name: + description: + - Internet Service group name. Source firewall.internet-service-group.name. + required: true + type: str + internet_service_id: + description: + - Internet service ID list. + type: list + suboptions: + id: + description: + - Internet service ID. Source firewall.internet-service.id. + required: true + type: int + jitter_weight: + description: + - Coefficient of jitter in the formula of custom-profile-1. + type: int + latency_weight: + description: + - Coefficient of latency in the formula of custom-profile-1. + type: int + link_cost_factor: + description: + - Link cost factor. + type: str + choices: + - latency + - jitter + - packet-loss + - inbandwidth + - outbandwidth + - bibandwidth + - custom-profile-1 + link_cost_threshold: + description: + - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000). + type: int + member: + description: + - Member sequence number. + type: int + mode: + description: + - Control how the priority rule sets the priority of interfaces in the SD-WAN. + type: str + choices: + - auto + - manual + - priority + - sla + name: + description: + - Priority rule name. + type: str + packet_loss_weight: + description: + - Coefficient of packet-loss in the formula of custom-profile-1. + type: int + priority_members: + description: + - Member sequence number list. + type: list + suboptions: + seq_num: + description: + - Member sequence number. Source system.virtual-wan-link.members.seq-num. + type: int + protocol: + description: + - Protocol number. + type: int + quality_link: + description: + - Quality grade. + type: int + route_tag: + description: + - IPv4 route map route-tag. + type: int + sla: + description: + - Service level agreement (SLA). + type: list + suboptions: + health_check: + description: + - Virtual WAN Link health-check. Source system.virtual-wan-link.health-check.name. + type: str + id: + description: + - SLA ID. + type: int + src: + description: + - Source address name. + type: list + suboptions: + name: + description: + - Address or address group name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + src_negate: + description: + - Enable/disable negation of source address match. + type: str + choices: + - enable + - disable + src6: + description: + - Source address6 name. + type: list + suboptions: + name: + description: + - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + start_port: + description: + - Start destination port number. + type: int + status: + description: + - Enable/disable SD-WAN service. + type: str + choices: + - enable + - disable + tos: + description: + - Type of service bit pattern. + type: str + tos_mask: + description: + - Type of service evaluated bits. + type: str + users: + description: + - User name. + type: list + suboptions: + name: + description: + - User name. Source user.local.name. + required: true + type: str + status: + description: + - Enable/disable SD-WAN. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure redundant internet connections using SD-WAN (formerly virtual WAN link). + fortios_system_virtual_wan_link: + vdom: "{{ vdom }}" + system_virtual_wan_link: + fail_alert_interfaces: + - + name: "default_name_4 (source system.interface.name)" + fail_detect: "enable" + health_check: + - + addr_mode: "ipv4" + failtime: "8" + http_get: "" + http_match: "" + interval: "11" + members: + - + seq_num: "13 (source system.virtual-wan-link.members.seq-num)" + name: "default_name_14" + packet_size: "15" + password: "" + port: "17" + protocol: "ping" + recoverytime: "19" + security_mode: "none" + server: "192.168.100.40" + sla: + - + id: "23" + jitter_threshold: "24" + latency_threshold: "25" + link_cost_factor: "latency" + packetloss_threshold: "27" + threshold_alert_jitter: "28" + threshold_alert_latency: "29" + threshold_alert_packetloss: "30" + threshold_warning_jitter: "31" + threshold_warning_latency: "32" + threshold_warning_packetloss: "33" + update_cascade_interface: "enable" + update_static_route: "enable" + load_balance_mode: "source-ip-based" + members: + - + gateway: "" + gateway6: "" + ingress_spillover_threshold: "40" + interface: " (source system.interface.name)" + priority: "42" + seq_num: "43" + source: "" + source6: "" + spillover_threshold: "46" + status: "disable" + volume_ratio: "48" + weight: "49" + service: + - + addr_mode: "ipv4" + bandwidth_weight: "52" + dscp_forward: "enable" + dscp_forward_tag: "" + dscp_reverse: "enable" + dscp_reverse_tag: "" + dst: + - + name: "default_name_58 (source firewall.address.name firewall.addrgrp.name)" + dst_negate: "enable" + dst6: + - + name: "default_name_61 (source firewall.address6.name firewall.addrgrp6.name)" + end_port: "62" + groups: + - + name: "default_name_64 (source user.group.name)" + health_check: " (source system.virtual-wan-link.health-check.name)" + id: "66" + input_device: + - + name: "default_name_68 (source system.interface.name)" + internet_service: "enable" + internet_service_ctrl: + - + id: "71" + internet_service_ctrl_group: + - + name: "default_name_73 (source application.group.name)" + internet_service_custom: + - + name: "default_name_75 (source firewall.internet-service-custom.name)" + internet_service_custom_group: + - + name: "default_name_77 (source firewall.internet-service-custom-group.name)" + internet_service_group: + - + name: "default_name_79 (source firewall.internet-service-group.name)" + internet_service_id: + - + id: "81 (source firewall.internet-service.id)" + jitter_weight: "82" + latency_weight: "83" + link_cost_factor: "latency" + link_cost_threshold: "85" + member: "86" + mode: "auto" + name: "default_name_88" + packet_loss_weight: "89" + priority_members: + - + seq_num: "91 (source system.virtual-wan-link.members.seq-num)" + protocol: "92" + quality_link: "93" + route_tag: "94" + sla: + - + health_check: " (source system.virtual-wan-link.health-check.name)" + id: "97" + src: + - + name: "default_name_99 (source firewall.address.name firewall.addrgrp.name)" + src_negate: "enable" + src6: + - + name: "default_name_102 (source firewall.address6.name firewall.addrgrp6.name)" + start_port: "103" + status: "enable" + tos: "" + tos_mask: "" + users: + - + name: "default_name_108 (source user.local.name)" + status: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_virtual_wan_link_data(json): + option_list = ['fail_alert_interfaces', 'fail_detect', 'health_check', + 'load_balance_mode', 'members', 'service', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_virtual_wan_link(data, fos): + vdom = data['vdom'] + system_virtual_wan_link_data = data['system_virtual_wan_link'] + filtered_data = underscore_to_hyphen(filter_system_virtual_wan_link_data(system_virtual_wan_link_data)) + + return fos.set('system', + 'virtual-wan-link', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_virtual_wan_link']: + resp = system_virtual_wan_link(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_virtual_wan_link')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "system_virtual_wan_link": { + "required": False, "type": "dict", "default": None, + "options": { + "fail_alert_interfaces": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "fail_detect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "health_check": {"required": False, "type": "list", + "options": { + "addr_mode": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "failtime": {"required": False, "type": "int"}, + "http_get": {"required": False, "type": "str"}, + "http_match": {"required": False, "type": "str"}, + "interval": {"required": False, "type": "int"}, + "members": {"required": False, "type": "list", + "options": { + "seq_num": {"required": False, "type": "int"} + }}, + "name": {"required": True, "type": "str"}, + "packet_size": {"required": False, "type": "int"}, + "password": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "str", + "choices": ["ping", + "tcp-echo", + "udp-echo", + "http", + "twamp", + "ping6"]}, + "recoverytime": {"required": False, "type": "int"}, + "security_mode": {"required": False, "type": "str", + "choices": ["none", + "authentication"]}, + "server": {"required": False, "type": "str"}, + "sla": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "jitter_threshold": {"required": False, "type": "int"}, + "latency_threshold": {"required": False, "type": "int"}, + "link_cost_factor": {"required": False, "type": "str", + "choices": ["latency", + "jitter", + "packet-loss"]}, + "packetloss_threshold": {"required": False, "type": "int"} + }}, + "threshold_alert_jitter": {"required": False, "type": "int"}, + "threshold_alert_latency": {"required": False, "type": "int"}, + "threshold_alert_packetloss": {"required": False, "type": "int"}, + "threshold_warning_jitter": {"required": False, "type": "int"}, + "threshold_warning_latency": {"required": False, "type": "int"}, + "threshold_warning_packetloss": {"required": False, "type": "int"}, + "update_cascade_interface": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "update_static_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "load_balance_mode": {"required": False, "type": "str", + "choices": ["source-ip-based", + "weight-based", + "usage-based", + "source-dest-ip-based", + "measured-volume-based"]}, + "members": {"required": False, "type": "list", + "options": { + "gateway": {"required": False, "type": "str"}, + "gateway6": {"required": False, "type": "str"}, + "ingress_spillover_threshold": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "priority": {"required": False, "type": "int"}, + "seq_num": {"required": False, "type": "int"}, + "source": {"required": False, "type": "str"}, + "source6": {"required": False, "type": "str"}, + "spillover_threshold": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "volume_ratio": {"required": False, "type": "int"}, + "weight": {"required": False, "type": "int"} + }}, + "service": {"required": False, "type": "list", + "options": { + "addr_mode": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "bandwidth_weight": {"required": False, "type": "int"}, + "dscp_forward": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dscp_forward_tag": {"required": False, "type": "str"}, + "dscp_reverse": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dscp_reverse_tag": {"required": False, "type": "str"}, + "dst": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dst_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dst6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "end_port": {"required": False, "type": "int"}, + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "health_check": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "input_device": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "internet_service_ctrl": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "internet_service_ctrl_group": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_custom": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_custom_group": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_group": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "internet_service_id": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "jitter_weight": {"required": False, "type": "int"}, + "latency_weight": {"required": False, "type": "int"}, + "link_cost_factor": {"required": False, "type": "str", + "choices": ["latency", + "jitter", + "packet-loss", + "inbandwidth", + "outbandwidth", + "bibandwidth", + "custom-profile-1"]}, + "link_cost_threshold": {"required": False, "type": "int"}, + "member": {"required": False, "type": "int"}, + "mode": {"required": False, "type": "str", + "choices": ["auto", + "manual", + "priority", + "sla"]}, + "name": {"required": False, "type": "str"}, + "packet_loss_weight": {"required": False, "type": "int"}, + "priority_members": {"required": False, "type": "list", + "options": { + "seq_num": {"required": False, "type": "int"} + }}, + "protocol": {"required": False, "type": "int"}, + "quality_link": {"required": False, "type": "int"}, + "route_tag": {"required": False, "type": "int"}, + "sla": {"required": False, "type": "list", + "options": { + "health_check": {"required": False, "type": "str"}, + "id": {"required": False, "type": "int"} + }}, + "src": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "src_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "src6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "start_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tos": {"required": False, "type": "str"}, + "tos_mask": {"required": False, "type": "str"}, + "users": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wire_pair.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wire_pair.py new file mode 100644 index 00000000..2d76f943 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_virtual_wire_pair.py @@ -0,0 +1,315 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_virtual_wire_pair +short_description: Configure virtual wire pairs in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and virtual_wire_pair category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_virtual_wire_pair: + description: + - Configure virtual wire pairs. + default: null + type: dict + suboptions: + member: + description: + - Interfaces belong to the virtual-wire-pair. + type: list + suboptions: + interface_name: + description: + - Interface name. Source system.interface.name. + type: str + name: + description: + - Virtual-wire-pair name. Must be a unique interface name. + required: true + type: str + vlan_filter: + description: + - Set VLAN filters. + type: str + wildcard_vlan: + description: + - Enable/disable wildcard VLAN. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual wire pairs. + fortios_system_virtual_wire_pair: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_virtual_wire_pair: + member: + - + interface_name: " (source system.interface.name)" + name: "default_name_5" + vlan_filter: "" + wildcard_vlan: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_virtual_wire_pair_data(json): + option_list = ['member', 'name', 'vlan_filter', + 'wildcard_vlan'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_virtual_wire_pair(data, fos): + vdom = data['vdom'] + state = data['state'] + system_virtual_wire_pair_data = data['system_virtual_wire_pair'] + filtered_data = underscore_to_hyphen(filter_system_virtual_wire_pair_data(system_virtual_wire_pair_data)) + + if state == "present": + return fos.set('system', + 'virtual-wire-pair', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'virtual-wire-pair', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_virtual_wire_pair']: + resp = system_virtual_wire_pair(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_virtual_wire_pair')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_virtual_wire_pair": { + "required": False, "type": "dict", "default": None, + "options": { + "member": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "vlan_filter": {"required": False, "type": "str"}, + "wildcard_vlan": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vmlicense.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vmlicense.py new file mode 100644 index 00000000..9e7e9695 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vmlicense.py @@ -0,0 +1,284 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vmlicense +short_description: Update VM license using uploaded file. Reboots immediately if successful in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vmlicense category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.5 +version_added: "2.8" +author: + - Frank Shen(@frankshen01) + - Link Zheng (@chillancezen) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks +requirements: + - ansible>=2.9.0 +options: + host: + description: + - FortiOS or FortiGate IP address. + type: str + required: false + username: + description: + - FortiOS or FortiGate username. + type: str + required: false + password: + description: + - FortiOS or FortiGate password. + type: str + default: "" + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + https: + description: + - Indicates if the requests towards FortiGate must use HTTPS protocol. + type: bool + default: true + ssl_verify: + description: + - Ensures FortiGate certificate must be verified by a proper CA. + type: bool + default: true + version_added: 2.9 + system_vmlicense: + description: + - Update VM license using uploaded file. Reboots immediately if successful. + default: null + type: dict + suboptions: + file_content: + description: + - "Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be + included in HTTP body." + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: no + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 80 + license_file: ./FGVMXXXXXX-VM00.lic + license_file_content: "{{ lookup( 'file', license_file) }}" + encoded_license: "{{ license_file_content | string | b64encode }}" + tasks: + - name: Update VM license using uploaded file. Reboots immediately if successful. + fortios_system_vmlicense: + vdom: "{{ vdom }}" + system_vmlicense: + file_content: "{{ encoded_license }}" +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'POST' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "vmlicense" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "system" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def login(data, fos): + host = data['host'] + username = data['username'] + password = data['password'] + ssl_verify = data['ssl_verify'] + + fos.debug('on') + if 'https' in data and not data['https']: + fos.https('off') + else: + fos.https('on') + + fos.login(host, username, password, verify=ssl_verify) + + +def filter_system_vmlicense_data(json): + option_list = ['file_content'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + return data + + +def system_vmlicense(data, fos): + vdom = data['vdom'] + system_vmlicense_data = data['system_vmlicense'] + filtered_data = underscore_to_hyphen(filter_system_vmlicense_data(system_vmlicense_data)) + + return fos.execute('system', + 'vmlicense/upload', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vmlicense']: + resp = system_vmlicense(data, fos) + + return not is_successful_status(resp), \ + resp['status'] == "success", \ + resp + + +def main(): + fields = { + "host": {"required": False, "type": "str"}, + "username": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "default": "", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "https": {"required": False, "type": "bool", "default": True}, + "ssl_verify": {"required": False, "type": "bool", "default": True}, + "system_vmlicense": { + "required": False, "type": "dict", "default": None, + "options": { + "file_content": {"required": False, "type": "str"} + + } + } + } + + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + # legacy_mode refers to using fortiosapi instead of HTTPAPI + legacy_mode = 'host' in module.params and module.params['host'] is not None and \ + 'username' in module.params and module.params['username'] is not None and \ + 'password' in module.params and module.params['password'] is not None + + if not legacy_mode: + if module._socket_path: + connection = Connection(module._socket_path) + fos = FortiOSHandler(connection) + + is_error, has_changed, result = fortios_system(module.params, fos) + else: + module.fail_json(**FAIL_SOCKET_MSG) + else: + try: + from fortiosapi import FortiOSAPI + except ImportError: + module.fail_json(msg="fortiosapi module is required") + + fos = FortiOSAPI() + + login(module.params, fos) + is_error, has_changed, result = fortios_system(module.params, fos) + fos.logout() + + if not is_error: + module.exit_json(changed=has_changed, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vxlan.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vxlan.py new file mode 100644 index 00000000..4cbadf9e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_vxlan.py @@ -0,0 +1,356 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_vxlan +short_description: Configure VXLAN devices in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and vxlan category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_vxlan: + description: + - Configure VXLAN devices. + default: null + type: dict + suboptions: + dstport: + description: + - VXLAN destination port (1 - 65535). + type: int + interface: + description: + - Outgoing interface for VXLAN encapsulated traffic. Source system.interface.name. + type: str + ip_version: + description: + - IP version to use for the VXLAN interface and so for communication over the VXLAN. IPv4 or IPv6 unicast or multicast. + type: str + choices: + - ipv4-unicast + - ipv6-unicast + - ipv4-multicast + - ipv6-multicast + multicast_ttl: + description: + - VXLAN multicast TTL (1-255). + type: int + name: + description: + - VXLAN device or interface name. Must be a unique interface name. + required: true + type: str + remote_ip: + description: + - IPv4 address of the VXLAN interface on the device at the remote end of the VXLAN. + type: list + suboptions: + ip: + description: + - IPv4 address. + required: true + type: str + remote_ip6: + description: + - IPv6 IP address of the VXLAN interface on the device at the remote end of the VXLAN. + type: list + suboptions: + ip6: + description: + - IPv6 address. + required: true + type: str + vni: + description: + - VXLAN network ID. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VXLAN devices. + fortios_system_vxlan: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_vxlan: + dstport: "3" + interface: " (source system.interface.name)" + ip_version: "ipv4-unicast" + multicast_ttl: "6" + name: "default_name_7" + remote_ip: + - + ip: "" + remote_ip6: + - + ip6: "" + vni: "12" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_vxlan_data(json): + option_list = ['dstport', 'interface', 'ip_version', + 'multicast_ttl', 'name', 'remote_ip', + 'remote_ip6', 'vni'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_vxlan(data, fos): + vdom = data['vdom'] + state = data['state'] + system_vxlan_data = data['system_vxlan'] + filtered_data = underscore_to_hyphen(filter_system_vxlan_data(system_vxlan_data)) + + if state == "present": + return fos.set('system', + 'vxlan', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'vxlan', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_vxlan']: + resp = system_vxlan(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_vxlan')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_vxlan": { + "required": False, "type": "dict", "default": None, + "options": { + "dstport": {"required": False, "type": "int"}, + "interface": {"required": False, "type": "str"}, + "ip_version": {"required": False, "type": "str", + "choices": ["ipv4-unicast", + "ipv6-unicast", + "ipv4-multicast", + "ipv6-multicast"]}, + "multicast_ttl": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "remote_ip": {"required": False, "type": "list", + "options": { + "ip": {"required": True, "type": "str"} + }}, + "remote_ip6": {"required": False, "type": "list", + "options": { + "ip6": {"required": True, "type": "str"} + }}, + "vni": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_wccp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_wccp.py new file mode 100644 index 00000000..c7478ce8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_wccp.py @@ -0,0 +1,470 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_wccp +short_description: Configure WCCP in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and wccp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_wccp: + description: + - Configure WCCP. + default: null + type: dict + suboptions: + assignment_bucket_format: + description: + - Assignment bucket format for the WCCP cache engine. + type: str + choices: + - wccp-v2 + - cisco-implementation + assignment_dstaddr_mask: + description: + - Assignment destination address mask. + type: str + assignment_method: + description: + - Hash key assignment preference. + type: str + choices: + - HASH + - MASK + - any + assignment_srcaddr_mask: + description: + - Assignment source address mask. + type: str + assignment_weight: + description: + - Assignment of hash weight/ratio for the WCCP cache engine. + type: int + authentication: + description: + - Enable/disable MD5 authentication. + type: str + choices: + - enable + - disable + cache_engine_method: + description: + - Method used to forward traffic to the routers or to return to the cache engine. + type: str + choices: + - GRE + - L2 + cache_id: + description: + - IP address known to all routers. If the addresses are the same, use the default 0.0.0.0. + type: str + forward_method: + description: + - Method used to forward traffic to the cache servers. + type: str + choices: + - GRE + - L2 + - any + group_address: + description: + - IP multicast address used by the cache routers. For the FortiGate to ignore multicast WCCP traffic, use the default 0.0.0.0. + type: str + password: + description: + - Password for MD5 authentication. + type: str + ports: + description: + - Service ports. + type: str + ports_defined: + description: + - Match method. + type: str + choices: + - source + - destination + primary_hash: + description: + - Hash method. + type: str + choices: + - src-ip + - dst-ip + - src-port + - dst-port + priority: + description: + - Service priority. + type: int + protocol: + description: + - Service protocol. + type: int + return_method: + description: + - Method used to decline a redirected packet and return it to the FortiGate. + type: str + choices: + - GRE + - L2 + - any + router_id: + description: + - IP address known to all cache engines. If all cache engines connect to the same FortiGate interface, use the default 0.0.0.0. + type: str + router_list: + description: + - IP addresses of one or more WCCP routers. + type: str + server_list: + description: + - IP addresses and netmasks for up to four cache servers. + type: str + service_id: + description: + - Service ID. + type: str + service_type: + description: + - WCCP service type used by the cache server for logical interception and redirection of traffic. + type: str + choices: + - auto + - standard + - dynamic +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WCCP. + fortios_system_wccp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_wccp: + assignment_bucket_format: "wccp-v2" + assignment_dstaddr_mask: "" + assignment_method: "HASH" + assignment_srcaddr_mask: "" + assignment_weight: "7" + authentication: "enable" + cache_engine_method: "GRE" + cache_id: "" + forward_method: "GRE" + group_address: "" + password: "" + ports: "" + ports_defined: "source" + primary_hash: "src-ip" + priority: "17" + protocol: "18" + return_method: "GRE" + router_id: "" + router_list: "" + server_list: "" + service_id: "" + service_type: "auto" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_wccp_data(json): + option_list = ['assignment_bucket_format', 'assignment_dstaddr_mask', 'assignment_method', + 'assignment_srcaddr_mask', 'assignment_weight', 'authentication', + 'cache_engine_method', 'cache_id', 'forward_method', + 'group_address', 'password', 'ports', + 'ports_defined', 'primary_hash', 'priority', + 'protocol', 'return_method', 'router_id', + 'router_list', 'server_list', 'service_id', + 'service_type'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_wccp(data, fos): + vdom = data['vdom'] + state = data['state'] + system_wccp_data = data['system_wccp'] + filtered_data = underscore_to_hyphen(filter_system_wccp_data(system_wccp_data)) + + if state == "present": + return fos.set('system', + 'wccp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'wccp', + mkey=filtered_data['service-id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_wccp']: + resp = system_wccp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_wccp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'service-id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_wccp": { + "required": False, "type": "dict", "default": None, + "options": { + "assignment_bucket_format": {"required": False, "type": "str", + "choices": ["wccp-v2", + "cisco-implementation"]}, + "assignment_dstaddr_mask": {"required": False, "type": "str"}, + "assignment_method": {"required": False, "type": "str", + "choices": ["HASH", + "MASK", + "any"]}, + "assignment_srcaddr_mask": {"required": False, "type": "str"}, + "assignment_weight": {"required": False, "type": "int"}, + "authentication": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cache_engine_method": {"required": False, "type": "str", + "choices": ["GRE", + "L2"]}, + "cache_id": {"required": False, "type": "str"}, + "forward_method": {"required": False, "type": "str", + "choices": ["GRE", + "L2", + "any"]}, + "group_address": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str"}, + "ports": {"required": False, "type": "str"}, + "ports_defined": {"required": False, "type": "str", + "choices": ["source", + "destination"]}, + "primary_hash": {"required": False, "type": "str", + "choices": ["src-ip", + "dst-ip", + "src-port", + "dst-port"]}, + "priority": {"required": False, "type": "int"}, + "protocol": {"required": False, "type": "int"}, + "return_method": {"required": False, "type": "str", + "choices": ["GRE", + "L2", + "any"]}, + "router_id": {"required": False, "type": "str"}, + "router_list": {"required": False, "type": "str"}, + "server_list": {"required": False, "type": "str"}, + "service_id": {"required": False, "type": "str"}, + "service_type": {"required": False, "type": "str", + "choices": ["auto", + "standard", + "dynamic"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_zone.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_zone.py new file mode 100644 index 00000000..f025fb9d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_zone.py @@ -0,0 +1,352 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_system_zone +short_description: Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual + interfaces in the zone in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify system feature and zone category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + system_zone: + description: + - Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces + in the zone. + default: null + type: dict + suboptions: + interface: + description: + - Add interfaces to this zone. Interfaces must not be assigned to another zone or have firewall policies defined. + type: list + suboptions: + interface_name: + description: + - Select two or more interfaces to add to the zone. Source system.interface.name. + type: str + intrazone: + description: + - Allow or deny traffic routing between different interfaces in the same zone . + type: str + choices: + - allow + - deny + name: + description: + - Zone name. + required: true + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in + the zone. + fortios_system_zone: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + system_zone: + interface: + - + interface_name: " (source system.interface.name)" + intrazone: "allow" + name: "default_name_6" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_9" + tags: + - + name: "default_name_11 (source system.object-tagging.tags.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_system_zone_data(json): + option_list = ['interface', 'intrazone', 'name', + 'tagging'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def system_zone(data, fos): + vdom = data['vdom'] + state = data['state'] + system_zone_data = data['system_zone'] + filtered_data = underscore_to_hyphen(filter_system_zone_data(system_zone_data)) + + if state == "present": + return fos.set('system', + 'zone', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('system', + 'zone', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_system(data, fos): + + if data['system_zone']: + resp = system_zone(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('system_zone')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "system_zone": { + "required": False, "type": "dict", "default": None, + "options": { + "interface": {"required": False, "type": "list", + "options": { + "interface_name": {"required": False, "type": "str"} + }}, + "intrazone": {"required": False, "type": "str", + "choices": ["allow", + "deny"]}, + "name": {"required": True, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_system(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_adgrp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_adgrp.py new file mode 100644 index 00000000..3fd4def0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_adgrp.py @@ -0,0 +1,308 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_adgrp +short_description: Configure FSSO groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and adgrp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + user_adgrp: + description: + - Configure FSSO groups. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + name: + description: + - Name. + required: true + type: str + server_name: + description: + - FSSO agent name. Source user.fsso.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FSSO groups. + fortios_user_adgrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_adgrp: + name: "default_name_3" + server_name: " (source user.fsso.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_adgrp_data(json): + option_list = ['name', 'server_name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_adgrp(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['user_adgrp'] and data['user_adgrp']['state']: + state = data['user_adgrp']['state'] + else: + state = True + user_adgrp_data = data['user_adgrp'] + filtered_data = underscore_to_hyphen(filter_user_adgrp_data(user_adgrp_data)) + + if state == "present": + return fos.set('user', + 'adgrp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'adgrp', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_adgrp']: + resp = user_adgrp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_adgrp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "user_adgrp": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "name": {"required": True, "type": "str"}, + "server_name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device.py new file mode 100644 index 00000000..2a9ac06e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device.py @@ -0,0 +1,423 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_device +short_description: Configure devices in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and device category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_device: + description: + - Configure devices. + default: null + type: dict + suboptions: + alias: + description: + - Device alias. + required: true + type: str + avatar: + description: + - Image file for avatar (maximum 4K base64 encoded). + type: str + category: + description: + - Device category. + type: str + choices: + - none + - amazon-device + - android-device + - blackberry-device + - fortinet-device + - ios-device + - windows-device + comment: + description: + - Comment. + type: str + mac: + description: + - Device MAC address(es). + type: str + master_device: + description: + - Master device (optional). Source user.device.alias. + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str + type: + description: + - Device type. + type: str + choices: + - unknown + - android-phone + - android-tablet + - blackberry-phone + - blackberry-playbook + - forticam + - fortifone + - fortinet-device + - gaming-console + - ip-phone + - ipad + - iphone + - linux-pc + - mac + - media-streaming + - printer + - router-nat-device + - windows-pc + - windows-phone + - windows-tablet + - other-network-device + user: + description: + - User name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure devices. + fortios_user_device: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device: + alias: "" + avatar: "" + category: "none" + comment: "Comment." + mac: "" + master_device: " (source user.device.alias)" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_11" + tags: + - + name: "default_name_13 (source system.object-tagging.tags.name)" + type: "unknown" + user: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_device_data(json): + option_list = ['alias', 'avatar', 'category', + 'comment', 'mac', 'master_device', + 'tagging', 'type', 'user'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_device(data, fos): + vdom = data['vdom'] + state = data['state'] + user_device_data = data['user_device'] + filtered_data = underscore_to_hyphen(filter_user_device_data(user_device_data)) + + if state == "present": + return fos.set('user', + 'device', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'device', + mkey=filtered_data['alias'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_device']: + resp = user_device(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_device')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'alias' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_device": { + "required": False, "type": "dict", "default": None, + "options": { + "alias": {"required": True, "type": "str"}, + "avatar": {"required": False, "type": "str"}, + "category": {"required": False, "type": "str", + "choices": ["none", + "amazon-device", + "android-device", + "blackberry-device", + "fortinet-device", + "ios-device", + "windows-device"]}, + "comment": {"required": False, "type": "str"}, + "mac": {"required": False, "type": "str"}, + "master_device": {"required": False, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "type": {"required": False, "type": "str", + "choices": ["unknown", + "android-phone", + "android-tablet", + "blackberry-phone", + "blackberry-playbook", + "forticam", + "fortifone", + "fortinet-device", + "gaming-console", + "ip-phone", + "ipad", + "iphone", + "linux-pc", + "mac", + "media-streaming", + "printer", + "router-nat-device", + "windows-pc", + "windows-phone", + "windows-tablet", + "other-network-device"]}, + "user": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_access_list.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_access_list.py new file mode 100644 index 00000000..5067e666 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_access_list.py @@ -0,0 +1,326 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_device_access_list +short_description: Configure device access control lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and device_access_list category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_device_access_list: + description: + - Configure device access control lists. + default: null + type: dict + suboptions: + default_action: + description: + - Accept or deny unknown/unspecified devices. + type: str + choices: + - accept + - deny + device_list: + description: + - Device list. + type: list + suboptions: + action: + description: + - Allow or block device. + type: str + choices: + - accept + - deny + device: + description: + - Firewall device or device group. Source user.device.alias user.device-group.name user.device-category.name. + type: str + id: + description: + - Entry ID. + required: true + type: int + name: + description: + - Device access list name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure device access control lists. + fortios_user_device_access_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device_access_list: + default_action: "accept" + device_list: + - + action: "accept" + device: " (source user.device.alias user.device-group.name user.device-category.name)" + id: "7" + name: "default_name_8" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_device_access_list_data(json): + option_list = ['default_action', 'device_list', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_device_access_list(data, fos): + vdom = data['vdom'] + state = data['state'] + user_device_access_list_data = data['user_device_access_list'] + filtered_data = underscore_to_hyphen(filter_user_device_access_list_data(user_device_access_list_data)) + + if state == "present": + return fos.set('user', + 'device-access-list', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'device-access-list', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_device_access_list']: + resp = user_device_access_list(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_device_access_list')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_device_access_list": { + "required": False, "type": "dict", "default": None, + "options": { + "default_action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "device_list": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "device": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_category.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_category.py new file mode 100644 index 00000000..abe5a26e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_category.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_device_category +short_description: Configure device categories in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and device_category category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_device_category: + description: + - Configure device categories. + default: null + type: dict + suboptions: + comment: + description: + - Comment. + type: str + desc: + description: + - Device category description. + type: str + name: + description: + - Device category name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure device categories. + fortios_user_device_category: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device_category: + comment: "Comment." + desc: "" + name: "default_name_5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_device_category_data(json): + option_list = ['comment', 'desc', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_device_category(data, fos): + vdom = data['vdom'] + state = data['state'] + user_device_category_data = data['user_device_category'] + filtered_data = underscore_to_hyphen(filter_user_device_category_data(user_device_category_data)) + + if state == "present": + return fos.set('user', + 'device-category', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'device-category', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_device_category']: + resp = user_device_category(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_device_category')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_device_category": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "desc": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_group.py new file mode 100644 index 00000000..6d6ab1a7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_device_group.py @@ -0,0 +1,345 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_device_group +short_description: Configure device groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and device_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_device_group: + description: + - Configure device groups. + default: null + type: dict + suboptions: + comment: + description: + - Comment. + type: str + member: + description: + - Device group member. + type: list + suboptions: + name: + description: + - Device name. Source user.device.alias user.device-category.name. + required: true + type: str + name: + description: + - Device group name. + required: true + type: str + tagging: + description: + - Config object tagging. + type: list + suboptions: + category: + description: + - Tag category. Source system.object-tagging.category. + type: str + name: + description: + - Tagging entry name. + required: true + type: str + tags: + description: + - Tags. + type: list + suboptions: + name: + description: + - Tag name. Source system.object-tagging.tags.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure device groups. + fortios_user_device_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_device_group: + comment: "Comment." + member: + - + name: "default_name_5 (source user.device.alias user.device-category.name)" + name: "default_name_6" + tagging: + - + category: " (source system.object-tagging.category)" + name: "default_name_9" + tags: + - + name: "default_name_11 (source system.object-tagging.tags.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_device_group_data(json): + option_list = ['comment', 'member', 'name', + 'tagging'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_device_group(data, fos): + vdom = data['vdom'] + state = data['state'] + user_device_group_data = data['user_device_group'] + filtered_data = underscore_to_hyphen(filter_user_device_group_data(user_device_group_data)) + + if state == "present": + return fos.set('user', + 'device-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'device-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_device_group']: + resp = user_device_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_device_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_device_group": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "tagging": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tags": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_domain_controller.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_domain_controller.py new file mode 100644 index 00000000..a242a516 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_domain_controller.py @@ -0,0 +1,306 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_domain_controller +short_description: Configure domain controller entries in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and domain_controller category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_domain_controller: + description: + - Configure domain controller entries. + default: null + type: dict + suboptions: + domain_name: + description: + - Domain DNS name. + type: str + ip_address: + description: + - Domain controller IP address. + type: str + ldap_server: + description: + - LDAP server name. Source user.ldap.name. + type: str + name: + description: + - Domain controller entry name. + required: true + type: str + port: + description: + - Port to be used for communication with the domain controller . + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure domain controller entries. + fortios_user_domain_controller: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_domain_controller: + domain_name: "" + ip_address: "" + ldap_server: " (source user.ldap.name)" + name: "default_name_6" + port: "7" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_domain_controller_data(json): + option_list = ['domain_name', 'ip_address', 'ldap_server', + 'name', 'port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_domain_controller(data, fos): + vdom = data['vdom'] + state = data['state'] + user_domain_controller_data = data['user_domain_controller'] + filtered_data = underscore_to_hyphen(filter_user_domain_controller_data(user_domain_controller_data)) + + if state == "present": + return fos.set('user', + 'domain-controller', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'domain-controller', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_domain_controller']: + resp = user_domain_controller(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_domain_controller')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_domain_controller": { + "required": False, "type": "dict", "default": None, + "options": { + "domain_name": {"required": False, "type": "str"}, + "ip_address": {"required": False, "type": "str"}, + "ldap_server": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fortitoken.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fortitoken.py new file mode 100644 index 00000000..f2a127c1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fortitoken.py @@ -0,0 +1,335 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_fortitoken +short_description: Configure FortiToken in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and fortitoken category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_fortitoken: + description: + - Configure FortiToken. + default: null + type: dict + suboptions: + activation_code: + description: + - Mobile token user activation-code. + type: str + activation_expire: + description: + - Mobile token user activation-code expire time. + type: int + comments: + description: + - Comment. + type: str + license: + description: + - Mobile token license. + type: str + os_ver: + description: + - Device Mobile Version. + type: str + reg_id: + description: + - Device Reg ID. + type: str + seed: + description: + - Token seed. + type: str + serial_number: + description: + - Serial number. + type: str + status: + description: + - Status + type: str + choices: + - active + - lock +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiToken. + fortios_user_fortitoken: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_fortitoken: + activation_code: "" + activation_expire: "4" + comments: "" + license: "" + os_ver: "" + reg_id: "" + seed: "" + serial_number: "" + status: "active" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_fortitoken_data(json): + option_list = ['activation_code', 'activation_expire', 'comments', + 'license', 'os_ver', 'reg_id', + 'seed', 'serial_number', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_fortitoken(data, fos): + vdom = data['vdom'] + state = data['state'] + user_fortitoken_data = data['user_fortitoken'] + filtered_data = underscore_to_hyphen(filter_user_fortitoken_data(user_fortitoken_data)) + + if state == "present": + return fos.set('user', + 'fortitoken', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'fortitoken', + mkey=filtered_data['serial-number'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_fortitoken']: + resp = user_fortitoken(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_fortitoken')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'serial-number' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_fortitoken": { + "required": False, "type": "dict", "default": None, + "options": { + "activation_code": {"required": False, "type": "str"}, + "activation_expire": {"required": False, "type": "int"}, + "comments": {"required": False, "type": "str"}, + "license": {"required": False, "type": "str"}, + "os_ver": {"required": False, "type": "str"}, + "reg_id": {"required": False, "type": "str"}, + "seed": {"required": False, "type": "str"}, + "serial_number": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["active", + "lock"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso.py new file mode 100644 index 00000000..b13efcff --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso.py @@ -0,0 +1,395 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_fsso +short_description: Configure Fortinet Single Sign On (FSSO) agents in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and fsso category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_fsso: + description: + - Configure Fortinet Single Sign On (FSSO) agents. + default: null + type: dict + suboptions: + ldap_server: + description: + - LDAP server to get group information. Source user.ldap.name. + type: str + name: + description: + - Name. + required: true + type: str + password: + description: + - Password of the first FSSO collector agent. + type: str + password2: + description: + - Password of the second FSSO collector agent. + type: str + password3: + description: + - Password of the third FSSO collector agent. + type: str + password4: + description: + - Password of the fourth FSSO collector agent. + type: str + password5: + description: + - Password of the fifth FSSO collector agent. + type: str + port: + description: + - Port of the first FSSO collector agent. + type: int + port2: + description: + - Port of the second FSSO collector agent. + type: int + port3: + description: + - Port of the third FSSO collector agent. + type: int + port4: + description: + - Port of the fourth FSSO collector agent. + type: int + port5: + description: + - Port of the fifth FSSO collector agent. + type: int + server: + description: + - Domain name or IP address of the first FSSO collector agent. + type: str + server2: + description: + - Domain name or IP address of the second FSSO collector agent. + type: str + server3: + description: + - Domain name or IP address of the third FSSO collector agent. + type: str + server4: + description: + - Domain name or IP address of the fourth FSSO collector agent. + type: str + server5: + description: + - Domain name or IP address of the fifth FSSO collector agent. + type: str + source_ip: + description: + - Source IP for communications to FSSO agent. + type: str + source_ip6: + description: + - IPv6 source for communications to FSSO agent. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Fortinet Single Sign On (FSSO) agents. + fortios_user_fsso: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_fsso: + ldap_server: " (source user.ldap.name)" + name: "default_name_4" + password: "" + password2: "" + password3: "" + password4: "" + password5: "" + port: "10" + port2: "11" + port3: "12" + port4: "13" + port5: "14" + server: "192.168.100.40" + server2: "" + server3: "" + server4: "" + server5: "" + source_ip: "84.230.14.43" + source_ip6: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_fsso_data(json): + option_list = ['ldap_server', 'name', 'password', + 'password2', 'password3', 'password4', + 'password5', 'port', 'port2', + 'port3', 'port4', 'port5', + 'server', 'server2', 'server3', + 'server4', 'server5', 'source_ip', + 'source_ip6'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_fsso(data, fos): + vdom = data['vdom'] + state = data['state'] + user_fsso_data = data['user_fsso'] + filtered_data = underscore_to_hyphen(filter_user_fsso_data(user_fsso_data)) + + if state == "present": + return fos.set('user', + 'fsso', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'fsso', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_fsso']: + resp = user_fsso(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_fsso')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_fsso": { + "required": False, "type": "dict", "default": None, + "options": { + "ldap_server": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str"}, + "password2": {"required": False, "type": "str"}, + "password3": {"required": False, "type": "str"}, + "password4": {"required": False, "type": "str"}, + "password5": {"required": False, "type": "str"}, + "port": {"required": False, "type": "int"}, + "port2": {"required": False, "type": "int"}, + "port3": {"required": False, "type": "int"}, + "port4": {"required": False, "type": "int"}, + "port5": {"required": False, "type": "int"}, + "server": {"required": False, "type": "str"}, + "server2": {"required": False, "type": "str"}, + "server3": {"required": False, "type": "str"}, + "server4": {"required": False, "type": "str"}, + "server5": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "source_ip6": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso_polling.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso_polling.py new file mode 100644 index 00000000..9200c1a0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_fsso_polling.py @@ -0,0 +1,360 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_fsso_polling +short_description: Configure FSSO active directory servers for polling mode in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and fsso_polling category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_fsso_polling: + description: + - Configure FSSO active directory servers for polling mode. + default: null + type: dict + suboptions: + adgrp: + description: + - LDAP Group Info. + type: list + suboptions: + name: + description: + - Name. + required: true + type: str + default_domain: + description: + - Default domain managed by this Active Directory server. + type: str + id: + description: + - Active Directory server ID. + required: true + type: int + ldap_server: + description: + - LDAP server name used in LDAP connection strings. Source user.ldap.name. + type: str + logon_history: + description: + - Number of hours of logon history to keep, 0 means keep all history. + type: int + password: + description: + - Password required to log into this Active Directory server + type: str + polling_frequency: + description: + - Polling frequency (every 1 to 30 seconds). + type: int + port: + description: + - Port to communicate with this Active Directory server. + type: int + server: + description: + - Host name or IP address of the Active Directory server. + type: str + status: + description: + - Enable/disable polling for the status of this Active Directory server. + type: str + choices: + - enable + - disable + user: + description: + - User name required to log into this Active Directory server. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FSSO active directory servers for polling mode. + fortios_user_fsso_polling: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_fsso_polling: + adgrp: + - + name: "default_name_4" + default_domain: "" + id: "6" + ldap_server: " (source user.ldap.name)" + logon_history: "8" + password: "" + polling_frequency: "10" + port: "11" + server: "192.168.100.40" + status: "enable" + user: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_fsso_polling_data(json): + option_list = ['adgrp', 'default_domain', 'id', + 'ldap_server', 'logon_history', 'password', + 'polling_frequency', 'port', 'server', + 'status', 'user'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_fsso_polling(data, fos): + vdom = data['vdom'] + state = data['state'] + user_fsso_polling_data = data['user_fsso_polling'] + filtered_data = underscore_to_hyphen(filter_user_fsso_polling_data(user_fsso_polling_data)) + + if state == "present": + return fos.set('user', + 'fsso-polling', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'fsso-polling', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_fsso_polling']: + resp = user_fsso_polling(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_fsso_polling')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_fsso_polling": { + "required": False, "type": "dict", "default": None, + "options": { + "adgrp": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "default_domain": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ldap_server": {"required": False, "type": "str"}, + "logon_history": {"required": False, "type": "int"}, + "password": {"required": False, "type": "str"}, + "polling_frequency": {"required": False, "type": "int"}, + "port": {"required": False, "type": "int"}, + "server": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "user": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_group.py new file mode 100644 index 00000000..99865253 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_group.py @@ -0,0 +1,591 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_group +short_description: Configure user groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_group: + description: + - Configure user groups. + default: null + type: dict + suboptions: + auth_concurrent_override: + description: + - Enable/disable overriding the global number of concurrent authentication sessions for this user group. + type: str + choices: + - enable + - disable + auth_concurrent_value: + description: + - Maximum number of concurrent authenticated connections per user (0 - 100). + type: int + authtimeout: + description: + - Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout. + type: int + company: + description: + - Set the action for the company guest user field. + type: str + choices: + - optional + - mandatory + - disabled + email: + description: + - Enable/disable the guest user email address field. + type: str + choices: + - disable + - enable + expire: + description: + - Time in seconds before guest user accounts expire. (1 - 31536000 sec) + type: int + expire_type: + description: + - Determine when the expiration countdown begins. + type: str + choices: + - immediately + - first-successful-login + group_type: + description: + - Set the group to be for firewall authentication, FSSO, RSSO, or guest users. + type: str + choices: + - firewall + - fsso-service + - rsso + - guest + guest: + description: + - Guest User. + type: list + suboptions: + comment: + description: + - Comment. + type: str + company: + description: + - Set the action for the company guest user field. + type: str + email: + description: + - Email. + type: str + expiration: + description: + - Expire time. + type: str + mobile_phone: + description: + - Mobile phone. + type: str + name: + description: + - Guest name. + type: str + password: + description: + - Guest password. + type: str + sponsor: + description: + - Set the action for the sponsor guest user field. + type: str + user_id: + description: + - Guest ID. + type: str + http_digest_realm: + description: + - Realm attribute for MD5-digest authentication. + type: str + id: + description: + - Group ID. + type: int + match: + description: + - Group matches. + type: list + suboptions: + group_name: + description: + - Name of matching group on remote auththentication server. + type: str + id: + description: + - ID. + required: true + type: int + server_name: + description: + - Name of remote auth server. Source user.radius.name user.ldap.name user.tacacs+.name. + type: str + max_accounts: + description: + - Maximum number of guest accounts that can be created for this group (0 means unlimited). + type: int + member: + description: + - Names of users, peers, LDAP severs, or RADIUS servers to add to the user group. + type: list + suboptions: + name: + description: + - Group member name. Source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user + .pop3.name. + required: true + type: str + mobile_phone: + description: + - Enable/disable the guest user mobile phone number field. + type: str + choices: + - disable + - enable + multiple_guest_add: + description: + - Enable/disable addition of multiple guests. + type: str + choices: + - disable + - enable + name: + description: + - Group name. + required: true + type: str + password: + description: + - Guest user password type. + type: str + choices: + - auto-generate + - specify + - disable + sms_custom_server: + description: + - SMS server. Source system.sms-server.name. + type: str + sms_server: + description: + - Send SMS through FortiGuard or other external server. + type: str + choices: + - fortiguard + - custom + sponsor: + description: + - Set the action for the sponsor guest user field. + type: str + choices: + - optional + - mandatory + - disabled + sso_attribute_value: + description: + - Name of the RADIUS user group that this local user group represents. + type: str + user_id: + description: + - Guest user ID type. + type: str + choices: + - email + - auto-generate + - specify + user_name: + description: + - Enable/disable the guest user name entry. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user groups. + fortios_user_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_group: + auth_concurrent_override: "enable" + auth_concurrent_value: "4" + authtimeout: "5" + company: "optional" + email: "disable" + expire: "8" + expire_type: "immediately" + group_type: "firewall" + guest: + - + comment: "Comment." + company: "" + email: "" + expiration: "" + mobile_phone: "" + name: "default_name_17" + password: "" + sponsor: "" + user_id: "" + http_digest_realm: "" + id: "22" + match: + - + group_name: "" + id: "25" + server_name: " (source user.radius.name user.ldap.name user.tacacs+.name)" + max_accounts: "27" + member: + - + name: "default_name_29 (source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user.pop3.name)" + mobile_phone: "disable" + multiple_guest_add: "disable" + name: "default_name_32" + password: "auto-generate" + sms_custom_server: " (source system.sms-server.name)" + sms_server: "fortiguard" + sponsor: "optional" + sso_attribute_value: "" + user_id: "email" + user_name: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_group_data(json): + option_list = ['auth_concurrent_override', 'auth_concurrent_value', 'authtimeout', + 'company', 'email', 'expire', + 'expire_type', 'group_type', 'guest', + 'http_digest_realm', 'id', 'match', + 'max_accounts', 'member', 'mobile_phone', + 'multiple_guest_add', 'name', 'password', + 'sms_custom_server', 'sms_server', 'sponsor', + 'sso_attribute_value', 'user_id', 'user_name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_group(data, fos): + vdom = data['vdom'] + state = data['state'] + user_group_data = data['user_group'] + filtered_data = underscore_to_hyphen(filter_user_group_data(user_group_data)) + + if state == "present": + return fos.set('user', + 'group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_group']: + resp = user_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_group": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_concurrent_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_concurrent_value": {"required": False, "type": "int"}, + "authtimeout": {"required": False, "type": "int"}, + "company": {"required": False, "type": "str", + "choices": ["optional", + "mandatory", + "disabled"]}, + "email": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "expire": {"required": False, "type": "int"}, + "expire_type": {"required": False, "type": "str", + "choices": ["immediately", + "first-successful-login"]}, + "group_type": {"required": False, "type": "str", + "choices": ["firewall", + "fsso-service", + "rsso", + "guest"]}, + "guest": {"required": False, "type": "list", + "options": { + "comment": {"required": False, "type": "str"}, + "company": {"required": False, "type": "str"}, + "email": {"required": False, "type": "str"}, + "expiration": {"required": False, "type": "str"}, + "mobile_phone": {"required": False, "type": "str"}, + "name": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str"}, + "sponsor": {"required": False, "type": "str"}, + "user_id": {"required": False, "type": "str"} + }}, + "http_digest_realm": {"required": False, "type": "str"}, + "id": {"required": False, "type": "int"}, + "match": {"required": False, "type": "list", + "options": { + "group_name": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "server_name": {"required": False, "type": "str"} + }}, + "max_accounts": {"required": False, "type": "int"}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "mobile_phone": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "multiple_guest_add": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str", + "choices": ["auto-generate", + "specify", + "disable"]}, + "sms_custom_server": {"required": False, "type": "str"}, + "sms_server": {"required": False, "type": "str", + "choices": ["fortiguard", + "custom"]}, + "sponsor": {"required": False, "type": "str", + "choices": ["optional", + "mandatory", + "disabled"]}, + "sso_attribute_value": {"required": False, "type": "str"}, + "user_id": {"required": False, "type": "str", + "choices": ["email", + "auto-generate", + "specify"]}, + "user_name": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_krb_keytab.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_krb_keytab.py new file mode 100644 index 00000000..862ab3c9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_krb_keytab.py @@ -0,0 +1,300 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_krb_keytab +short_description: Configure Kerberos keytab entries in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and krb_keytab category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_krb_keytab: + description: + - Configure Kerberos keytab entries. + default: null + type: dict + suboptions: + keytab: + description: + - base64 coded keytab file containing a pre-shared key. + type: str + ldap_server: + description: + - LDAP server name. Source user.ldap.name. + type: str + name: + description: + - Kerberos keytab entry name. + required: true + type: str + principal: + description: + - Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Kerberos keytab entries. + fortios_user_krb_keytab: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_krb_keytab: + keytab: "" + ldap_server: " (source user.ldap.name)" + name: "default_name_5" + principal: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_krb_keytab_data(json): + option_list = ['keytab', 'ldap_server', 'name', + 'principal'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_krb_keytab(data, fos): + vdom = data['vdom'] + state = data['state'] + user_krb_keytab_data = data['user_krb_keytab'] + filtered_data = underscore_to_hyphen(filter_user_krb_keytab_data(user_krb_keytab_data)) + + if state == "present": + return fos.set('user', + 'krb-keytab', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'krb-keytab', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_krb_keytab']: + resp = user_krb_keytab(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_krb_keytab')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_krb_keytab": { + "required": False, "type": "dict", "default": None, + "options": { + "keytab": {"required": False, "type": "str"}, + "ldap_server": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "principal": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_ldap.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_ldap.py new file mode 100644 index 00000000..acab2592 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_ldap.py @@ -0,0 +1,450 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_ldap +short_description: Configure LDAP server entries in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and ldap category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_ldap: + description: + - Configure LDAP server entries. + default: null + type: dict + suboptions: + account_key_filter: + description: + - Account key filter, using the UPN as the search filter. + type: str + account_key_processing: + description: + - Account key processing operation, either keep or strip domain string of UPN in the token. + type: str + choices: + - same + - strip + ca_cert: + description: + - CA certificate name. Source vpn.certificate.ca.name. + type: str + cnid: + description: + - Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". + type: str + dn: + description: + - Distinguished name used to look up entries on the LDAP server. + type: str + group_filter: + description: + - Filter used for group matching. + type: str + group_member_check: + description: + - Group member checking methods. + type: str + choices: + - user-attr + - group-object + - posix-group-object + group_object_filter: + description: + - Filter used for group searching. + type: str + group_search_base: + description: + - Search base used for group searching. + type: str + member_attr: + description: + - Name of attribute from which to get group membership. + type: str + name: + description: + - LDAP server entry name. + required: true + type: str + password: + description: + - Password for initial binding. + type: str + password_expiry_warning: + description: + - Enable/disable password expiry warnings. + type: str + choices: + - enable + - disable + password_renewal: + description: + - Enable/disable online password renewal. + type: str + choices: + - enable + - disable + port: + description: + - Port to be used for communication with the LDAP server . + type: int + secondary_server: + description: + - Secondary LDAP server CN domain name or IP. + type: str + secure: + description: + - Port to be used for authentication. + type: str + choices: + - disable + - starttls + - ldaps + server: + description: + - LDAP server CN domain name or IP. + type: str + source_ip: + description: + - Source IP for communications to LDAP server. + type: str + tertiary_server: + description: + - Tertiary LDAP server CN domain name or IP. + type: str + type: + description: + - Authentication type for LDAP searches. + type: str + choices: + - simple + - anonymous + - regular + username: + description: + - Username (full DN) for initial binding. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure LDAP server entries. + fortios_user_ldap: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_ldap: + account_key_filter: "" + account_key_processing: "same" + ca_cert: " (source vpn.certificate.ca.name)" + cnid: "" + dn: "" + group_filter: "" + group_member_check: "user-attr" + group_object_filter: "" + group_search_base: "" + member_attr: "" + name: "default_name_13" + password: "" + password_expiry_warning: "enable" + password_renewal: "enable" + port: "17" + secondary_server: "" + secure: "disable" + server: "192.168.100.40" + source_ip: "84.230.14.43" + tertiary_server: "" + type: "simple" + username: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_ldap_data(json): + option_list = ['account_key_filter', 'account_key_processing', 'ca_cert', + 'cnid', 'dn', 'group_filter', + 'group_member_check', 'group_object_filter', 'group_search_base', + 'member_attr', 'name', 'password', + 'password_expiry_warning', 'password_renewal', 'port', + 'secondary_server', 'secure', 'server', + 'source_ip', 'tertiary_server', 'type', + 'username'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_ldap(data, fos): + vdom = data['vdom'] + state = data['state'] + user_ldap_data = data['user_ldap'] + filtered_data = underscore_to_hyphen(filter_user_ldap_data(user_ldap_data)) + + if state == "present": + return fos.set('user', + 'ldap', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'ldap', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_ldap']: + resp = user_ldap(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_ldap')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_ldap": { + "required": False, "type": "dict", "default": None, + "options": { + "account_key_filter": {"required": False, "type": "str"}, + "account_key_processing": {"required": False, "type": "str", + "choices": ["same", + "strip"]}, + "ca_cert": {"required": False, "type": "str"}, + "cnid": {"required": False, "type": "str"}, + "dn": {"required": False, "type": "str"}, + "group_filter": {"required": False, "type": "str"}, + "group_member_check": {"required": False, "type": "str", + "choices": ["user-attr", + "group-object", + "posix-group-object"]}, + "group_object_filter": {"required": False, "type": "str"}, + "group_search_base": {"required": False, "type": "str"}, + "member_attr": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "password": {"required": False, "type": "str"}, + "password_expiry_warning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "password_renewal": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "int"}, + "secondary_server": {"required": False, "type": "str"}, + "secure": {"required": False, "type": "str", + "choices": ["disable", + "starttls", + "ldaps"]}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "tertiary_server": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["simple", + "anonymous", + "regular"]}, + "username": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_local.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_local.py new file mode 100644 index 00000000..46803d5d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_local.py @@ -0,0 +1,440 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_local +short_description: Configure local users in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and local category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_local: + description: + - Configure local users. + default: null + type: dict + suboptions: + auth_concurrent_override: + description: + - Enable/disable overriding the policy-auth-concurrent under config system global. + type: str + choices: + - enable + - disable + auth_concurrent_value: + description: + - Maximum number of concurrent logins permitted from the same user. + type: int + authtimeout: + description: + - Time in minutes before the authentication timeout for a user is reached. + type: int + email_to: + description: + - Two-factor recipient"s email address. + type: str + fortitoken: + description: + - Two-factor recipient"s FortiToken serial number. Source user.fortitoken.serial-number. + type: str + id: + description: + - User ID. + type: int + ldap_server: + description: + - Name of LDAP server with which the user must authenticate. Source user.ldap.name. + type: str + name: + description: + - User name. + required: true + type: str + passwd: + description: + - User"s password. + type: str + passwd_policy: + description: + - Password policy to apply to this user, as defined in config user password-policy. Source user.password-policy.name. + type: str + passwd_time: + description: + - Time of the last password update. + type: str + ppk_secret: + description: + - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). + type: str + radius_server: + description: + - Name of RADIUS server with which the user must authenticate. Source user.radius.name. + type: str + sms_custom_server: + description: + - Two-factor recipient"s SMS server. Source system.sms-server.name. + type: str + sms_phone: + description: + - Two-factor recipient"s mobile phone number. + type: str + sms_server: + description: + - Send SMS through FortiGuard or other external server. + type: str + choices: + - fortiguard + - custom + status: + description: + - Enable/disable allowing the local user to authenticate with the FortiGate unit. + type: str + choices: + - enable + - disable + tacacs+_server: + description: + - Name of TACACS+ server with which the user must authenticate. Source user.tacacs+.name. + type: str + two_factor: + description: + - Enable/disable two-factor authentication. + type: str + choices: + - disable + - fortitoken + - email + - sms + type: + description: + - Authentication method. + type: str + choices: + - password + - radius + - tacacs+ + - ldap + workstation: + description: + - Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure local users. + fortios_user_local: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_local: + auth_concurrent_override: "enable" + auth_concurrent_value: "4" + authtimeout: "5" + email_to: "" + fortitoken: " (source user.fortitoken.serial-number)" + id: "8" + ldap_server: " (source user.ldap.name)" + name: "default_name_10" + passwd: "" + passwd_policy: " (source user.password-policy.name)" + passwd_time: "" + ppk_secret: "" + radius_server: " (source user.radius.name)" + sms_custom_server: " (source system.sms-server.name)" + sms_phone: "" + sms_server: "fortiguard" + status: "enable" + tacacs+_server: " (source user.tacacs+.name)" + two_factor: "disable" + type: "password" + workstation: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_local_data(json): + option_list = ['auth_concurrent_override', 'auth_concurrent_value', 'authtimeout', + 'email_to', 'fortitoken', 'id', + 'ldap_server', 'name', 'passwd', + 'passwd_policy', 'passwd_time', 'ppk_secret', + 'radius_server', 'sms_custom_server', 'sms_phone', + 'sms_server', 'status', 'tacacs+_server', + 'two_factor', 'type', 'workstation'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_local(data, fos): + vdom = data['vdom'] + state = data['state'] + user_local_data = data['user_local'] + filtered_data = underscore_to_hyphen(filter_user_local_data(user_local_data)) + + if state == "present": + return fos.set('user', + 'local', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'local', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_local']: + resp = user_local(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_local')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_local": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_concurrent_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_concurrent_value": {"required": False, "type": "int"}, + "authtimeout": {"required": False, "type": "int"}, + "email_to": {"required": False, "type": "str"}, + "fortitoken": {"required": False, "type": "str"}, + "id": {"required": False, "type": "int"}, + "ldap_server": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "passwd": {"required": False, "type": "str"}, + "passwd_policy": {"required": False, "type": "str"}, + "passwd_time": {"required": False, "type": "str"}, + "ppk_secret": {"required": False, "type": "str"}, + "radius_server": {"required": False, "type": "str"}, + "sms_custom_server": {"required": False, "type": "str"}, + "sms_phone": {"required": False, "type": "str"}, + "sms_server": {"required": False, "type": "str", + "choices": ["fortiguard", + "custom"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tacacs+_server": {"required": False, "type": "str"}, + "two_factor": {"required": False, "type": "str", + "choices": ["disable", + "fortitoken", + "email", + "sms"]}, + "type": {"required": False, "type": "str", + "choices": ["password", + "radius", + "tacacs+", + "ldap"]}, + "workstation": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_password_policy.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_password_policy.py new file mode 100644 index 00000000..bf032bc2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_password_policy.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_password_policy +short_description: Configure user password policy in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and password_policy category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_password_policy: + description: + - Configure user password policy. + default: null + type: dict + suboptions: + expire_days: + description: + - Time in days before the user"s password expires. + type: int + name: + description: + - Password policy name. + required: true + type: str + warn_days: + description: + - Time in days before a password expiration warning message is displayed to the user upon login. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user password policy. + fortios_user_password_policy: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_password_policy: + expire_days: "3" + name: "default_name_4" + warn_days: "5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_password_policy_data(json): + option_list = ['expire_days', 'name', 'warn_days'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_password_policy(data, fos): + vdom = data['vdom'] + state = data['state'] + user_password_policy_data = data['user_password_policy'] + filtered_data = underscore_to_hyphen(filter_user_password_policy_data(user_password_policy_data)) + + if state == "present": + return fos.set('user', + 'password-policy', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'password-policy', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_password_policy']: + resp = user_password_policy(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_password_policy')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_password_policy": { + "required": False, "type": "dict", "default": None, + "options": { + "expire_days": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "warn_days": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peer.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peer.py new file mode 100644 index 00000000..4acad81e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peer.py @@ -0,0 +1,384 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_peer +short_description: Configure peer users in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and peer category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_peer: + description: + - Configure peer users. + default: null + type: dict + suboptions: + ca: + description: + - Name of the CA certificate as returned by the execute vpn certificate ca list command. Source vpn.certificate.ca.name. + type: str + cn: + description: + - Peer certificate common name. + type: str + cn_type: + description: + - Peer certificate common name type. + type: str + choices: + - string + - email + - FQDN + - ipv4 + - ipv6 + ldap_mode: + description: + - Mode for LDAP peer authentication. + type: str + choices: + - password + - principal-name + ldap_password: + description: + - Password for LDAP server bind. + type: str + ldap_server: + description: + - Name of an LDAP server defined under the user ldap command. Performs client access rights check. Source user.ldap.name. + type: str + ldap_username: + description: + - Username for LDAP server bind. + type: str + mandatory_ca_verify: + description: + - Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as + valid. + type: str + choices: + - enable + - disable + name: + description: + - Peer name. + required: true + type: str + ocsp_override_server: + description: + - Online Certificate Status Protocol (OCSP) server for certificate retrieval. Source vpn.certificate.ocsp-server.name. + type: str + passwd: + description: + - Peer"s password used for two-factor authentication. + type: str + subject: + description: + - Peer certificate name constraints. + type: str + two_factor: + description: + - Enable/disable two-factor authentication, applying certificate and password-based authentication. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure peer users. + fortios_user_peer: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_peer: + ca: " (source vpn.certificate.ca.name)" + cn: "" + cn_type: "string" + ldap_mode: "password" + ldap_password: "" + ldap_server: " (source user.ldap.name)" + ldap_username: "" + mandatory_ca_verify: "enable" + name: "default_name_11" + ocsp_override_server: " (source vpn.certificate.ocsp-server.name)" + passwd: "" + subject: "" + two_factor: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_peer_data(json): + option_list = ['ca', 'cn', 'cn_type', + 'ldap_mode', 'ldap_password', 'ldap_server', + 'ldap_username', 'mandatory_ca_verify', 'name', + 'ocsp_override_server', 'passwd', 'subject', + 'two_factor'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_peer(data, fos): + vdom = data['vdom'] + state = data['state'] + user_peer_data = data['user_peer'] + filtered_data = underscore_to_hyphen(filter_user_peer_data(user_peer_data)) + + if state == "present": + return fos.set('user', + 'peer', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'peer', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_peer']: + resp = user_peer(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_peer')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_peer": { + "required": False, "type": "dict", "default": None, + "options": { + "ca": {"required": False, "type": "str"}, + "cn": {"required": False, "type": "str"}, + "cn_type": {"required": False, "type": "str", + "choices": ["string", + "email", + "FQDN", + "ipv4", + "ipv6"]}, + "ldap_mode": {"required": False, "type": "str", + "choices": ["password", + "principal-name"]}, + "ldap_password": {"required": False, "type": "str"}, + "ldap_server": {"required": False, "type": "str"}, + "ldap_username": {"required": False, "type": "str"}, + "mandatory_ca_verify": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "ocsp_override_server": {"required": False, "type": "str"}, + "passwd": {"required": False, "type": "str"}, + "subject": {"required": False, "type": "str"}, + "two_factor": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peergrp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peergrp.py new file mode 100644 index 00000000..2d76698d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_peergrp.py @@ -0,0 +1,298 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_peergrp +short_description: Configure peer groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and peergrp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_peergrp: + description: + - Configure peer groups. + default: null + type: dict + suboptions: + member: + description: + - Peer group members. + type: list + suboptions: + name: + description: + - Peer group member name. Source user.peer.name. + required: true + type: str + name: + description: + - Peer group name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure peer groups. + fortios_user_peergrp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_peergrp: + member: + - + name: "default_name_4 (source user.peer.name)" + name: "default_name_5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_peergrp_data(json): + option_list = ['member', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_peergrp(data, fos): + vdom = data['vdom'] + state = data['state'] + user_peergrp_data = data['user_peergrp'] + filtered_data = underscore_to_hyphen(filter_user_peergrp_data(user_peergrp_data)) + + if state == "present": + return fos.set('user', + 'peergrp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'peergrp', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_peergrp']: + resp = user_peergrp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_peergrp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_peergrp": { + "required": False, "type": "dict", "default": None, + "options": { + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_pop3.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_pop3.py new file mode 100644 index 00000000..5ec9f90e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_pop3.py @@ -0,0 +1,307 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_pop3 +short_description: POP3 server entry configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and pop3 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_pop3: + description: + - POP3 server entry configuration. + default: null + type: dict + suboptions: + name: + description: + - POP3 server entry name. + required: true + type: str + port: + description: + - POP3 service port number. + type: int + secure: + description: + - SSL connection. + type: str + choices: + - none + - starttls + - pop3s + server: + description: + - '{} server domain name or IP.' + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: POP3 server entry configuration. + fortios_user_pop3: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_pop3: + name: "default_name_3" + port: "4" + secure: "none" + server: "192.168.100.40" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_pop3_data(json): + option_list = ['name', 'port', 'secure', + 'server'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_pop3(data, fos): + vdom = data['vdom'] + state = data['state'] + user_pop3_data = data['user_pop3'] + filtered_data = underscore_to_hyphen(filter_user_pop3_data(user_pop3_data)) + + if state == "present": + return fos.set('user', + 'pop3', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'pop3', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_pop3']: + resp = user_pop3(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_pop3')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_pop3": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "secure": {"required": False, "type": "str", + "choices": ["none", + "starttls", + "pop3s"]}, + "server": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_quarantine.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_quarantine.py new file mode 100644 index 00000000..7ef8ed5d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_quarantine.py @@ -0,0 +1,309 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_quarantine +short_description: Configure quarantine support in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and quarantine category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + user_quarantine: + description: + - Configure quarantine support. + default: null + type: dict + suboptions: + quarantine: + description: + - Enable/disable quarantine. + type: str + choices: + - enable + - disable + targets: + description: + - Quarantine MACs. + type: list + suboptions: + description: + description: + - Description for the quarantine MAC. + type: str + entry_id: + description: + - FSW entry id for the quarantine MAC. + type: int + mac: + description: + - Quarantine MAC. + required: true + type: str + tag: + description: + - Tags for the quarantine MAC. + type: list + suboptions: + tags: + description: + - Tag string(eg. string1 string2 string3). + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure quarantine support. + fortios_user_quarantine: + vdom: "{{ vdom }}" + user_quarantine: + quarantine: "enable" + targets: + - + description: "" + entry_id: "6" + mac: "" + tag: + - + tags: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_quarantine_data(json): + option_list = ['quarantine', 'targets'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_quarantine(data, fos): + vdom = data['vdom'] + user_quarantine_data = data['user_quarantine'] + filtered_data = underscore_to_hyphen(filter_user_quarantine_data(user_quarantine_data)) + + return fos.set('user', + 'quarantine', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_quarantine']: + resp = user_quarantine(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_quarantine')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "user_quarantine": { + "required": False, "type": "dict", "default": None, + "options": { + "quarantine": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "targets": {"required": False, "type": "list", + "options": { + "description": {"required": False, "type": "str"}, + "entry_id": {"required": False, "type": "int"}, + "mac": {"required": True, "type": "str"}, + "tag": {"required": False, "type": "list", + "options": { + "tags": {"required": True, "type": "str"} + }} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_radius.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_radius.py new file mode 100644 index 00000000..5da43586 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_radius.py @@ -0,0 +1,825 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_radius +short_description: Configure RADIUS server entries in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and radius category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + user_radius: + description: + - Configure RADIUS server entries. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + accounting_server: + description: + - Additional accounting servers. + type: list + suboptions: + id: + description: + - ID (0 - 4294967295). + required: true + type: int + port: + description: + - RADIUS accounting port number. + type: int + secret: + description: + - Secret key. + type: str + server: + description: + - '{} Server CN domain name or IP.' + type: str + source_ip: + description: + - Source IP address for communications to the RADIUS server. + type: str + status: + description: + - Status. + type: str + choices: + - enable + - disable + acct_all_servers: + description: + - Enable/disable sending of accounting messages to all configured servers . + type: str + choices: + - enable + - disable + acct_interim_interval: + description: + - Time in seconds between each accounting interim update message. + type: int + all_usergroup: + description: + - Enable/disable automatically including this RADIUS server in all user groups. + type: str + choices: + - disable + - enable + auth_type: + description: + - Authentication methods/protocols permitted for this RADIUS server. + type: str + choices: + - auto + - ms_chap_v2 + - ms_chap + - chap + - pap + class: + description: + - Class attribute name(s). + type: list + suboptions: + name: + description: + - Class name. + required: true + type: str + h3c_compatibility: + description: + - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. + type: str + choices: + - enable + - disable + name: + description: + - RADIUS server entry name. + required: true + type: str + nas_ip: + description: + - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. + type: str + password_encoding: + description: + - Password encoding. + type: str + choices: + - auto + - ISO-8859-1 + password_renewal: + description: + - Enable/disable password renewal. + type: str + choices: + - enable + - disable + radius_coa: + description: + - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is + authenticated. + type: str + choices: + - enable + - disable + radius_port: + description: + - RADIUS service port number. + type: int + rsso: + description: + - Enable/disable RADIUS based single sign on feature. + type: str + choices: + - enable + - disable + rsso_context_timeout: + description: + - Time in seconds before the logged out user is removed from the "user context list" of logged on users. + type: int + rsso_endpoint_attribute: + description: + - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. + type: str + choices: + - User-Name + - NAS-IP-Address + - Framed-IP-Address + - Framed-IP-Netmask + - Filter-Id + - Login-IP-Host + - Reply-Message + - Callback-Number + - Callback-Id + - Framed-Route + - Framed-IPX-Network + - Class + - Called-Station-Id + - Calling-Station-Id + - NAS-Identifier + - Proxy-State + - Login-LAT-Service + - Login-LAT-Node + - Login-LAT-Group + - Framed-AppleTalk-Zone + - Acct-Session-Id + - Acct-Multi-Session-Id + rsso_endpoint_block_attribute: + description: + - RADIUS attributes used to block a user. + type: str + choices: + - User-Name + - NAS-IP-Address + - Framed-IP-Address + - Framed-IP-Netmask + - Filter-Id + - Login-IP-Host + - Reply-Message + - Callback-Number + - Callback-Id + - Framed-Route + - Framed-IPX-Network + - Class + - Called-Station-Id + - Calling-Station-Id + - NAS-Identifier + - Proxy-State + - Login-LAT-Service + - Login-LAT-Node + - Login-LAT-Group + - Framed-AppleTalk-Zone + - Acct-Session-Id + - Acct-Multi-Session-Id + rsso_ep_one_ip_only: + description: + - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. + type: str + choices: + - enable + - disable + rsso_flush_ip_session: + description: + - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. + type: str + choices: + - enable + - disable + rsso_log_flags: + description: + - Events to log. + type: str + choices: + - protocol-error + - profile-missing + - accounting-stop-missed + - accounting-event + - endpoint-block + - radiusd-other + - none + rsso_log_period: + description: + - Time interval in seconds that group event log messages will be generated for dynamic profile events. + type: int + rsso_radius_response: + description: + - Enable/disable sending RADIUS response packets after receiving Start and Stop records. + type: str + choices: + - enable + - disable + rsso_radius_server_port: + description: + - UDP port to listen on for RADIUS Start and Stop records. + type: int + rsso_secret: + description: + - RADIUS secret used by the RADIUS accounting server. + type: str + rsso_validate_request_secret: + description: + - Enable/disable validating the RADIUS request shared secret in the Start or End record. + type: str + choices: + - enable + - disable + secondary_secret: + description: + - Secret key to access the secondary server. + type: str + secondary_server: + description: + - '{} secondary RADIUS CN domain name or IP.' + type: str + secret: + description: + - Pre-shared secret key used to access the primary RADIUS server. + type: str + server: + description: + - Primary RADIUS server CN domain name or IP address. + type: str + source_ip: + description: + - Source IP address for communications to the RADIUS server. + type: str + sso_attribute: + description: + - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. + type: str + choices: + - User-Name + - NAS-IP-Address + - Framed-IP-Address + - Framed-IP-Netmask + - Filter-Id + - Login-IP-Host + - Reply-Message + - Callback-Number + - Callback-Id + - Framed-Route + - Framed-IPX-Network + - Class + - Called-Station-Id + - Calling-Station-Id + - NAS-Identifier + - Proxy-State + - Login-LAT-Service + - Login-LAT-Node + - Login-LAT-Group + - Framed-AppleTalk-Zone + - Acct-Session-Id + - Acct-Multi-Session-Id + sso_attribute_key: + description: + - Key prefix for SSO group value in the SSO attribute. + type: str + sso_attribute_value_override: + description: + - Enable/disable override old attribute value with new value for the same endpoint. + type: str + choices: + - enable + - disable + tertiary_secret: + description: + - Secret key to access the tertiary server. + type: str + tertiary_server: + description: + - '{} tertiary RADIUS CN domain name or IP.' + type: str + timeout: + description: + - Time in seconds between re-sending authentication requests. + type: int + use_management_vdom: + description: + - Enable/disable using management VDOM to send requests. + type: str + choices: + - enable + - disable + username_case_sensitive: + description: + - Enable/disable case sensitive user names. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure RADIUS server entries. + fortios_user_radius: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_radius: + accounting_server: + - + id: "4" + port: "5" + secret: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + status: "enable" + acct_all_servers: "enable" + acct_interim_interval: "11" + all_usergroup: "disable" + auth_type: "auto" + class: + - + name: "default_name_15" + h3c_compatibility: "enable" + name: "default_name_17" + nas_ip: "" + password_encoding: "auto" + password_renewal: "enable" + radius_coa: "enable" + radius_port: "22" + rsso: "enable" + rsso_context_timeout: "24" + rsso_endpoint_attribute: "User-Name" + rsso_endpoint_block_attribute: "User-Name" + rsso_ep_one_ip_only: "enable" + rsso_flush_ip_session: "enable" + rsso_log_flags: "protocol-error" + rsso_log_period: "30" + rsso_radius_response: "enable" + rsso_radius_server_port: "32" + rsso_secret: "" + rsso_validate_request_secret: "enable" + secondary_secret: "" + secondary_server: "" + secret: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + sso_attribute: "User-Name" + sso_attribute_key: "" + sso_attribute_value_override: "enable" + tertiary_secret: "" + tertiary_server: "" + timeout: "45" + use_management_vdom: "enable" + username_case_sensitive: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_radius_data(json): + option_list = ['accounting_server', 'acct_all_servers', 'acct_interim_interval', + 'all_usergroup', 'auth_type', 'class', + 'h3c_compatibility', 'name', 'nas_ip', + 'password_encoding', 'password_renewal', 'radius_coa', + 'radius_port', 'rsso', 'rsso_context_timeout', + 'rsso_endpoint_attribute', 'rsso_endpoint_block_attribute', 'rsso_ep_one_ip_only', + 'rsso_flush_ip_session', 'rsso_log_flags', 'rsso_log_period', + 'rsso_radius_response', 'rsso_radius_server_port', 'rsso_secret', + 'rsso_validate_request_secret', 'secondary_secret', 'secondary_server', + 'secret', 'server', 'source_ip', + 'sso_attribute', 'sso_attribute_key', 'sso_attribute_value_override', + 'tertiary_secret', 'tertiary_server', 'timeout', + 'use_management_vdom', 'username_case_sensitive'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_radius(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['user_radius'] and data['user_radius']['state']: + state = data['user_radius']['state'] + else: + state = True + user_radius_data = data['user_radius'] + filtered_data = underscore_to_hyphen(filter_user_radius_data(user_radius_data)) + + if state == "present": + return fos.set('user', + 'radius', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'radius', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_radius']: + resp = user_radius(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_radius')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "user_radius": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "accounting_server": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "port": {"required": False, "type": "int"}, + "secret": {"required": False, "type": "str"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "acct_all_servers": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "acct_interim_interval": {"required": False, "type": "int"}, + "all_usergroup": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "auth_type": {"required": False, "type": "str", + "choices": ["auto", + "ms_chap_v2", + "ms_chap", + "chap", + "pap"]}, + "class": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "h3c_compatibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "nas_ip": {"required": False, "type": "str"}, + "password_encoding": {"required": False, "type": "str", + "choices": ["auto", + "ISO-8859-1"]}, + "password_renewal": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "radius_coa": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "radius_port": {"required": False, "type": "int"}, + "rsso": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rsso_context_timeout": {"required": False, "type": "int"}, + "rsso_endpoint_attribute": {"required": False, "type": "str", + "choices": ["User-Name", + "NAS-IP-Address", + "Framed-IP-Address", + "Framed-IP-Netmask", + "Filter-Id", + "Login-IP-Host", + "Reply-Message", + "Callback-Number", + "Callback-Id", + "Framed-Route", + "Framed-IPX-Network", + "Class", + "Called-Station-Id", + "Calling-Station-Id", + "NAS-Identifier", + "Proxy-State", + "Login-LAT-Service", + "Login-LAT-Node", + "Login-LAT-Group", + "Framed-AppleTalk-Zone", + "Acct-Session-Id", + "Acct-Multi-Session-Id"]}, + "rsso_endpoint_block_attribute": {"required": False, "type": "str", + "choices": ["User-Name", + "NAS-IP-Address", + "Framed-IP-Address", + "Framed-IP-Netmask", + "Filter-Id", + "Login-IP-Host", + "Reply-Message", + "Callback-Number", + "Callback-Id", + "Framed-Route", + "Framed-IPX-Network", + "Class", + "Called-Station-Id", + "Calling-Station-Id", + "NAS-Identifier", + "Proxy-State", + "Login-LAT-Service", + "Login-LAT-Node", + "Login-LAT-Group", + "Framed-AppleTalk-Zone", + "Acct-Session-Id", + "Acct-Multi-Session-Id"]}, + "rsso_ep_one_ip_only": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rsso_flush_ip_session": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rsso_log_flags": {"required": False, "type": "str", + "choices": ["protocol-error", + "profile-missing", + "accounting-stop-missed", + "accounting-event", + "endpoint-block", + "radiusd-other", + "none"]}, + "rsso_log_period": {"required": False, "type": "int"}, + "rsso_radius_response": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rsso_radius_server_port": {"required": False, "type": "int"}, + "rsso_secret": {"required": False, "type": "str"}, + "rsso_validate_request_secret": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "secondary_secret": {"required": False, "type": "str"}, + "secondary_server": {"required": False, "type": "str"}, + "secret": {"required": False, "type": "str"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "sso_attribute": {"required": False, "type": "str", + "choices": ["User-Name", + "NAS-IP-Address", + "Framed-IP-Address", + "Framed-IP-Netmask", + "Filter-Id", + "Login-IP-Host", + "Reply-Message", + "Callback-Number", + "Callback-Id", + "Framed-Route", + "Framed-IPX-Network", + "Class", + "Called-Station-Id", + "Calling-Station-Id", + "NAS-Identifier", + "Proxy-State", + "Login-LAT-Service", + "Login-LAT-Node", + "Login-LAT-Group", + "Framed-AppleTalk-Zone", + "Acct-Session-Id", + "Acct-Multi-Session-Id"]}, + "sso_attribute_key": {"required": False, "type": "str"}, + "sso_attribute_value_override": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tertiary_secret": {"required": False, "type": "str"}, + "tertiary_server": {"required": False, "type": "str"}, + "timeout": {"required": False, "type": "int"}, + "use_management_vdom": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "username_case_sensitive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_security_exempt_list.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_security_exempt_list.py new file mode 100644 index 00000000..86900056 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_security_exempt_list.py @@ -0,0 +1,372 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_security_exempt_list +short_description: Configure security exemption list in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and security_exempt_list category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + user_security_exempt_list: + description: + - Configure security exemption list. + default: null + type: dict + suboptions: + description: + description: + - Description. + type: str + name: + description: + - Name of the exempt list. + required: true + type: str + rule: + description: + - Configure rules for exempting users from captive portal authentication. + type: list + suboptions: + devices: + description: + - Devices or device groups. + type: list + suboptions: + name: + description: + - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. + required: true + type: str + dstaddr: + description: + - Destination addresses or address groups. + type: list + suboptions: + name: + description: + - Address or group name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + id: + description: + - ID. + required: true + type: int + service: + description: + - Destination services. + type: list + suboptions: + name: + description: + - Service name. Source firewall.service.custom.name firewall.service.group.name. + required: true + type: str + srcaddr: + description: + - Source addresses or address groups. + type: list + suboptions: + name: + description: + - Address or group name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure security exemption list. + fortios_user_security_exempt_list: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_security_exempt_list: + description: "" + name: "default_name_4" + rule: + - + devices: + - + name: "default_name_7 (source user.device.alias user.device-group.name user.device-category.name)" + dstaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + id: "10" + service: + - + name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)" + srcaddr: + - + name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_security_exempt_list_data(json): + option_list = ['description', 'name', 'rule'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_security_exempt_list(data, fos): + vdom = data['vdom'] + state = data['state'] + user_security_exempt_list_data = data['user_security_exempt_list'] + filtered_data = underscore_to_hyphen(filter_user_security_exempt_list_data(user_security_exempt_list_data)) + + if state == "present": + return fos.set('user', + 'security-exempt-list', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'security-exempt-list', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_security_exempt_list']: + resp = user_security_exempt_list(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_security_exempt_list')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "user_security_exempt_list": { + "required": False, "type": "dict", "default": None, + "options": { + "description": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "rule": {"required": False, "type": "list", + "options": { + "devices": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "service": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_setting.py new file mode 100644 index 00000000..3dfc372b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_setting.py @@ -0,0 +1,414 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_setting +short_description: Configure user authentication setting in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + user_setting: + description: + - Configure user authentication setting. + default: null + type: dict + suboptions: + auth_blackout_time: + description: + - Time in seconds an IP address is denied access after failing to authenticate five times within one minute. + type: int + auth_ca_cert: + description: + - HTTPS CA certificate for policy authentication. Source vpn.certificate.local.name. + type: str + auth_cert: + description: + - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. + type: str + auth_http_basic: + description: + - Enable/disable use of HTTP basic authentication for identity-based firewall policies. + type: str + choices: + - enable + - disable + auth_invalid_max: + description: + - Maximum number of failed authentication attempts before the user is blocked. + type: int + auth_lockout_duration: + description: + - Lockout period in seconds after too many login failures. + type: int + auth_lockout_threshold: + description: + - Maximum number of failed login attempts before login lockout is triggered. + type: int + auth_portal_timeout: + description: + - Time in minutes before captive portal user have to re-authenticate (1 - 30 min). + type: int + auth_ports: + description: + - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + port: + description: + - Non-standard port for firewall user authentication. + type: int + type: + description: + - Service type. + type: str + choices: + - http + - https + - ftp + - telnet + auth_secure_http: + description: + - Enable/disable redirecting HTTP user authentication to more secure HTTPS. + type: str + choices: + - enable + - disable + auth_ssl_allow_renegotiation: + description: + - Allow/forbid SSL re-negotiation for HTTPS authentication. + type: str + choices: + - enable + - disable + auth_timeout: + description: + - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate. + type: int + auth_timeout_type: + description: + - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. + type: str + choices: + - idle-timeout + - hard-timeout + - new-session + auth_type: + description: + - Supported firewall policy authentication protocols/methods. + type: str + choices: + - http + - https + - ftp + - telnet + radius_ses_timeout_act: + description: + - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. + type: str + choices: + - hard-timeout + - ignore-timeout +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure user authentication setting. + fortios_user_setting: + vdom: "{{ vdom }}" + user_setting: + auth_blackout_time: "3" + auth_ca_cert: " (source vpn.certificate.local.name)" + auth_cert: " (source vpn.certificate.local.name)" + auth_http_basic: "enable" + auth_invalid_max: "7" + auth_lockout_duration: "8" + auth_lockout_threshold: "9" + auth_portal_timeout: "10" + auth_ports: + - + id: "12" + port: "13" + type: "http" + auth_secure_http: "enable" + auth_ssl_allow_renegotiation: "enable" + auth_timeout: "17" + auth_timeout_type: "idle-timeout" + auth_type: "http" + radius_ses_timeout_act: "hard-timeout" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_setting_data(json): + option_list = ['auth_blackout_time', 'auth_ca_cert', 'auth_cert', + 'auth_http_basic', 'auth_invalid_max', 'auth_lockout_duration', + 'auth_lockout_threshold', 'auth_portal_timeout', 'auth_ports', + 'auth_secure_http', 'auth_ssl_allow_renegotiation', 'auth_timeout', + 'auth_timeout_type', 'auth_type', 'radius_ses_timeout_act'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_setting(data, fos): + vdom = data['vdom'] + user_setting_data = data['user_setting'] + filtered_data = underscore_to_hyphen(filter_user_setting_data(user_setting_data)) + + return fos.set('user', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_setting']: + resp = user_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "user_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_blackout_time": {"required": False, "type": "int"}, + "auth_ca_cert": {"required": False, "type": "str"}, + "auth_cert": {"required": False, "type": "str"}, + "auth_http_basic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_invalid_max": {"required": False, "type": "int"}, + "auth_lockout_duration": {"required": False, "type": "int"}, + "auth_lockout_threshold": {"required": False, "type": "int"}, + "auth_portal_timeout": {"required": False, "type": "int"}, + "auth_ports": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "port": {"required": False, "type": "int"}, + "type": {"required": False, "type": "str", + "choices": ["http", + "https", + "ftp", + "telnet"]} + }}, + "auth_secure_http": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_ssl_allow_renegotiation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_timeout": {"required": False, "type": "int"}, + "auth_timeout_type": {"required": False, "type": "str", + "choices": ["idle-timeout", + "hard-timeout", + "new-session"]}, + "auth_type": {"required": False, "type": "str", + "choices": ["http", + "https", + "ftp", + "telnet"]}, + "radius_ses_timeout_act": {"required": False, "type": "str", + "choices": ["hard-timeout", + "ignore-timeout"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_tacacsplus.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_tacacsplus.py new file mode 100644 index 00000000..cea4e7ac --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_tacacsplus.py @@ -0,0 +1,381 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_user_tacacsplus +short_description: Configure TACACS+ server entries in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify user feature and tacacsplus category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + user_tacacsplus: + description: + - Configure TACACS+ server entries. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + authen_type: + description: + - Allowed authentication protocols/methods. + type: str + choices: + - mschap + - chap + - pap + - ascii + - auto + authorization: + description: + - Enable/disable TACACS+ authorization. + type: str + choices: + - enable + - disable + key: + description: + - Key to access the primary server. + type: str + name: + description: + - TACACS+ server entry name. + required: true + type: str + port: + description: + - Port number of the TACACS+ server. + type: int + secondary_key: + description: + - Key to access the secondary server. + type: str + secondary_server: + description: + - Secondary TACACS+ server CN domain name or IP address. + type: str + server: + description: + - Primary TACACS+ server CN domain name or IP address. + type: str + source_ip: + description: + - source IP for communications to TACACS+ server. + type: str + tertiary_key: + description: + - Key to access the tertiary server. + type: str + tertiary_server: + description: + - Tertiary TACACS+ server CN domain name or IP address. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure TACACS+ server entries. + fortios_user_tacacsplus: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + user_tacacsplus: + authen_type: "mschap" + authorization: "enable" + key: "" + name: "default_name_6" + port: "7" + secondary_key: "" + secondary_server: "" + server: "192.168.100.40" + source_ip: "84.230.14.43" + tertiary_key: "" + tertiary_server: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_user_tacacsplus_data(json): + option_list = ['authen_type', 'authorization', 'key', + 'name', 'port', 'secondary_key', + 'secondary_server', 'server', 'source_ip', + 'tertiary_key', 'tertiary_server'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def user_tacacsplus(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['user_tacacsplus'] and data['user_tacacsplus']['state']: + state = data['user_tacacsplus']['state'] + else: + state = True + user_tacacsplus_data = data['user_tacacsplus'] + filtered_data = underscore_to_hyphen(filter_user_tacacsplus_data(user_tacacsplus_data)) + + if state == "present": + return fos.set('user', + 'tacacs+', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('user', + 'tacacs+', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_user(data, fos): + + if data['user_tacacsplus']: + resp = user_tacacsplus(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('user_tacacsplus')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "user_tacacsplus": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "authen_type": {"required": False, "type": "str", + "choices": ["mschap", + "chap", + "pap", + "ascii", + "auto"]}, + "authorization": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "key": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "secondary_key": {"required": False, "type": "str"}, + "secondary_server": {"required": False, "type": "str"}, + "server": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "tertiary_key": {"required": False, "type": "str"}, + "tertiary_server": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_user(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_voip_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_voip_profile.py new file mode 100644 index 00000000..76aaf712 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_voip_profile.py @@ -0,0 +1,1398 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_voip_profile +short_description: Configure VoIP profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify voip feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + voip_profile: + description: + - Configure VoIP profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Comment. + type: str + name: + description: + - Profile name. + required: true + type: str + sccp: + description: + - SCCP. + type: dict + suboptions: + block_mcast: + description: + - Enable/disable block multicast RTP connections. + type: str + choices: + - disable + - enable + log_call_summary: + description: + - Enable/disable log summary of SCCP calls. + type: str + choices: + - disable + - enable + log_violations: + description: + - Enable/disable logging of SCCP violations. + type: str + choices: + - disable + - enable + max_calls: + description: + - Maximum calls per minute per SCCP client (max 65535). + type: int + status: + description: + - Enable/disable SCCP. + type: str + choices: + - disable + - enable + verify_header: + description: + - Enable/disable verify SCCP header content. + type: str + choices: + - disable + - enable + sip: + description: + - SIP. + type: dict + suboptions: + ack_rate: + description: + - ACK request rate limit (per second, per policy). + type: int + block_ack: + description: + - Enable/disable block ACK requests. + type: str + choices: + - disable + - enable + block_bye: + description: + - Enable/disable block BYE requests. + type: str + choices: + - disable + - enable + block_cancel: + description: + - Enable/disable block CANCEL requests. + type: str + choices: + - disable + - enable + block_geo_red_options: + description: + - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. + type: str + choices: + - disable + - enable + block_info: + description: + - Enable/disable block INFO requests. + type: str + choices: + - disable + - enable + block_invite: + description: + - Enable/disable block INVITE requests. + type: str + choices: + - disable + - enable + block_long_lines: + description: + - Enable/disable block requests with headers exceeding max-line-length. + type: str + choices: + - disable + - enable + block_message: + description: + - Enable/disable block MESSAGE requests. + type: str + choices: + - disable + - enable + block_notify: + description: + - Enable/disable block NOTIFY requests. + type: str + choices: + - disable + - enable + block_options: + description: + - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. + type: str + choices: + - disable + - enable + block_prack: + description: + - Enable/disable block prack requests. + type: str + choices: + - disable + - enable + block_publish: + description: + - Enable/disable block PUBLISH requests. + type: str + choices: + - disable + - enable + block_refer: + description: + - Enable/disable block REFER requests. + type: str + choices: + - disable + - enable + block_register: + description: + - Enable/disable block REGISTER requests. + type: str + choices: + - disable + - enable + block_subscribe: + description: + - Enable/disable block SUBSCRIBE requests. + type: str + choices: + - disable + - enable + block_unknown: + description: + - Block unrecognized SIP requests (enabled by default). + type: str + choices: + - disable + - enable + block_update: + description: + - Enable/disable block UPDATE requests. + type: str + choices: + - disable + - enable + bye_rate: + description: + - BYE request rate limit (per second, per policy). + type: int + call_keepalive: + description: + - Continue tracking calls with no RTP for this many minutes. + type: int + cancel_rate: + description: + - CANCEL request rate limit (per second, per policy). + type: int + contact_fixup: + description: + - 'Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port.' + type: str + choices: + - disable + - enable + hnt_restrict_source_ip: + description: + - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. + type: str + choices: + - disable + - enable + hosted_nat_traversal: + description: + - Hosted NAT Traversal (HNT). + type: str + choices: + - disable + - enable + info_rate: + description: + - INFO request rate limit (per second, per policy). + type: int + invite_rate: + description: + - INVITE request rate limit (per second, per policy). + type: int + ips_rtp: + description: + - Enable/disable allow IPS on RTP. + type: str + choices: + - disable + - enable + log_call_summary: + description: + - Enable/disable logging of SIP call summary. + type: str + choices: + - disable + - enable + log_violations: + description: + - Enable/disable logging of SIP violations. + type: str + choices: + - disable + - enable + malformed_header_allow: + description: + - Action for malformed Allow header. + type: str + choices: + - discard + - pass + - respond + malformed_header_call_id: + description: + - Action for malformed Call-ID header. + type: str + choices: + - discard + - pass + - respond + malformed_header_contact: + description: + - Action for malformed Contact header. + type: str + choices: + - discard + - pass + - respond + malformed_header_content_length: + description: + - Action for malformed Content-Length header. + type: str + choices: + - discard + - pass + - respond + malformed_header_content_type: + description: + - Action for malformed Content-Type header. + type: str + choices: + - discard + - pass + - respond + malformed_header_cseq: + description: + - Action for malformed CSeq header. + type: str + choices: + - discard + - pass + - respond + malformed_header_expires: + description: + - Action for malformed Expires header. + type: str + choices: + - discard + - pass + - respond + malformed_header_from: + description: + - Action for malformed From header. + type: str + choices: + - discard + - pass + - respond + malformed_header_max_forwards: + description: + - Action for malformed Max-Forwards header. + type: str + choices: + - discard + - pass + - respond + malformed_header_p_asserted_identity: + description: + - Action for malformed P-Asserted-Identity header. + type: str + choices: + - discard + - pass + - respond + malformed_header_rack: + description: + - Action for malformed RAck header. + type: str + choices: + - discard + - pass + - respond + malformed_header_record_route: + description: + - Action for malformed Record-Route header. + type: str + choices: + - discard + - pass + - respond + malformed_header_route: + description: + - Action for malformed Route header. + type: str + choices: + - discard + - pass + - respond + malformed_header_rseq: + description: + - Action for malformed RSeq header. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_a: + description: + - Action for malformed SDP a line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_b: + description: + - Action for malformed SDP b line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_c: + description: + - Action for malformed SDP c line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_i: + description: + - Action for malformed SDP i line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_k: + description: + - Action for malformed SDP k line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_m: + description: + - Action for malformed SDP m line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_o: + description: + - Action for malformed SDP o line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_r: + description: + - Action for malformed SDP r line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_s: + description: + - Action for malformed SDP s line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_t: + description: + - Action for malformed SDP t line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_v: + description: + - Action for malformed SDP v line. + type: str + choices: + - discard + - pass + - respond + malformed_header_sdp_z: + description: + - Action for malformed SDP z line. + type: str + choices: + - discard + - pass + - respond + malformed_header_to: + description: + - Action for malformed To header. + type: str + choices: + - discard + - pass + - respond + malformed_header_via: + description: + - Action for malformed VIA header. + type: str + choices: + - discard + - pass + - respond + malformed_request_line: + description: + - Action for malformed request line. + type: str + choices: + - discard + - pass + - respond + max_body_length: + description: + - Maximum SIP message body length (0 meaning no limit). + type: int + max_dialogs: + description: + - Maximum number of concurrent calls/dialogs (per policy). + type: int + max_idle_dialogs: + description: + - Maximum number established but idle dialogs to retain (per policy). + type: int + max_line_length: + description: + - Maximum SIP header line length (78-4096). + type: int + message_rate: + description: + - MESSAGE request rate limit (per second, per policy). + type: int + nat_trace: + description: + - Enable/disable preservation of original IP in SDP i line. + type: str + choices: + - disable + - enable + no_sdp_fixup: + description: + - Enable/disable no SDP fix-up. + type: str + choices: + - disable + - enable + notify_rate: + description: + - NOTIFY request rate limit (per second, per policy). + type: int + open_contact_pinhole: + description: + - Enable/disable open pinhole for non-REGISTER Contact port. + type: str + choices: + - disable + - enable + open_record_route_pinhole: + description: + - Enable/disable open pinhole for Record-Route port. + type: str + choices: + - disable + - enable + open_register_pinhole: + description: + - Enable/disable open pinhole for REGISTER Contact port. + type: str + choices: + - disable + - enable + open_via_pinhole: + description: + - Enable/disable open pinhole for Via port. + type: str + choices: + - disable + - enable + options_rate: + description: + - OPTIONS request rate limit (per second, per policy). + type: int + prack_rate: + description: + - PRACK request rate limit (per second, per policy). + type: int + preserve_override: + description: + - 'Override i line to preserve original IPS .' + type: str + choices: + - disable + - enable + provisional_invite_expiry_time: + description: + - Expiry time for provisional INVITE (10 - 3600 sec). + type: int + publish_rate: + description: + - PUBLISH request rate limit (per second, per policy). + type: int + refer_rate: + description: + - REFER request rate limit (per second, per policy). + type: int + register_contact_trace: + description: + - Enable/disable trace original IP/port within the contact header of REGISTER requests. + type: str + choices: + - disable + - enable + register_rate: + description: + - REGISTER request rate limit (per second, per policy). + type: int + rfc2543_branch: + description: + - Enable/disable support via branch compliant with RFC 2543. + type: str + choices: + - disable + - enable + rtp: + description: + - Enable/disable create pinholes for RTP traffic to traverse firewall. + type: str + choices: + - disable + - enable + ssl_algorithm: + description: + - Relative strength of encryption algorithms accepted in negotiation. + type: str + choices: + - high + - medium + - low + ssl_auth_client: + description: + - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. + type: str + ssl_auth_server: + description: + - Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. + type: str + ssl_client_certificate: + description: + - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. + type: str + ssl_client_renegotiation: + description: + - Allow/block client renegotiation by server. + type: str + choices: + - allow + - deny + - secure + ssl_max_version: + description: + - Highest SSL/TLS version to negotiate. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_min_version: + description: + - Lowest SSL/TLS version to negotiate. + type: str + choices: + - ssl-3.0 + - tls-1.0 + - tls-1.1 + - tls-1.2 + ssl_mode: + description: + - SSL/TLS mode for encryption & decryption of traffic. + type: str + choices: + - off + - full + ssl_pfs: + description: + - SSL Perfect Forward Secrecy. + type: str + choices: + - require + - deny + - allow + ssl_send_empty_frags: + description: + - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). + type: str + choices: + - enable + - disable + ssl_server_certificate: + description: + - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. + type: str + status: + description: + - Enable/disable SIP. + type: str + choices: + - disable + - enable + strict_register: + description: + - Enable/disable only allow the registrar to connect. + type: str + choices: + - disable + - enable + subscribe_rate: + description: + - SUBSCRIBE request rate limit (per second, per policy). + type: int + unknown_header: + description: + - Action for unknown SIP header. + type: str + choices: + - discard + - pass + - respond + update_rate: + description: + - UPDATE request rate limit (per second, per policy). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VoIP profiles. + fortios_voip_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + voip_profile: + comment: "Comment." + name: "default_name_4" + sccp: + block_mcast: "disable" + log_call_summary: "disable" + log_violations: "disable" + max_calls: "9" + status: "disable" + verify_header: "disable" + sip: + ack_rate: "13" + block_ack: "disable" + block_bye: "disable" + block_cancel: "disable" + block_geo_red_options: "disable" + block_info: "disable" + block_invite: "disable" + block_long_lines: "disable" + block_message: "disable" + block_notify: "disable" + block_options: "disable" + block_prack: "disable" + block_publish: "disable" + block_refer: "disable" + block_register: "disable" + block_subscribe: "disable" + block_unknown: "disable" + block_update: "disable" + bye_rate: "31" + call_keepalive: "32" + cancel_rate: "33" + contact_fixup: "disable" + hnt_restrict_source_ip: "disable" + hosted_nat_traversal: "disable" + info_rate: "37" + invite_rate: "38" + ips_rtp: "disable" + log_call_summary: "disable" + log_violations: "disable" + malformed_header_allow: "discard" + malformed_header_call_id: "discard" + malformed_header_contact: "discard" + malformed_header_content_length: "discard" + malformed_header_content_type: "discard" + malformed_header_cseq: "discard" + malformed_header_expires: "discard" + malformed_header_from: "discard" + malformed_header_max_forwards: "discard" + malformed_header_p_asserted_identity: "discard" + malformed_header_rack: "discard" + malformed_header_record_route: "discard" + malformed_header_route: "discard" + malformed_header_rseq: "discard" + malformed_header_sdp_a: "discard" + malformed_header_sdp_b: "discard" + malformed_header_sdp_c: "discard" + malformed_header_sdp_i: "discard" + malformed_header_sdp_k: "discard" + malformed_header_sdp_m: "discard" + malformed_header_sdp_o: "discard" + malformed_header_sdp_r: "discard" + malformed_header_sdp_s: "discard" + malformed_header_sdp_t: "discard" + malformed_header_sdp_v: "discard" + malformed_header_sdp_z: "discard" + malformed_header_to: "discard" + malformed_header_via: "discard" + malformed_request_line: "discard" + max_body_length: "71" + max_dialogs: "72" + max_idle_dialogs: "73" + max_line_length: "74" + message_rate: "75" + nat_trace: "disable" + no_sdp_fixup: "disable" + notify_rate: "78" + open_contact_pinhole: "disable" + open_record_route_pinhole: "disable" + open_register_pinhole: "disable" + open_via_pinhole: "disable" + options_rate: "83" + prack_rate: "84" + preserve_override: "disable" + provisional_invite_expiry_time: "86" + publish_rate: "87" + refer_rate: "88" + register_contact_trace: "disable" + register_rate: "90" + rfc2543_branch: "disable" + rtp: "disable" + ssl_algorithm: "high" + ssl_auth_client: " (source user.peer.name user.peergrp.name)" + ssl_auth_server: " (source user.peer.name user.peergrp.name)" + ssl_client_certificate: " (source vpn.certificate.local.name)" + ssl_client_renegotiation: "allow" + ssl_max_version: "ssl-3.0" + ssl_min_version: "ssl-3.0" + ssl_mode: "off" + ssl_pfs: "require" + ssl_send_empty_frags: "enable" + ssl_server_certificate: " (source vpn.certificate.local.name)" + status: "disable" + strict_register: "disable" + subscribe_rate: "106" + unknown_header: "discard" + update_rate: "108" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_voip_profile_data(json): + option_list = ['comment', 'name', 'sccp', + 'sip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def voip_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['voip_profile'] and data['voip_profile']['state']: + state = data['voip_profile']['state'] + else: + state = True + voip_profile_data = data['voip_profile'] + filtered_data = underscore_to_hyphen(filter_voip_profile_data(voip_profile_data)) + + if state == "present": + return fos.set('voip', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('voip', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_voip(data, fos): + + if data['voip_profile']: + resp = voip_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('voip_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "voip_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "sccp": {"required": False, "type": "dict", + "options": { + "block_mcast": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_call_summary": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_violations": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "max_calls": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "verify_header": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + }}, + "sip": {"required": False, "type": "dict", + "options": { + "ack_rate": {"required": False, "type": "int"}, + "block_ack": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_bye": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_cancel": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_geo_red_options": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_info": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_invite": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_long_lines": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_message": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_notify": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_options": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_prack": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_publish": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_refer": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_register": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_subscribe": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_unknown": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "block_update": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "bye_rate": {"required": False, "type": "int"}, + "call_keepalive": {"required": False, "type": "int"}, + "cancel_rate": {"required": False, "type": "int"}, + "contact_fixup": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "hnt_restrict_source_ip": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "hosted_nat_traversal": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "info_rate": {"required": False, "type": "int"}, + "invite_rate": {"required": False, "type": "int"}, + "ips_rtp": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_call_summary": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "log_violations": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "malformed_header_allow": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_call_id": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_contact": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_content_length": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_content_type": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_cseq": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_expires": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_from": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_max_forwards": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_p_asserted_identity": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_rack": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_record_route": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_route": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_rseq": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_a": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_b": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_c": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_i": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_k": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_m": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_o": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_r": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_s": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_t": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_v": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_sdp_z": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_to": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_header_via": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "malformed_request_line": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "max_body_length": {"required": False, "type": "int"}, + "max_dialogs": {"required": False, "type": "int"}, + "max_idle_dialogs": {"required": False, "type": "int"}, + "max_line_length": {"required": False, "type": "int"}, + "message_rate": {"required": False, "type": "int"}, + "nat_trace": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "no_sdp_fixup": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "notify_rate": {"required": False, "type": "int"}, + "open_contact_pinhole": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "open_record_route_pinhole": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "open_register_pinhole": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "open_via_pinhole": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "options_rate": {"required": False, "type": "int"}, + "prack_rate": {"required": False, "type": "int"}, + "preserve_override": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "provisional_invite_expiry_time": {"required": False, "type": "int"}, + "publish_rate": {"required": False, "type": "int"}, + "refer_rate": {"required": False, "type": "int"}, + "register_contact_trace": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "register_rate": {"required": False, "type": "int"}, + "rfc2543_branch": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rtp": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "ssl_auth_client": {"required": False, "type": "str"}, + "ssl_auth_server": {"required": False, "type": "str"}, + "ssl_client_certificate": {"required": False, "type": "str"}, + "ssl_client_renegotiation": {"required": False, "type": "str", + "choices": ["allow", + "deny", + "secure"]}, + "ssl_max_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_min_version": {"required": False, "type": "str", + "choices": ["ssl-3.0", + "tls-1.0", + "tls-1.1", + "tls-1.2"]}, + "ssl_mode": {"required": False, "type": "str", + "choices": ["off", + "full"]}, + "ssl_pfs": {"required": False, "type": "str", + "choices": ["require", + "deny", + "allow"]}, + "ssl_send_empty_frags": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_server_certificate": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "strict_register": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "subscribe_rate": {"required": False, "type": "int"}, + "unknown_header": {"required": False, "type": "str", + "choices": ["discard", + "pass", + "respond"]}, + "update_rate": {"required": False, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_voip(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ca.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ca.py new file mode 100644 index 00000000..3ec5b2cc --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ca.py @@ -0,0 +1,357 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_certificate_ca +short_description: CA certificate in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_certificate feature and ca category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_certificate_ca: + description: + - CA certificate. + default: null + type: dict + suboptions: + auto_update_days: + description: + - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). + type: int + auto_update_days_warning: + description: + - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). + type: int + ca: + description: + - CA certificate as a PEM file. + type: str + last_updated: + description: + - Time at which CA was last updated. + type: int + name: + description: + - Name. + required: true + type: str + range: + description: + - Either global or VDOM IP address range for the CA certificate. + type: str + choices: + - global + - vdom + scep_url: + description: + - URL of the SCEP server. + type: str + source: + description: + - CA certificate source type. + type: str + choices: + - factory + - user + - bundle + - fortiguard + source_ip: + description: + - Source IP address for communications to the SCEP server. + type: str + trusted: + description: + - Enable/disable as a trusted CA. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: CA certificate. + fortios_vpn_certificate_ca: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_ca: + auto_update_days: "3" + auto_update_days_warning: "4" + ca: "" + last_updated: "6" + name: "default_name_7" + range: "global" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + trusted: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_certificate_ca_data(json): + option_list = ['auto_update_days', 'auto_update_days_warning', 'ca', + 'last_updated', 'name', 'range', + 'scep_url', 'source', 'source_ip', + 'trusted'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_certificate_ca(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_certificate_ca_data = data['vpn_certificate_ca'] + filtered_data = underscore_to_hyphen(filter_vpn_certificate_ca_data(vpn_certificate_ca_data)) + + if state == "present": + return fos.set('vpn.certificate', + 'ca', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.certificate', + 'ca', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_certificate(data, fos): + + if data['vpn_certificate_ca']: + resp = vpn_certificate_ca(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_certificate_ca')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_certificate_ca": { + "required": False, "type": "dict", "default": None, + "options": { + "auto_update_days": {"required": False, "type": "int"}, + "auto_update_days_warning": {"required": False, "type": "int"}, + "ca": {"required": False, "type": "str"}, + "last_updated": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "range": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "scep_url": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["factory", + "user", + "bundle", + "fortiguard"]}, + "source_ip": {"required": False, "type": "str"}, + "trusted": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_crl.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_crl.py new file mode 100644 index 00000000..537f319c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_crl.py @@ -0,0 +1,377 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_certificate_crl +short_description: Certificate Revocation List as a PEM file in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_certificate feature and crl category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_certificate_crl: + description: + - Certificate Revocation List as a PEM file. + default: null + type: dict + suboptions: + crl: + description: + - Certificate Revocation List as a PEM file. + type: str + http_url: + description: + - HTTP server URL for CRL auto-update. + type: str + last_updated: + description: + - Time at which CRL was last updated. + type: int + ldap_password: + description: + - LDAP server user password. + type: str + ldap_server: + description: + - LDAP server name for CRL auto-update. + type: str + ldap_username: + description: + - LDAP server user name. + type: str + name: + description: + - Name. + required: true + type: str + range: + description: + - Either global or VDOM IP address range for the certificate. + type: str + choices: + - global + - vdom + scep_cert: + description: + - Local certificate for SCEP communication for CRL auto-update. Source vpn.certificate.local.name. + type: str + scep_url: + description: + - SCEP server URL for CRL auto-update. + type: str + source: + description: + - Certificate source type. + type: str + choices: + - factory + - user + - bundle + - fortiguard + source_ip: + description: + - Source IP address for communications to a HTTP or SCEP CA server. + type: str + update_interval: + description: + - Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. + type: int + update_vdom: + description: + - VDOM for CRL update. Source system.vdom.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Certificate Revocation List as a PEM file. + fortios_vpn_certificate_crl: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_crl: + crl: "" + http_url: "" + last_updated: "5" + ldap_password: "" + ldap_server: "" + ldap_username: "" + name: "default_name_9" + range: "global" + scep_cert: " (source vpn.certificate.local.name)" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + update_interval: "15" + update_vdom: " (source system.vdom.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_certificate_crl_data(json): + option_list = ['crl', 'http_url', 'last_updated', + 'ldap_password', 'ldap_server', 'ldap_username', + 'name', 'range', 'scep_cert', + 'scep_url', 'source', 'source_ip', + 'update_interval', 'update_vdom'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_certificate_crl(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_certificate_crl_data = data['vpn_certificate_crl'] + filtered_data = underscore_to_hyphen(filter_vpn_certificate_crl_data(vpn_certificate_crl_data)) + + if state == "present": + return fos.set('vpn.certificate', + 'crl', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.certificate', + 'crl', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_certificate(data, fos): + + if data['vpn_certificate_crl']: + resp = vpn_certificate_crl(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_certificate_crl')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_certificate_crl": { + "required": False, "type": "dict", "default": None, + "options": { + "crl": {"required": False, "type": "str"}, + "http_url": {"required": False, "type": "str"}, + "last_updated": {"required": False, "type": "int"}, + "ldap_password": {"required": False, "type": "str"}, + "ldap_server": {"required": False, "type": "str"}, + "ldap_username": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "range": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "scep_cert": {"required": False, "type": "str"}, + "scep_url": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["factory", + "user", + "bundle", + "fortiguard"]}, + "source_ip": {"required": False, "type": "str"}, + "update_interval": {"required": False, "type": "int"}, + "update_vdom": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_local.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_local.py new file mode 100644 index 00000000..97c656d3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_local.py @@ -0,0 +1,462 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_certificate_local +short_description: Local keys and certificates in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_certificate feature and local category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_certificate_local: + description: + - Local keys and certificates. + default: null + type: dict + suboptions: + auto_regenerate_days: + description: + - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). + type: int + auto_regenerate_days_warning: + description: + - Number of days to wait before an expiry warning message is generated (0 = disabled). + type: int + ca_identifier: + description: + - CA identifier of the CA server for signing via SCEP. + type: str + certificate: + description: + - PEM format certificate. + type: str + cmp_path: + description: + - Path location inside CMP server. + type: str + cmp_regeneration_method: + description: + - CMP auto-regeneration method. + type: str + choices: + - keyupate + - renewal + cmp_server: + description: + - '"ADDRESS:PORT" for CMP server.' + type: str + cmp_server_cert: + description: + - CMP server certificate. Source vpn.certificate.ca.name. + type: str + comments: + description: + - Comment. + type: str + csr: + description: + - Certificate Signing Request. + type: str + enroll_protocol: + description: + - Certificate enrollment protocol. + type: str + choices: + - none + - scep + - cmpv2 + ike_localid: + description: + - Local ID the FortiGate uses for authentication as a VPN client. + type: str + ike_localid_type: + description: + - IKE local ID type. + type: str + choices: + - asn1dn + - fqdn + last_updated: + description: + - Time at which certificate was last updated. + type: int + name: + description: + - Name. + required: true + type: str + name_encoding: + description: + - Name encoding method for auto-regeneration. + type: str + choices: + - printable + - utf8 + password: + description: + - Password as a PEM file. + type: str + private_key: + description: + - PEM format key, encrypted with a password. + type: str + range: + description: + - Either a global or VDOM IP address range for the certificate. + type: str + choices: + - global + - vdom + scep_password: + description: + - SCEP server challenge password for auto-regeneration. + type: str + scep_url: + description: + - SCEP server URL. + type: str + source: + description: + - Certificate source type. + type: str + choices: + - factory + - user + - bundle + - fortiguard + source_ip: + description: + - Source IP address for communications to the SCEP server. + type: str + state: + description: + - Certificate Signing Request State. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Local keys and certificates. + fortios_vpn_certificate_local: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_local: + auto_regenerate_days: "3" + auto_regenerate_days_warning: "4" + ca_identifier: "myId_5" + certificate: "" + cmp_path: "" + cmp_regeneration_method: "keyupate" + cmp_server: "" + cmp_server_cert: " (source vpn.certificate.ca.name)" + comments: "" + csr: "" + enroll_protocol: "none" + ike_localid: "" + ike_localid_type: "asn1dn" + last_updated: "16" + name: "default_name_17" + name_encoding: "printable" + password: "" + private_key: "" + range: "global" + scep_password: "" + scep_url: "" + source: "factory" + source_ip: "84.230.14.43" + state: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_certificate_local_data(json): + option_list = ['auto_regenerate_days', 'auto_regenerate_days_warning', 'ca_identifier', + 'certificate', 'cmp_path', 'cmp_regeneration_method', + 'cmp_server', 'cmp_server_cert', 'comments', + 'csr', 'enroll_protocol', 'ike_localid', + 'ike_localid_type', 'last_updated', 'name', + 'name_encoding', 'password', 'private_key', + 'range', 'scep_password', 'scep_url', + 'source', 'source_ip', 'state'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_certificate_local(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_certificate_local_data = data['vpn_certificate_local'] + filtered_data = underscore_to_hyphen(filter_vpn_certificate_local_data(vpn_certificate_local_data)) + + if state == "present": + return fos.set('vpn.certificate', + 'local', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.certificate', + 'local', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_certificate(data, fos): + + if data['vpn_certificate_local']: + resp = vpn_certificate_local(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_certificate_local')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_certificate_local": { + "required": False, "type": "dict", "default": None, + "options": { + "auto_regenerate_days": {"required": False, "type": "int"}, + "auto_regenerate_days_warning": {"required": False, "type": "int"}, + "ca_identifier": {"required": False, "type": "str"}, + "certificate": {"required": False, "type": "str"}, + "cmp_path": {"required": False, "type": "str"}, + "cmp_regeneration_method": {"required": False, "type": "str", + "choices": ["keyupate", + "renewal"]}, + "cmp_server": {"required": False, "type": "str"}, + "cmp_server_cert": {"required": False, "type": "str"}, + "comments": {"required": False, "type": "str"}, + "csr": {"required": False, "type": "str"}, + "enroll_protocol": {"required": False, "type": "str", + "choices": ["none", + "scep", + "cmpv2"]}, + "ike_localid": {"required": False, "type": "str"}, + "ike_localid_type": {"required": False, "type": "str", + "choices": ["asn1dn", + "fqdn"]}, + "last_updated": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "name_encoding": {"required": False, "type": "str", + "choices": ["printable", + "utf8"]}, + "password": {"required": False, "type": "str"}, + "private_key": {"required": False, "type": "str"}, + "range": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "scep_password": {"required": False, "type": "str"}, + "scep_url": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["factory", + "user", + "bundle", + "fortiguard"]}, + "source_ip": {"required": False, "type": "str"}, + "state": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ocsp_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ocsp_server.py new file mode 100644 index 00000000..590d821c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_ocsp_server.py @@ -0,0 +1,324 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_certificate_ocsp_server +short_description: OCSP server configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_certificate feature and ocsp_server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_certificate_ocsp_server: + description: + - OCSP server configuration. + default: null + type: dict + suboptions: + cert: + description: + - OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. + type: str + name: + description: + - OCSP server entry name. + required: true + type: str + secondary_cert: + description: + - Secondary OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. + type: str + secondary_url: + description: + - Secondary OCSP server URL. + type: str + source_ip: + description: + - Source IP address for communications to the OCSP server. + type: str + unavail_action: + description: + - Action when server is unavailable (revoke the certificate or ignore the result of the check). + type: str + choices: + - revoke + - ignore + url: + description: + - OCSP server URL. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: OCSP server configuration. + fortios_vpn_certificate_ocsp_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_ocsp_server: + cert: " (source vpn.certificate.remote.name vpn.certificate.ca.name)" + name: "default_name_4" + secondary_cert: " (source vpn.certificate.remote.name vpn.certificate.ca.name)" + secondary_url: "" + source_ip: "84.230.14.43" + unavail_action: "revoke" + url: "myurl.com" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_certificate_ocsp_server_data(json): + option_list = ['cert', 'name', 'secondary_cert', + 'secondary_url', 'source_ip', 'unavail_action', + 'url'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_certificate_ocsp_server(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_certificate_ocsp_server_data = data['vpn_certificate_ocsp_server'] + filtered_data = underscore_to_hyphen(filter_vpn_certificate_ocsp_server_data(vpn_certificate_ocsp_server_data)) + + if state == "present": + return fos.set('vpn.certificate', + 'ocsp-server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.certificate', + 'ocsp-server', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_certificate(data, fos): + + if data['vpn_certificate_ocsp_server']: + resp = vpn_certificate_ocsp_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_certificate_ocsp_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_certificate_ocsp_server": { + "required": False, "type": "dict", "default": None, + "options": { + "cert": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "secondary_cert": {"required": False, "type": "str"}, + "secondary_url": {"required": False, "type": "str"}, + "source_ip": {"required": False, "type": "str"}, + "unavail_action": {"required": False, "type": "str", + "choices": ["revoke", + "ignore"]}, + "url": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_remote.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_remote.py new file mode 100644 index 00000000..4f2fe5ff --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_remote.py @@ -0,0 +1,314 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_certificate_remote +short_description: Remote certificate as a PEM file in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_certificate feature and remote category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_certificate_remote: + description: + - Remote certificate as a PEM file. + default: null + type: dict + suboptions: + name: + description: + - Name. + required: true + type: str + range: + description: + - Either the global or VDOM IP address range for the remote certificate. + type: str + choices: + - global + - vdom + remote: + description: + - Remote certificate. + type: str + source: + description: + - Remote certificate source type. + type: str + choices: + - factory + - user + - bundle + - fortiguard +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Remote certificate as a PEM file. + fortios_vpn_certificate_remote: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_certificate_remote: + name: "default_name_3" + range: "global" + remote: "" + source: "factory" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_certificate_remote_data(json): + option_list = ['name', 'range', 'remote', + 'source'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_certificate_remote(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_certificate_remote_data = data['vpn_certificate_remote'] + filtered_data = underscore_to_hyphen(filter_vpn_certificate_remote_data(vpn_certificate_remote_data)) + + if state == "present": + return fos.set('vpn.certificate', + 'remote', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.certificate', + 'remote', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_certificate(data, fos): + + if data['vpn_certificate_remote']: + resp = vpn_certificate_remote(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_certificate_remote')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_certificate_remote": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "range": {"required": False, "type": "str", + "choices": ["global", + "vdom"]}, + "remote": {"required": False, "type": "str"}, + "source": {"required": False, "type": "str", + "choices": ["factory", + "user", + "bundle", + "fortiguard"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_setting.py new file mode 100644 index 00000000..b7577af5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_certificate_setting.py @@ -0,0 +1,410 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_certificate_setting +short_description: VPN certificate setting in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_certificate feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + vpn_certificate_setting: + description: + - VPN certificate setting. + default: null + type: dict + suboptions: + certname_dsa1024: + description: + - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. + type: str + certname_dsa2048: + description: + - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. + type: str + certname_ecdsa256: + description: + - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. + type: str + certname_ecdsa384: + description: + - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. + type: str + certname_rsa1024: + description: + - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. + type: str + certname_rsa2048: + description: + - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. + type: str + check_ca_cert: + description: + - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted . + type: str + choices: + - enable + - disable + check_ca_chain: + description: + - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in + the chain are trusted . + type: str + choices: + - enable + - disable + cmp_save_extra_certs: + description: + - Enable/disable saving extra certificates in CMP mode. + type: str + choices: + - enable + - disable + cn_match: + description: + - When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name. + type: str + choices: + - substring + - value + ocsp_default_server: + description: + - Default OCSP server. Source vpn.certificate.ocsp-server.name. + type: str + ocsp_status: + description: + - Enable/disable receiving certificates using the OCSP. + type: str + choices: + - enable + - disable + ssl_ocsp_option: + description: + - Specify whether the OCSP URL is from the certificate or the default OCSP server. + type: str + choices: + - certificate + - server + ssl_ocsp_status: + description: + - Enable/disable SSL OCSP. + type: str + choices: + - enable + - disable + strict_crl_check: + description: + - Enable/disable strict mode CRL checking. + type: str + choices: + - enable + - disable + strict_ocsp_check: + description: + - Enable/disable strict mode OCSP checking. + type: str + choices: + - enable + - disable + subject_match: + description: + - When searching for a matching certificate, control how to find matches in the certificate subject name. + type: str + choices: + - substring + - value +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: VPN certificate setting. + fortios_vpn_certificate_setting: + vdom: "{{ vdom }}" + vpn_certificate_setting: + certname_dsa1024: " (source vpn.certificate.local.name)" + certname_dsa2048: " (source vpn.certificate.local.name)" + certname_ecdsa256: " (source vpn.certificate.local.name)" + certname_ecdsa384: " (source vpn.certificate.local.name)" + certname_rsa1024: " (source vpn.certificate.local.name)" + certname_rsa2048: " (source vpn.certificate.local.name)" + check_ca_cert: "enable" + check_ca_chain: "enable" + cmp_save_extra_certs: "enable" + cn_match: "substring" + ocsp_default_server: " (source vpn.certificate.ocsp-server.name)" + ocsp_status: "enable" + ssl_ocsp_option: "certificate" + ssl_ocsp_status: "enable" + strict_crl_check: "enable" + strict_ocsp_check: "enable" + subject_match: "substring" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_certificate_setting_data(json): + option_list = ['certname_dsa1024', 'certname_dsa2048', 'certname_ecdsa256', + 'certname_ecdsa384', 'certname_rsa1024', 'certname_rsa2048', + 'check_ca_cert', 'check_ca_chain', 'cmp_save_extra_certs', + 'cn_match', 'ocsp_default_server', 'ocsp_status', + 'ssl_ocsp_option', 'ssl_ocsp_status', 'strict_crl_check', + 'strict_ocsp_check', 'subject_match'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_certificate_setting(data, fos): + vdom = data['vdom'] + vpn_certificate_setting_data = data['vpn_certificate_setting'] + filtered_data = underscore_to_hyphen(filter_vpn_certificate_setting_data(vpn_certificate_setting_data)) + + return fos.set('vpn.certificate', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_certificate(data, fos): + + if data['vpn_certificate_setting']: + resp = vpn_certificate_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_certificate_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "vpn_certificate_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "certname_dsa1024": {"required": False, "type": "str"}, + "certname_dsa2048": {"required": False, "type": "str"}, + "certname_ecdsa256": {"required": False, "type": "str"}, + "certname_ecdsa384": {"required": False, "type": "str"}, + "certname_rsa1024": {"required": False, "type": "str"}, + "certname_rsa2048": {"required": False, "type": "str"}, + "check_ca_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "check_ca_chain": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cmp_save_extra_certs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cn_match": {"required": False, "type": "str", + "choices": ["substring", + "value"]}, + "ocsp_default_server": {"required": False, "type": "str"}, + "ocsp_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_ocsp_option": {"required": False, "type": "str", + "choices": ["certificate", + "server"]}, + "ssl_ocsp_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strict_crl_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strict_ocsp_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "subject_match": {"required": False, "type": "str", + "choices": ["substring", + "value"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_concentrator.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_concentrator.py new file mode 100644 index 00000000..08176f5a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_concentrator.py @@ -0,0 +1,330 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_concentrator +short_description: Concentrator configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and concentrator category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_concentrator: + description: + - Concentrator configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + member: + description: + - Names of up to 3 VPN tunnels to add to the concentrator. + type: list + suboptions: + name: + description: + - Member name. Source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name. + required: true + type: str + name: + description: + - Concentrator name. + required: true + type: str + src_check: + description: + - Enable to check source address of phase 2 selector. Disable to check only the destination selector. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Concentrator configuration. + fortios_vpn_ipsec_concentrator: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_concentrator: + member: + - + name: "default_name_4 (source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name)" + name: "default_name_5" + src_check: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_concentrator_data(json): + option_list = ['member', 'name', 'src_check'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_concentrator(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_concentrator'] and data['vpn_ipsec_concentrator']['state']: + state = data['vpn_ipsec_concentrator']['state'] + else: + state = True + vpn_ipsec_concentrator_data = data['vpn_ipsec_concentrator'] + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_concentrator_data(vpn_ipsec_concentrator_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'concentrator', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'concentrator', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_concentrator']: + resp = vpn_ipsec_concentrator(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_concentrator')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_concentrator": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "member": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "src_check": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_forticlient.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_forticlient.py new file mode 100644 index 00000000..8cebe810 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_forticlient.py @@ -0,0 +1,327 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_forticlient +short_description: Configure FortiClient policy realm in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and forticlient category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_forticlient: + description: + - Configure FortiClient policy realm. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + phase2name: + description: + - Phase 2 tunnel name that you defined in the FortiClient dialup configuration. Source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface + .name. + type: str + realm: + description: + - FortiClient realm name. + required: true + type: str + status: + description: + - Enable/disable this FortiClient configuration. + type: str + choices: + - enable + - disable + usergroupname: + description: + - User group name for FortiClient users. Source user.group.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiClient policy realm. + fortios_vpn_ipsec_forticlient: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_forticlient: + phase2name: " (source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface.name)" + realm: "" + status: "enable" + usergroupname: " (source user.group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_forticlient_data(json): + option_list = ['phase2name', 'realm', 'status', + 'usergroupname'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_forticlient(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_forticlient'] and data['vpn_ipsec_forticlient']['state']: + state = data['vpn_ipsec_forticlient']['state'] + else: + state = True + vpn_ipsec_forticlient_data = data['vpn_ipsec_forticlient'] + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_forticlient_data(vpn_ipsec_forticlient_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'forticlient', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'forticlient', + mkey=filtered_data['realm'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_forticlient']: + resp = vpn_ipsec_forticlient(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_forticlient')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'realm' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_forticlient": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "phase2name": {"required": False, "type": "str"}, + "realm": {"required": True, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "usergroupname": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey.py new file mode 100644 index 00000000..c1a6f6d6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey.py @@ -0,0 +1,404 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_manualkey +short_description: Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and manualkey category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_manualkey: + description: + - Configure IPsec manual keys. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + authentication: + description: + - Authentication algorithm. Must be the same for both ends of the tunnel. + type: str + choices: + - null + - md5 + - sha1 + - sha256 + - sha384 + - sha512 + authkey: + description: + - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. + type: str + enckey: + description: + - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. + type: str + encryption: + description: + - Encryption algorithm. Must be the same for both ends of the tunnel. + type: str + choices: + - null + - des + - 3des + - aes128 + - aes192 + - aes256 + - aria128 + - aria192 + - aria256 + - seed + interface: + description: + - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. + type: str + local_gw: + description: + - Local gateway. + type: str + localspi: + description: + - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. + type: str + name: + description: + - IPsec tunnel name. + required: true + type: str + npu_offload: + description: + - Enable/disable NPU offloading. + type: str + choices: + - enable + - disable + remote_gw: + description: + - Peer gateway. + type: str + remotespi: + description: + - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPsec manual keys. + fortios_vpn_ipsec_manualkey: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_manualkey: + authentication: "null" + authkey: "" + enckey: "" + encryption: "null" + interface: " (source system.interface.name)" + local_gw: "" + localspi: "" + name: "default_name_10" + npu_offload: "enable" + remote_gw: "" + remotespi: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_manualkey_data(json): + option_list = ['authentication', 'authkey', 'enckey', + 'encryption', 'interface', 'local_gw', + 'localspi', 'name', 'npu_offload', + 'remote_gw', 'remotespi'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_manualkey(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_manualkey'] and data['vpn_ipsec_manualkey']['state']: + state = data['vpn_ipsec_manualkey']['state'] + else: + state = True + vpn_ipsec_manualkey_data = data['vpn_ipsec_manualkey'] + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_manualkey_data(vpn_ipsec_manualkey_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'manualkey', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'manualkey', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_manualkey']: + resp = vpn_ipsec_manualkey(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_manualkey')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_manualkey": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "authentication": {"required": False, "type": "str", + "choices": ["null", + "md5", + "sha1", + "sha256", + "sha384", + "sha512"]}, + "authkey": {"required": False, "type": "str"}, + "enckey": {"required": False, "type": "str"}, + "encryption": {"required": False, "type": "str", + "choices": ["null", + "des", + "3des", + "aes128", + "aes192", + "aes256", + "aria128", + "aria192", + "aria256", + "seed"]}, + "interface": {"required": False, "type": "str"}, + "local_gw": {"required": False, "type": "str"}, + "localspi": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "npu_offload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remote_gw": {"required": False, "type": "str"}, + "remotespi": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey_interface.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey_interface.py new file mode 100644 index 00000000..d828262d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_manualkey_interface.py @@ -0,0 +1,439 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_manualkey_interface +short_description: Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and manualkey_interface category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_manualkey_interface: + description: + - Configure IPsec manual keys. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + addr_type: + description: + - IP version to use for IP packets. + type: str + choices: + - 4 + - 6 + auth_alg: + description: + - Authentication algorithm. Must be the same for both ends of the tunnel. + type: str + choices: + - null + - md5 + - sha1 + - sha256 + - sha384 + - sha512 + auth_key: + description: + - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. + type: str + enc_alg: + description: + - Encryption algorithm. Must be the same for both ends of the tunnel. + type: str + choices: + - null + - des + - 3des + - aes128 + - aes192 + - aes256 + - aria128 + - aria192 + - aria256 + - seed + enc_key: + description: + - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. + type: str + interface: + description: + - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. + type: str + ip_version: + description: + - IP version to use for VPN interface. + type: str + choices: + - 4 + - 6 + local_gw: + description: + - IPv4 address of the local gateway"s external interface. + type: str + local_gw6: + description: + - Local IPv6 address of VPN gateway. + type: str + local_spi: + description: + - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. + type: str + name: + description: + - IPsec tunnel name. + required: true + type: str + npu_offload: + description: + - Enable/disable offloading IPsec VPN manual key sessions to NPUs. + type: str + choices: + - enable + - disable + remote_gw: + description: + - IPv4 address of the remote gateway"s external interface. + type: str + remote_gw6: + description: + - Remote IPv6 address of VPN gateway. + type: str + remote_spi: + description: + - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPsec manual keys. + fortios_vpn_ipsec_manualkey_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_manualkey_interface: + addr_type: "4" + auth_alg: "null" + auth_key: "" + enc_alg: "null" + enc_key: "" + interface: " (source system.interface.name)" + ip_version: "4" + local_gw: "" + local_gw6: "" + local_spi: "" + name: "default_name_13" + npu_offload: "enable" + remote_gw: "" + remote_gw6: "" + remote_spi: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_manualkey_interface_data(json): + option_list = ['addr_type', 'auth_alg', 'auth_key', + 'enc_alg', 'enc_key', 'interface', + 'ip_version', 'local_gw', 'local_gw6', + 'local_spi', 'name', 'npu_offload', + 'remote_gw', 'remote_gw6', 'remote_spi'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_manualkey_interface(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_manualkey_interface'] and data['vpn_ipsec_manualkey_interface']['state']: + state = data['vpn_ipsec_manualkey_interface']['state'] + else: + state = True + vpn_ipsec_manualkey_interface_data = data['vpn_ipsec_manualkey_interface'] + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_manualkey_interface_data(vpn_ipsec_manualkey_interface_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'manualkey-interface', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'manualkey-interface', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_manualkey_interface']: + resp = vpn_ipsec_manualkey_interface(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_manualkey_interface')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_manualkey_interface": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "addr_type": {"required": False, "type": "str", + "choices": ["4", + "6"]}, + "auth_alg": {"required": False, "type": "str", + "choices": ["null", + "md5", + "sha1", + "sha256", + "sha384", + "sha512"]}, + "auth_key": {"required": False, "type": "str"}, + "enc_alg": {"required": False, "type": "str", + "choices": ["null", + "des", + "3des", + "aes128", + "aes192", + "aes256", + "aria128", + "aria192", + "aria256", + "seed"]}, + "enc_key": {"required": False, "type": "str"}, + "interface": {"required": False, "type": "str"}, + "ip_version": {"required": False, "type": "str", + "choices": ["4", + "6"]}, + "local_gw": {"required": False, "type": "str"}, + "local_gw6": {"required": False, "type": "str"}, + "local_spi": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "npu_offload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remote_gw": {"required": False, "type": "str"}, + "remote_gw6": {"required": False, "type": "str"}, + "remote_spi": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py new file mode 100644 index 00000000..a7e53631 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py @@ -0,0 +1,1407 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_phase1 +short_description: Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and phase1 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_phase1: + description: + - Configure VPN remote gateway. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + acct_verify: + description: + - Enable/disable verification of RADIUS accounting record. + type: str + choices: + - enable + - disable + add_gw_route: + description: + - Enable/disable automatically add a route to the remote gateway. + type: str + choices: + - enable + - disable + add_route: + description: + - Enable/disable control addition of a route to peer destination selector. + type: str + choices: + - disable + - enable + assign_ip: + description: + - Enable/disable assignment of IP to IPsec interface via configuration method. + type: str + choices: + - disable + - enable + assign_ip_from: + description: + - Method by which the IP address will be assigned. + type: str + choices: + - range + - usrgrp + - dhcp + - name + authmethod: + description: + - Authentication method. + type: str + choices: + - psk + - signature + authmethod_remote: + description: + - Authentication method (remote side). + type: str + choices: + - psk + - signature + authpasswd: + description: + - XAuth password (max 35 characters). + type: str + authusr: + description: + - XAuth user name. + type: str + authusrgrp: + description: + - Authentication user group. Source user.group.name. + type: str + auto_negotiate: + description: + - Enable/disable automatic initiation of IKE SA negotiation. + type: str + choices: + - enable + - disable + autoconfig: + description: + - Auto-configuration type. + type: str + choices: + - disable + - client + - gateway + backup_gateway: + description: + - Instruct unity clients about the backup gateway address(es). + type: list + suboptions: + address: + description: + - Address of backup gateway. + required: true + type: str + banner: + description: + - Message that unity client should display after connecting. + type: str + certificate: + description: + - Names of up to 4 signed personal certificates. + type: list + suboptions: + name: + description: + - Certificate name. Source vpn.certificate.local.name. + required: true + type: str + childless_ike: + description: + - Enable/disable childless IKEv2 initiation (RFC 6023). + type: str + choices: + - enable + - disable + client_auto_negotiate: + description: + - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. + type: str + choices: + - disable + - enable + client_keep_alive: + description: + - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. + type: str + choices: + - disable + - enable + comments: + description: + - Comment. + type: str + dhgrp: + description: + - DH group. + type: str + choices: + - 1 + - 2 + - 5 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 27 + - 28 + - 29 + - 30 + - 31 + digital_signature_auth: + description: + - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). + type: str + choices: + - enable + - disable + distance: + description: + - Distance for routes added by IKE (1 - 255). + type: int + dns_mode: + description: + - DNS server mode. + type: str + choices: + - manual + - auto + domain: + description: + - Instruct unity clients about the default DNS domain. + type: str + dpd: + description: + - Dead Peer Detection mode. + type: str + choices: + - disable + - on-idle + - on-demand + dpd_retrycount: + description: + - Number of DPD retry attempts. + type: int + dpd_retryinterval: + description: + - DPD retry interval. + type: str + eap: + description: + - Enable/disable IKEv2 EAP authentication. + type: str + choices: + - enable + - disable + eap_identity: + description: + - IKEv2 EAP peer identity type. + type: str + choices: + - use-id-payload + - send-request + enforce_unique_id: + description: + - Enable/disable peer ID uniqueness check. + type: str + choices: + - disable + - keep-new + - keep-old + forticlient_enforcement: + description: + - Enable/disable FortiClient enforcement. + type: str + choices: + - enable + - disable + fragmentation: + description: + - Enable/disable fragment IKE message on re-transmission. + type: str + choices: + - enable + - disable + fragmentation_mtu: + description: + - IKE fragmentation MTU (500 - 16000). + type: int + group_authentication: + description: + - Enable/disable IKEv2 IDi group authentication. + type: str + choices: + - enable + - disable + group_authentication_secret: + description: + - Password for IKEv2 IDi group authentication. (ASCII string or hexadecimal indicated by a leading 0x.) + type: str + ha_sync_esp_seqno: + description: + - Enable/disable sequence number jump ahead for IPsec HA. + type: str + choices: + - enable + - disable + idle_timeout: + description: + - Enable/disable IPsec tunnel idle timeout. + type: str + choices: + - enable + - disable + idle_timeoutinterval: + description: + - IPsec tunnel idle timeout in minutes (5 - 43200). + type: int + ike_version: + description: + - IKE protocol version. + type: str + choices: + - 1 + - 2 + include_local_lan: + description: + - Enable/disable allow local LAN access on unity clients. + type: str + choices: + - disable + - enable + interface: + description: + - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. + type: str + ipv4_dns_server1: + description: + - IPv4 DNS server 1. + type: str + ipv4_dns_server2: + description: + - IPv4 DNS server 2. + type: str + ipv4_dns_server3: + description: + - IPv4 DNS server 3. + type: str + ipv4_end_ip: + description: + - End of IPv4 range. + type: str + ipv4_exclude_range: + description: + - Configuration Method IPv4 exclude ranges. + type: list + suboptions: + end_ip: + description: + - End of IPv4 exclusive range. + type: str + id: + description: + - ID. + required: true + type: int + start_ip: + description: + - Start of IPv4 exclusive range. + type: str + ipv4_name: + description: + - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. + type: str + ipv4_netmask: + description: + - IPv4 Netmask. + type: str + ipv4_split_exclude: + description: + - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. + type: str + ipv4_split_include: + description: + - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. + type: str + ipv4_start_ip: + description: + - Start of IPv4 range. + type: str + ipv4_wins_server1: + description: + - WINS server 1. + type: str + ipv4_wins_server2: + description: + - WINS server 2. + type: str + ipv6_dns_server1: + description: + - IPv6 DNS server 1. + type: str + ipv6_dns_server2: + description: + - IPv6 DNS server 2. + type: str + ipv6_dns_server3: + description: + - IPv6 DNS server 3. + type: str + ipv6_end_ip: + description: + - End of IPv6 range. + type: str + ipv6_exclude_range: + description: + - Configuration method IPv6 exclude ranges. + type: list + suboptions: + end_ip: + description: + - End of IPv6 exclusive range. + type: str + id: + description: + - ID. + required: true + type: int + start_ip: + description: + - Start of IPv6 exclusive range. + type: str + ipv6_name: + description: + - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. + type: str + ipv6_prefix: + description: + - IPv6 prefix. + type: int + ipv6_split_exclude: + description: + - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. + type: str + ipv6_split_include: + description: + - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. + type: str + ipv6_start_ip: + description: + - Start of IPv6 range. + type: str + keepalive: + description: + - NAT-T keep alive interval. + type: int + keylife: + description: + - Time to wait in seconds before phase 1 encryption key expires. + type: int + local_gw: + description: + - Local VPN gateway. + type: str + localid: + description: + - Local ID. + type: str + localid_type: + description: + - Local ID type. + type: str + choices: + - auto + - fqdn + - user-fqdn + - keyid + - address + - asn1dn + mesh_selector_type: + description: + - Add selectors containing subsets of the configuration depending on traffic. + type: str + choices: + - disable + - subnet + - host + mode: + description: + - ID protection mode used to establish a secure channel. + type: str + choices: + - aggressive + - main + mode_cfg: + description: + - Enable/disable configuration method. + type: str + choices: + - disable + - enable + name: + description: + - IPsec remote gateway name. + required: true + type: str + nattraversal: + description: + - Enable/disable NAT traversal. + type: str + choices: + - enable + - disable + - forced + negotiate_timeout: + description: + - IKE SA negotiation timeout in seconds (1 - 300). + type: int + npu_offload: + description: + - Enable/disable offloading NPU. + type: str + choices: + - enable + - disable + peer: + description: + - Accept this peer certificate. Source user.peer.name. + type: str + peergrp: + description: + - Accept this peer certificate group. Source user.peergrp.name. + type: str + peerid: + description: + - Accept this peer identity. + type: str + peertype: + description: + - Accept this peer type. + type: str + choices: + - any + - one + - dialup + - peer + - peergrp + ppk: + description: + - Enable/disable IKEv2 Postquantum Preshared Key (PPK). + type: str + choices: + - disable + - allow + - require + ppk_identity: + description: + - IKEv2 Postquantum Preshared Key Identity. + type: str + ppk_secret: + description: + - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). + type: str + priority: + description: + - Priority for routes added by IKE (0 - 4294967295). + type: int + proposal: + description: + - Phase1 proposal. + type: str + choices: + - des-md5 + - des-sha1 + - des-sha256 + - des-sha384 + - des-sha512 + - 3des-md5 + - 3des-sha1 + - 3des-sha256 + - 3des-sha384 + - 3des-sha512 + - aes128-md5 + - aes128-sha1 + - aes128-sha256 + - aes128-sha384 + - aes128-sha512 + - aes192-md5 + - aes192-sha1 + - aes192-sha256 + - aes192-sha384 + - aes192-sha512 + - aes256-md5 + - aes256-sha1 + - aes256-sha256 + - aes256-sha384 + - aes256-sha512 + - aria128-md5 + - aria128-sha1 + - aria128-sha256 + - aria128-sha384 + - aria128-sha512 + - aria192-md5 + - aria192-sha1 + - aria192-sha256 + - aria192-sha384 + - aria192-sha512 + - aria256-md5 + - aria256-sha1 + - aria256-sha256 + - aria256-sha384 + - aria256-sha512 + - seed-md5 + - seed-sha1 + - seed-sha256 + - seed-sha384 + - seed-sha512 + psksecret: + description: + - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). + type: str + psksecret_remote: + description: + - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). + type: str + reauth: + description: + - Enable/disable re-authentication upon IKE SA lifetime expiration. + type: str + choices: + - disable + - enable + rekey: + description: + - Enable/disable phase1 rekey. + type: str + choices: + - enable + - disable + remote_gw: + description: + - Remote VPN gateway. + type: str + remotegw_ddns: + description: + - Domain name of remote gateway (eg. name.DDNS.com). + type: str + rsa_signature_format: + description: + - Digital Signature Authentication RSA signature format. + type: str + choices: + - pkcs1 + - pss + save_password: + description: + - Enable/disable saving XAuth username and password on VPN clients. + type: str + choices: + - disable + - enable + send_cert_chain: + description: + - Enable/disable sending certificate chain. + type: str + choices: + - enable + - disable + signature_hash_alg: + description: + - Digital Signature Authentication hash algorithms. + type: str + choices: + - sha1 + - sha2-256 + - sha2-384 + - sha2-512 + split_include_service: + description: + - Split-include services. Source firewall.service.group.name firewall.service.custom.name. + type: str + suite_b: + description: + - Use Suite-B. + type: str + choices: + - disable + - suite-b-gcm-128 + - suite-b-gcm-256 + type: + description: + - Remote gateway type. + type: str + choices: + - static + - dynamic + - ddns + unity_support: + description: + - Enable/disable support for Cisco UNITY Configuration Method extensions. + type: str + choices: + - disable + - enable + usrgrp: + description: + - User group name for dialup peers. Source user.group.name. + type: str + wizard_type: + description: + - GUI VPN Wizard Type. + type: str + choices: + - custom + - dialup-forticlient + - dialup-ios + - dialup-android + - dialup-windows + - dialup-cisco + - static-fortigate + - dialup-fortigate + - static-cisco + - dialup-cisco-fw + xauthtype: + description: + - XAuth type. + type: str + choices: + - disable + - client + - pap + - chap + - auto +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN remote gateway. + fortios_vpn_ipsec_phase1: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase1: + acct_verify: "enable" + add_gw_route: "enable" + add_route: "disable" + assign_ip: "disable" + assign_ip_from: "range" + authmethod: "psk" + authmethod_remote: "psk" + authpasswd: "" + authusr: "" + authusrgrp: " (source user.group.name)" + auto_negotiate: "enable" + autoconfig: "disable" + backup_gateway: + - + address: "" + banner: "" + certificate: + - + name: "default_name_19 (source vpn.certificate.local.name)" + childless_ike: "enable" + client_auto_negotiate: "disable" + client_keep_alive: "disable" + comments: "" + dhgrp: "1" + digital_signature_auth: "enable" + distance: "26" + dns_mode: "manual" + domain: "" + dpd: "disable" + dpd_retrycount: "30" + dpd_retryinterval: "" + eap: "enable" + eap_identity: "use-id-payload" + enforce_unique_id: "disable" + forticlient_enforcement: "enable" + fragmentation: "enable" + fragmentation_mtu: "37" + group_authentication: "enable" + group_authentication_secret: "" + ha_sync_esp_seqno: "enable" + idle_timeout: "enable" + idle_timeoutinterval: "42" + ike_version: "1" + include_local_lan: "disable" + interface: " (source system.interface.name)" + ipv4_dns_server1: "" + ipv4_dns_server2: "" + ipv4_dns_server3: "" + ipv4_end_ip: "" + ipv4_exclude_range: + - + end_ip: "" + id: "52" + start_ip: "" + ipv4_name: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_netmask: "" + ipv4_split_exclude: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_split_include: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_start_ip: "" + ipv4_wins_server1: "" + ipv4_wins_server2: "" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_dns_server3: "" + ipv6_end_ip: "" + ipv6_exclude_range: + - + end_ip: "" + id: "67" + start_ip: "" + ipv6_name: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_prefix: "70" + ipv6_split_exclude: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_split_include: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_start_ip: "" + keepalive: "74" + keylife: "75" + local_gw: "" + localid: "" + localid_type: "auto" + mesh_selector_type: "disable" + mode: "aggressive" + mode_cfg: "disable" + name: "default_name_82" + nattraversal: "enable" + negotiate_timeout: "84" + npu_offload: "enable" + peer: " (source user.peer.name)" + peergrp: " (source user.peergrp.name)" + peerid: "" + peertype: "any" + ppk: "disable" + ppk_identity: "" + ppk_secret: "" + priority: "93" + proposal: "des-md5" + psksecret: "" + psksecret_remote: "" + reauth: "disable" + rekey: "enable" + remote_gw: "" + remotegw_ddns: "" + rsa_signature_format: "pkcs1" + save_password: "disable" + send_cert_chain: "enable" + signature_hash_alg: "sha1" + split_include_service: " (source firewall.service.group.name firewall.service.custom.name)" + suite_b: "disable" + type: "static" + unity_support: "disable" + usrgrp: " (source user.group.name)" + wizard_type: "custom" + xauthtype: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_phase1_data(json): + option_list = ['acct_verify', 'add_gw_route', 'add_route', + 'assign_ip', 'assign_ip_from', 'authmethod', + 'authmethod_remote', 'authpasswd', 'authusr', + 'authusrgrp', 'auto_negotiate', 'autoconfig', + 'backup_gateway', 'banner', 'certificate', + 'childless_ike', 'client_auto_negotiate', 'client_keep_alive', + 'comments', 'dhgrp', 'digital_signature_auth', + 'distance', 'dns_mode', 'domain', + 'dpd', 'dpd_retrycount', 'dpd_retryinterval', + 'eap', 'eap_identity', 'enforce_unique_id', + 'forticlient_enforcement', 'fragmentation', 'fragmentation_mtu', + 'group_authentication', 'group_authentication_secret', 'ha_sync_esp_seqno', + 'idle_timeout', 'idle_timeoutinterval', 'ike_version', + 'include_local_lan', 'interface', 'ipv4_dns_server1', + 'ipv4_dns_server2', 'ipv4_dns_server3', 'ipv4_end_ip', + 'ipv4_exclude_range', 'ipv4_name', 'ipv4_netmask', + 'ipv4_split_exclude', 'ipv4_split_include', 'ipv4_start_ip', + 'ipv4_wins_server1', 'ipv4_wins_server2', 'ipv6_dns_server1', + 'ipv6_dns_server2', 'ipv6_dns_server3', 'ipv6_end_ip', + 'ipv6_exclude_range', 'ipv6_name', 'ipv6_prefix', + 'ipv6_split_exclude', 'ipv6_split_include', 'ipv6_start_ip', + 'keepalive', 'keylife', 'local_gw', + 'localid', 'localid_type', 'mesh_selector_type', + 'mode', 'mode_cfg', 'name', + 'nattraversal', 'negotiate_timeout', 'npu_offload', + 'peer', 'peergrp', 'peerid', + 'peertype', 'ppk', 'ppk_identity', + 'ppk_secret', 'priority', 'proposal', + 'psksecret', 'psksecret_remote', 'reauth', + 'rekey', 'remote_gw', 'remotegw_ddns', + 'rsa_signature_format', 'save_password', 'send_cert_chain', + 'signature_hash_alg', 'split_include_service', 'suite_b', + 'type', 'unity_support', 'usrgrp', + 'wizard_type', 'xauthtype'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_phase1(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_phase1'] and data['vpn_ipsec_phase1']['state']: + state = data['vpn_ipsec_phase1']['state'] + else: + state = True + vpn_ipsec_phase1_data = data['vpn_ipsec_phase1'] + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase1_data(vpn_ipsec_phase1_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'phase1', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'phase1', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_phase1']: + resp = vpn_ipsec_phase1(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_phase1')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_phase1": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "acct_verify": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "add_gw_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "add_route": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "assign_ip": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "assign_ip_from": {"required": False, "type": "str", + "choices": ["range", + "usrgrp", + "dhcp", + "name"]}, + "authmethod": {"required": False, "type": "str", + "choices": ["psk", + "signature"]}, + "authmethod_remote": {"required": False, "type": "str", + "choices": ["psk", + "signature"]}, + "authpasswd": {"required": False, "type": "str"}, + "authusr": {"required": False, "type": "str"}, + "authusrgrp": {"required": False, "type": "str"}, + "auto_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "autoconfig": {"required": False, "type": "str", + "choices": ["disable", + "client", + "gateway"]}, + "backup_gateway": {"required": False, "type": "list", + "options": { + "address": {"required": True, "type": "str"} + }}, + "banner": {"required": False, "type": "str"}, + "certificate": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "childless_ike": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_auto_negotiate": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "client_keep_alive": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "comments": {"required": False, "type": "str"}, + "dhgrp": {"required": False, "type": "str", + "choices": ["1", + "2", + "5", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "27", + "28", + "29", + "30", + "31"]}, + "digital_signature_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "distance": {"required": False, "type": "int"}, + "dns_mode": {"required": False, "type": "str", + "choices": ["manual", + "auto"]}, + "domain": {"required": False, "type": "str"}, + "dpd": {"required": False, "type": "str", + "choices": ["disable", + "on-idle", + "on-demand"]}, + "dpd_retrycount": {"required": False, "type": "int"}, + "dpd_retryinterval": {"required": False, "type": "str"}, + "eap": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eap_identity": {"required": False, "type": "str", + "choices": ["use-id-payload", + "send-request"]}, + "enforce_unique_id": {"required": False, "type": "str", + "choices": ["disable", + "keep-new", + "keep-old"]}, + "forticlient_enforcement": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fragmentation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fragmentation_mtu": {"required": False, "type": "int"}, + "group_authentication": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "group_authentication_secret": {"required": False, "type": "str"}, + "ha_sync_esp_seqno": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "idle_timeout": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "idle_timeoutinterval": {"required": False, "type": "int"}, + "ike_version": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "include_local_lan": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "interface": {"required": False, "type": "str"}, + "ipv4_dns_server1": {"required": False, "type": "str"}, + "ipv4_dns_server2": {"required": False, "type": "str"}, + "ipv4_dns_server3": {"required": False, "type": "str"}, + "ipv4_end_ip": {"required": False, "type": "str"}, + "ipv4_exclude_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "ipv4_name": {"required": False, "type": "str"}, + "ipv4_netmask": {"required": False, "type": "str"}, + "ipv4_split_exclude": {"required": False, "type": "str"}, + "ipv4_split_include": {"required": False, "type": "str"}, + "ipv4_start_ip": {"required": False, "type": "str"}, + "ipv4_wins_server1": {"required": False, "type": "str"}, + "ipv4_wins_server2": {"required": False, "type": "str"}, + "ipv6_dns_server1": {"required": False, "type": "str"}, + "ipv6_dns_server2": {"required": False, "type": "str"}, + "ipv6_dns_server3": {"required": False, "type": "str"}, + "ipv6_end_ip": {"required": False, "type": "str"}, + "ipv6_exclude_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "ipv6_name": {"required": False, "type": "str"}, + "ipv6_prefix": {"required": False, "type": "int"}, + "ipv6_split_exclude": {"required": False, "type": "str"}, + "ipv6_split_include": {"required": False, "type": "str"}, + "ipv6_start_ip": {"required": False, "type": "str"}, + "keepalive": {"required": False, "type": "int"}, + "keylife": {"required": False, "type": "int"}, + "local_gw": {"required": False, "type": "str"}, + "localid": {"required": False, "type": "str"}, + "localid_type": {"required": False, "type": "str", + "choices": ["auto", + "fqdn", + "user-fqdn", + "keyid", + "address", + "asn1dn"]}, + "mesh_selector_type": {"required": False, "type": "str", + "choices": ["disable", + "subnet", + "host"]}, + "mode": {"required": False, "type": "str", + "choices": ["aggressive", + "main"]}, + "mode_cfg": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "name": {"required": True, "type": "str"}, + "nattraversal": {"required": False, "type": "str", + "choices": ["enable", + "disable", + "forced"]}, + "negotiate_timeout": {"required": False, "type": "int"}, + "npu_offload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "peer": {"required": False, "type": "str"}, + "peergrp": {"required": False, "type": "str"}, + "peerid": {"required": False, "type": "str"}, + "peertype": {"required": False, "type": "str", + "choices": ["any", + "one", + "dialup", + "peer", + "peergrp"]}, + "ppk": {"required": False, "type": "str", + "choices": ["disable", + "allow", + "require"]}, + "ppk_identity": {"required": False, "type": "str"}, + "ppk_secret": {"required": False, "type": "str"}, + "priority": {"required": False, "type": "int"}, + "proposal": {"required": False, "type": "str", + "choices": ["des-md5", + "des-sha1", + "des-sha256", + "des-sha384", + "des-sha512", + "3des-md5", + "3des-sha1", + "3des-sha256", + "3des-sha384", + "3des-sha512", + "aes128-md5", + "aes128-sha1", + "aes128-sha256", + "aes128-sha384", + "aes128-sha512", + "aes192-md5", + "aes192-sha1", + "aes192-sha256", + "aes192-sha384", + "aes192-sha512", + "aes256-md5", + "aes256-sha1", + "aes256-sha256", + "aes256-sha384", + "aes256-sha512", + "aria128-md5", + "aria128-sha1", + "aria128-sha256", + "aria128-sha384", + "aria128-sha512", + "aria192-md5", + "aria192-sha1", + "aria192-sha256", + "aria192-sha384", + "aria192-sha512", + "aria256-md5", + "aria256-sha1", + "aria256-sha256", + "aria256-sha384", + "aria256-sha512", + "seed-md5", + "seed-sha1", + "seed-sha256", + "seed-sha384", + "seed-sha512"]}, + "psksecret": {"required": False, "type": "str"}, + "psksecret_remote": {"required": False, "type": "str"}, + "reauth": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rekey": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remote_gw": {"required": False, "type": "str"}, + "remotegw_ddns": {"required": False, "type": "str"}, + "rsa_signature_format": {"required": False, "type": "str", + "choices": ["pkcs1", + "pss"]}, + "save_password": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "send_cert_chain": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "signature_hash_alg": {"required": False, "type": "str", + "choices": ["sha1", + "sha2-256", + "sha2-384", + "sha2-512"]}, + "split_include_service": {"required": False, "type": "str"}, + "suite_b": {"required": False, "type": "str", + "choices": ["disable", + "suite-b-gcm-128", + "suite-b-gcm-256"]}, + "type": {"required": False, "type": "str", + "choices": ["static", + "dynamic", + "ddns"]}, + "unity_support": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "usrgrp": {"required": False, "type": "str"}, + "wizard_type": {"required": False, "type": "str", + "choices": ["custom", + "dialup-forticlient", + "dialup-ios", + "dialup-android", + "dialup-windows", + "dialup-cisco", + "static-fortigate", + "dialup-fortigate", + "static-cisco", + "dialup-cisco-fw"]}, + "xauthtype": {"required": False, "type": "str", + "choices": ["disable", + "client", + "pap", + "chap", + "auto"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1_interface.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1_interface.py new file mode 100644 index 00000000..00660218 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1_interface.py @@ -0,0 +1,1651 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_phase1_interface +short_description: Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and phase1_interface category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_phase1_interface: + description: + - Configure VPN remote gateway. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + acct_verify: + description: + - Enable/disable verification of RADIUS accounting record. + type: str + choices: + - enable + - disable + add_gw_route: + description: + - Enable/disable automatically add a route to the remote gateway. + type: str + choices: + - enable + - disable + add_route: + description: + - Enable/disable control addition of a route to peer destination selector. + type: str + choices: + - disable + - enable + assign_ip: + description: + - Enable/disable assignment of IP to IPsec interface via configuration method. + type: str + choices: + - disable + - enable + assign_ip_from: + description: + - Method by which the IP address will be assigned. + type: str + choices: + - range + - usrgrp + - dhcp + - name + authmethod: + description: + - Authentication method. + type: str + choices: + - psk + - signature + authmethod_remote: + description: + - Authentication method (remote side). + type: str + choices: + - psk + - signature + authpasswd: + description: + - XAuth password (max 35 characters). + type: str + authusr: + description: + - XAuth user name. + type: str + authusrgrp: + description: + - Authentication user group. Source user.group.name. + type: str + auto_discovery_forwarder: + description: + - Enable/disable forwarding auto-discovery short-cut messages. + type: str + choices: + - enable + - disable + auto_discovery_psk: + description: + - Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. + type: str + choices: + - enable + - disable + auto_discovery_receiver: + description: + - Enable/disable accepting auto-discovery short-cut messages. + type: str + choices: + - enable + - disable + auto_discovery_sender: + description: + - Enable/disable sending auto-discovery short-cut messages. + type: str + choices: + - enable + - disable + auto_negotiate: + description: + - Enable/disable automatic initiation of IKE SA negotiation. + type: str + choices: + - enable + - disable + backup_gateway: + description: + - Instruct unity clients about the backup gateway address(es). + type: list + suboptions: + address: + description: + - Address of backup gateway. + required: true + type: str + banner: + description: + - Message that unity client should display after connecting. + type: str + certificate: + description: + - The names of up to 4 signed personal certificates. + type: list + suboptions: + name: + description: + - Certificate name. Source vpn.certificate.local.name. + required: true + type: str + childless_ike: + description: + - Enable/disable childless IKEv2 initiation (RFC 6023). + type: str + choices: + - enable + - disable + client_auto_negotiate: + description: + - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. + type: str + choices: + - disable + - enable + client_keep_alive: + description: + - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. + type: str + choices: + - disable + - enable + comments: + description: + - Comment. + type: str + default_gw: + description: + - IPv4 address of default route gateway to use for traffic exiting the interface. + type: str + default_gw_priority: + description: + - Priority for default gateway route. A higher priority number signifies a less preferred route. + type: int + dhgrp: + description: + - DH group. + type: str + choices: + - 1 + - 2 + - 5 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 27 + - 28 + - 29 + - 30 + - 31 + digital_signature_auth: + description: + - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). + type: str + choices: + - enable + - disable + distance: + description: + - Distance for routes added by IKE (1 - 255). + type: int + dns_mode: + description: + - DNS server mode. + type: str + choices: + - manual + - auto + domain: + description: + - Instruct unity clients about the default DNS domain. + type: str + dpd: + description: + - Dead Peer Detection mode. + type: str + choices: + - disable + - on-idle + - on-demand + dpd_retrycount: + description: + - Number of DPD retry attempts. + type: int + dpd_retryinterval: + description: + - DPD retry interval. + type: str + eap: + description: + - Enable/disable IKEv2 EAP authentication. + type: str + choices: + - enable + - disable + eap_identity: + description: + - IKEv2 EAP peer identity type. + type: str + choices: + - use-id-payload + - send-request + encap_local_gw4: + description: + - Local IPv4 address of GRE/VXLAN tunnel. + type: str + encap_local_gw6: + description: + - Local IPv6 address of GRE/VXLAN tunnel. + type: str + encap_remote_gw4: + description: + - Remote IPv4 address of GRE/VXLAN tunnel. + type: str + encap_remote_gw6: + description: + - Remote IPv6 address of GRE/VXLAN tunnel. + type: str + encapsulation: + description: + - Enable/disable GRE/VXLAN encapsulation. + type: str + choices: + - none + - gre + - vxlan + encapsulation_address: + description: + - Source for GRE/VXLAN tunnel address. + type: str + choices: + - ike + - ipv4 + - ipv6 + enforce_unique_id: + description: + - Enable/disable peer ID uniqueness check. + type: str + choices: + - disable + - keep-new + - keep-old + exchange_interface_ip: + description: + - Enable/disable exchange of IPsec interface IP address. + type: str + choices: + - enable + - disable + forticlient_enforcement: + description: + - Enable/disable FortiClient enforcement. + type: str + choices: + - enable + - disable + fragmentation: + description: + - Enable/disable fragment IKE message on re-transmission. + type: str + choices: + - enable + - disable + fragmentation_mtu: + description: + - IKE fragmentation MTU (500 - 16000). + type: int + group_authentication: + description: + - Enable/disable IKEv2 IDi group authentication. + type: str + choices: + - enable + - disable + group_authentication_secret: + description: + - Password for IKEv2 IDi group authentication. (ASCII string or hexadecimal indicated by a leading 0x.) + type: str + ha_sync_esp_seqno: + description: + - Enable/disable sequence number jump ahead for IPsec HA. + type: str + choices: + - enable + - disable + idle_timeout: + description: + - Enable/disable IPsec tunnel idle timeout. + type: str + choices: + - enable + - disable + idle_timeoutinterval: + description: + - IPsec tunnel idle timeout in minutes (5 - 43200). + type: int + ike_version: + description: + - IKE protocol version. + type: str + choices: + - 1 + - 2 + include_local_lan: + description: + - Enable/disable allow local LAN access on unity clients. + type: str + choices: + - disable + - enable + interface: + description: + - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. + type: str + ip_version: + description: + - IP version to use for VPN interface. + type: str + choices: + - 4 + - 6 + ipv4_dns_server1: + description: + - IPv4 DNS server 1. + type: str + ipv4_dns_server2: + description: + - IPv4 DNS server 2. + type: str + ipv4_dns_server3: + description: + - IPv4 DNS server 3. + type: str + ipv4_end_ip: + description: + - End of IPv4 range. + type: str + ipv4_exclude_range: + description: + - Configuration Method IPv4 exclude ranges. + type: list + suboptions: + end_ip: + description: + - End of IPv4 exclusive range. + type: str + id: + description: + - ID. + required: true + type: int + start_ip: + description: + - Start of IPv4 exclusive range. + type: str + ipv4_name: + description: + - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. + type: str + ipv4_netmask: + description: + - IPv4 Netmask. + type: str + ipv4_split_exclude: + description: + - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. + type: str + ipv4_split_include: + description: + - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. + type: str + ipv4_start_ip: + description: + - Start of IPv4 range. + type: str + ipv4_wins_server1: + description: + - WINS server 1. + type: str + ipv4_wins_server2: + description: + - WINS server 2. + type: str + ipv6_dns_server1: + description: + - IPv6 DNS server 1. + type: str + ipv6_dns_server2: + description: + - IPv6 DNS server 2. + type: str + ipv6_dns_server3: + description: + - IPv6 DNS server 3. + type: str + ipv6_end_ip: + description: + - End of IPv6 range. + type: str + ipv6_exclude_range: + description: + - Configuration method IPv6 exclude ranges. + type: list + suboptions: + end_ip: + description: + - End of IPv6 exclusive range. + type: str + id: + description: + - ID. + required: true + type: int + start_ip: + description: + - Start of IPv6 exclusive range. + type: str + ipv6_name: + description: + - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. + type: str + ipv6_prefix: + description: + - IPv6 prefix. + type: int + ipv6_split_exclude: + description: + - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. + type: str + ipv6_split_include: + description: + - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. + type: str + ipv6_start_ip: + description: + - Start of IPv6 range. + type: str + keepalive: + description: + - NAT-T keep alive interval. + type: int + keylife: + description: + - Time to wait in seconds before phase 1 encryption key expires. + type: int + local_gw: + description: + - IPv4 address of the local gateway"s external interface. + type: str + local_gw6: + description: + - IPv6 address of the local gateway"s external interface. + type: str + localid: + description: + - Local ID. + type: str + localid_type: + description: + - Local ID type. + type: str + choices: + - auto + - fqdn + - user-fqdn + - keyid + - address + - asn1dn + mesh_selector_type: + description: + - Add selectors containing subsets of the configuration depending on traffic. + type: str + choices: + - disable + - subnet + - host + mode: + description: + - The ID protection mode used to establish a secure channel. + type: str + choices: + - aggressive + - main + mode_cfg: + description: + - Enable/disable configuration method. + type: str + choices: + - disable + - enable + monitor: + description: + - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. + type: str + monitor_hold_down_delay: + description: + - Time to wait in seconds before recovery once primary re-establishes. + type: int + monitor_hold_down_time: + description: + - Time of day at which to fail back to primary after it re-establishes. + type: str + monitor_hold_down_type: + description: + - Recovery time method when primary interface re-establishes. + type: str + choices: + - immediate + - delay + - time + monitor_hold_down_weekday: + description: + - Day of the week to recover once primary re-establishes. + type: str + choices: + - everyday + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + name: + description: + - IPsec remote gateway name. + required: true + type: str + nattraversal: + description: + - Enable/disable NAT traversal. + type: str + choices: + - enable + - disable + - forced + negotiate_timeout: + description: + - IKE SA negotiation timeout in seconds (1 - 300). + type: int + net_device: + description: + - Enable/disable kernel device creation for dialup instances. + type: str + choices: + - enable + - disable + npu_offload: + description: + - Enable/disable offloading NPU. + type: str + choices: + - enable + - disable + passive_mode: + description: + - Enable/disable IPsec passive mode for static tunnels. + type: str + choices: + - enable + - disable + peer: + description: + - Accept this peer certificate. Source user.peer.name. + type: str + peergrp: + description: + - Accept this peer certificate group. Source user.peergrp.name. + type: str + peerid: + description: + - Accept this peer identity. + type: str + peertype: + description: + - Accept this peer type. + type: str + choices: + - any + - one + - dialup + - peer + - peergrp + ppk: + description: + - Enable/disable IKEv2 Postquantum Preshared Key (PPK). + type: str + choices: + - disable + - allow + - require + ppk_identity: + description: + - IKEv2 Postquantum Preshared Key Identity. + type: str + ppk_secret: + description: + - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). + type: str + priority: + description: + - Priority for routes added by IKE (0 - 4294967295). + type: int + proposal: + description: + - Phase1 proposal. + type: list + choices: + - des-md5 + - des-sha1 + - des-sha256 + - des-sha384 + - des-sha512 + - 3des-md5 + - 3des-sha1 + - 3des-sha256 + - 3des-sha384 + - 3des-sha512 + - aes128-md5 + - aes128-sha1 + - aes128-sha256 + - aes128-sha384 + - aes128-sha512 + - aes192-md5 + - aes192-sha1 + - aes192-sha256 + - aes192-sha384 + - aes192-sha512 + - aes256-md5 + - aes256-sha1 + - aes256-sha256 + - aes256-sha384 + - aes256-sha512 + - aria128-md5 + - aria128-sha1 + - aria128-sha256 + - aria128-sha384 + - aria128-sha512 + - aria192-md5 + - aria192-sha1 + - aria192-sha256 + - aria192-sha384 + - aria192-sha512 + - aria256-md5 + - aria256-sha1 + - aria256-sha256 + - aria256-sha384 + - aria256-sha512 + - seed-md5 + - seed-sha1 + - seed-sha256 + - seed-sha384 + - seed-sha512 + psksecret: + description: + - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). + type: str + psksecret_remote: + description: + - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). + type: str + reauth: + description: + - Enable/disable re-authentication upon IKE SA lifetime expiration. + type: str + choices: + - disable + - enable + rekey: + description: + - Enable/disable phase1 rekey. + type: str + choices: + - enable + - disable + remote_gw: + description: + - IPv4 address of the remote gateway"s external interface. + type: str + remote_gw6: + description: + - IPv6 address of the remote gateway"s external interface. + type: str + remotegw_ddns: + description: + - Domain name of remote gateway (eg. name.DDNS.com). + type: str + rsa_signature_format: + description: + - Digital Signature Authentication RSA signature format. + type: str + choices: + - pkcs1 + - pss + save_password: + description: + - Enable/disable saving XAuth username and password on VPN clients. + type: str + choices: + - disable + - enable + send_cert_chain: + description: + - Enable/disable sending certificate chain. + type: str + choices: + - enable + - disable + signature_hash_alg: + description: + - Digital Signature Authentication hash algorithms. + type: str + choices: + - sha1 + - sha2-256 + - sha2-384 + - sha2-512 + split_include_service: + description: + - Split-include services. Source firewall.service.group.name firewall.service.custom.name. + type: str + suite_b: + description: + - Use Suite-B. + type: str + choices: + - disable + - suite-b-gcm-128 + - suite-b-gcm-256 + tunnel_search: + description: + - Tunnel search method for when the interface is shared. + type: str + choices: + - selectors + - nexthop + type: + description: + - Remote gateway type. + type: str + choices: + - static + - dynamic + - ddns + unity_support: + description: + - Enable/disable support for Cisco UNITY Configuration Method extensions. + type: str + choices: + - disable + - enable + usrgrp: + description: + - User group name for dialup peers. Source user.group.name. + type: str + vni: + description: + - VNI of VXLAN tunnel. + type: int + wizard_type: + description: + - GUI VPN Wizard Type. + type: str + choices: + - custom + - dialup-forticlient + - dialup-ios + - dialup-android + - dialup-windows + - dialup-cisco + - static-fortigate + - dialup-fortigate + - static-cisco + - dialup-cisco-fw + xauthtype: + description: + - XAuth type. + type: str + choices: + - disable + - client + - pap + - chap + - auto +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN remote gateway. + fortios_vpn_ipsec_phase1_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase1_interface: + acct_verify: "enable" + add_gw_route: "enable" + add_route: "disable" + assign_ip: "disable" + assign_ip_from: "range" + authmethod: "psk" + authmethod_remote: "psk" + authpasswd: "" + authusr: "" + authusrgrp: " (source user.group.name)" + auto_discovery_forwarder: "enable" + auto_discovery_psk: "enable" + auto_discovery_receiver: "enable" + auto_discovery_sender: "enable" + auto_negotiate: "enable" + backup_gateway: + - + address: "" + banner: "" + certificate: + - + name: "default_name_22 (source vpn.certificate.local.name)" + childless_ike: "enable" + client_auto_negotiate: "disable" + client_keep_alive: "disable" + comments: "" + default_gw: "" + default_gw_priority: "28" + dhgrp: "1" + digital_signature_auth: "enable" + distance: "31" + dns_mode: "manual" + domain: "" + dpd: "disable" + dpd_retrycount: "35" + dpd_retryinterval: "" + eap: "enable" + eap_identity: "use-id-payload" + encap_local_gw4: "" + encap_local_gw6: "" + encap_remote_gw4: "" + encap_remote_gw6: "" + encapsulation: "none" + encapsulation_address: "ike" + enforce_unique_id: "disable" + exchange_interface_ip: "enable" + forticlient_enforcement: "enable" + fragmentation: "enable" + fragmentation_mtu: "49" + group_authentication: "enable" + group_authentication_secret: "" + ha_sync_esp_seqno: "enable" + idle_timeout: "enable" + idle_timeoutinterval: "54" + ike_version: "1" + include_local_lan: "disable" + interface: " (source system.interface.name)" + ip_version: "4" + ipv4_dns_server1: "" + ipv4_dns_server2: "" + ipv4_dns_server3: "" + ipv4_end_ip: "" + ipv4_exclude_range: + - + end_ip: "" + id: "65" + start_ip: "" + ipv4_name: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_netmask: "" + ipv4_split_exclude: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_split_include: " (source firewall.address.name firewall.addrgrp.name)" + ipv4_start_ip: "" + ipv4_wins_server1: "" + ipv4_wins_server2: "" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_dns_server3: "" + ipv6_end_ip: "" + ipv6_exclude_range: + - + end_ip: "" + id: "80" + start_ip: "" + ipv6_name: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_prefix: "83" + ipv6_split_exclude: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_split_include: " (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_start_ip: "" + keepalive: "87" + keylife: "88" + local_gw: "" + local_gw6: "" + localid: "" + localid_type: "auto" + mesh_selector_type: "disable" + mode: "aggressive" + mode_cfg: "disable" + monitor: " (source vpn.ipsec.phase1-interface.name)" + monitor_hold_down_delay: "97" + monitor_hold_down_time: "" + monitor_hold_down_type: "immediate" + monitor_hold_down_weekday: "everyday" + name: "default_name_101" + nattraversal: "enable" + negotiate_timeout: "103" + net_device: "enable" + npu_offload: "enable" + passive_mode: "enable" + peer: " (source user.peer.name)" + peergrp: " (source user.peergrp.name)" + peerid: "" + peertype: "any" + ppk: "disable" + ppk_identity: "" + ppk_secret: "" + priority: "114" + proposal: "des-md5" + psksecret: "" + psksecret_remote: "" + reauth: "disable" + rekey: "enable" + remote_gw: "" + remote_gw6: "" + remotegw_ddns: "" + rsa_signature_format: "pkcs1" + save_password: "disable" + send_cert_chain: "enable" + signature_hash_alg: "sha1" + split_include_service: " (source firewall.service.group.name firewall.service.custom.name)" + suite_b: "disable" + tunnel_search: "selectors" + type: "static" + unity_support: "disable" + usrgrp: " (source user.group.name)" + vni: "133" + wizard_type: "custom" + xauthtype: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_phase1_interface_data(json): + option_list = ['acct_verify', 'add_gw_route', 'add_route', + 'assign_ip', 'assign_ip_from', 'authmethod', + 'authmethod_remote', 'authpasswd', 'authusr', + 'authusrgrp', 'auto_discovery_forwarder', 'auto_discovery_psk', + 'auto_discovery_receiver', 'auto_discovery_sender', 'auto_negotiate', + 'backup_gateway', 'banner', 'certificate', + 'childless_ike', 'client_auto_negotiate', 'client_keep_alive', + 'comments', 'default_gw', 'default_gw_priority', + 'dhgrp', 'digital_signature_auth', 'distance', + 'dns_mode', 'domain', 'dpd', + 'dpd_retrycount', 'dpd_retryinterval', 'eap', + 'eap_identity', 'encap_local_gw4', 'encap_local_gw6', + 'encap_remote_gw4', 'encap_remote_gw6', 'encapsulation', + 'encapsulation_address', 'enforce_unique_id', 'exchange_interface_ip', + 'forticlient_enforcement', 'fragmentation', 'fragmentation_mtu', + 'group_authentication', 'group_authentication_secret', 'ha_sync_esp_seqno', + 'idle_timeout', 'idle_timeoutinterval', 'ike_version', + 'include_local_lan', 'interface', 'ip_version', + 'ipv4_dns_server1', 'ipv4_dns_server2', 'ipv4_dns_server3', + 'ipv4_end_ip', 'ipv4_exclude_range', 'ipv4_name', + 'ipv4_netmask', 'ipv4_split_exclude', 'ipv4_split_include', + 'ipv4_start_ip', 'ipv4_wins_server1', 'ipv4_wins_server2', + 'ipv6_dns_server1', 'ipv6_dns_server2', 'ipv6_dns_server3', + 'ipv6_end_ip', 'ipv6_exclude_range', 'ipv6_name', + 'ipv6_prefix', 'ipv6_split_exclude', 'ipv6_split_include', + 'ipv6_start_ip', 'keepalive', 'keylife', + 'local_gw', 'local_gw6', 'localid', + 'localid_type', 'mesh_selector_type', 'mode', + 'mode_cfg', 'monitor', 'monitor_hold_down_delay', + 'monitor_hold_down_time', 'monitor_hold_down_type', 'monitor_hold_down_weekday', + 'name', 'nattraversal', 'negotiate_timeout', + 'net_device', 'npu_offload', 'passive_mode', + 'peer', 'peergrp', 'peerid', + 'peertype', 'ppk', 'ppk_identity', + 'ppk_secret', 'priority', 'proposal', + 'psksecret', 'psksecret_remote', 'reauth', + 'rekey', 'remote_gw', 'remote_gw6', + 'remotegw_ddns', 'rsa_signature_format', 'save_password', + 'send_cert_chain', 'signature_hash_alg', 'split_include_service', + 'suite_b', 'tunnel_search', 'type', + 'unity_support', 'usrgrp', 'vni', + 'wizard_type', 'xauthtype'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'proposal']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_phase1_interface(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_phase1_interface'] and data['vpn_ipsec_phase1_interface']['state']: + state = data['vpn_ipsec_phase1_interface']['state'] + else: + state = True + vpn_ipsec_phase1_interface_data = data['vpn_ipsec_phase1_interface'] + vpn_ipsec_phase1_interface_data = flatten_multilists_attributes(vpn_ipsec_phase1_interface_data) + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase1_interface_data(vpn_ipsec_phase1_interface_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'phase1-interface', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'phase1-interface', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_phase1_interface']: + resp = vpn_ipsec_phase1_interface(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_phase1_interface')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_phase1_interface": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "acct_verify": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "add_gw_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "add_route": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "assign_ip": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "assign_ip_from": {"required": False, "type": "str", + "choices": ["range", + "usrgrp", + "dhcp", + "name"]}, + "authmethod": {"required": False, "type": "str", + "choices": ["psk", + "signature"]}, + "authmethod_remote": {"required": False, "type": "str", + "choices": ["psk", + "signature"]}, + "authpasswd": {"required": False, "type": "str"}, + "authusr": {"required": False, "type": "str"}, + "authusrgrp": {"required": False, "type": "str"}, + "auto_discovery_forwarder": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_discovery_psk": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_discovery_receiver": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_discovery_sender": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "backup_gateway": {"required": False, "type": "list", + "options": { + "address": {"required": True, "type": "str"} + }}, + "banner": {"required": False, "type": "str"}, + "certificate": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "childless_ike": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "client_auto_negotiate": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "client_keep_alive": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "comments": {"required": False, "type": "str"}, + "default_gw": {"required": False, "type": "str"}, + "default_gw_priority": {"required": False, "type": "int"}, + "dhgrp": {"required": False, "type": "str", + "choices": ["1", + "2", + "5", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "27", + "28", + "29", + "30", + "31"]}, + "digital_signature_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "distance": {"required": False, "type": "int"}, + "dns_mode": {"required": False, "type": "str", + "choices": ["manual", + "auto"]}, + "domain": {"required": False, "type": "str"}, + "dpd": {"required": False, "type": "str", + "choices": ["disable", + "on-idle", + "on-demand"]}, + "dpd_retrycount": {"required": False, "type": "int"}, + "dpd_retryinterval": {"required": False, "type": "str"}, + "eap": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eap_identity": {"required": False, "type": "str", + "choices": ["use-id-payload", + "send-request"]}, + "encap_local_gw4": {"required": False, "type": "str"}, + "encap_local_gw6": {"required": False, "type": "str"}, + "encap_remote_gw4": {"required": False, "type": "str"}, + "encap_remote_gw6": {"required": False, "type": "str"}, + "encapsulation": {"required": False, "type": "str", + "choices": ["none", + "gre", + "vxlan"]}, + "encapsulation_address": {"required": False, "type": "str", + "choices": ["ike", + "ipv4", + "ipv6"]}, + "enforce_unique_id": {"required": False, "type": "str", + "choices": ["disable", + "keep-new", + "keep-old"]}, + "exchange_interface_ip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_enforcement": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fragmentation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fragmentation_mtu": {"required": False, "type": "int"}, + "group_authentication": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "group_authentication_secret": {"required": False, "type": "str"}, + "ha_sync_esp_seqno": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "idle_timeout": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "idle_timeoutinterval": {"required": False, "type": "int"}, + "ike_version": {"required": False, "type": "str", + "choices": ["1", + "2"]}, + "include_local_lan": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "interface": {"required": False, "type": "str"}, + "ip_version": {"required": False, "type": "str", + "choices": ["4", + "6"]}, + "ipv4_dns_server1": {"required": False, "type": "str"}, + "ipv4_dns_server2": {"required": False, "type": "str"}, + "ipv4_dns_server3": {"required": False, "type": "str"}, + "ipv4_end_ip": {"required": False, "type": "str"}, + "ipv4_exclude_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "ipv4_name": {"required": False, "type": "str"}, + "ipv4_netmask": {"required": False, "type": "str"}, + "ipv4_split_exclude": {"required": False, "type": "str"}, + "ipv4_split_include": {"required": False, "type": "str"}, + "ipv4_start_ip": {"required": False, "type": "str"}, + "ipv4_wins_server1": {"required": False, "type": "str"}, + "ipv4_wins_server2": {"required": False, "type": "str"}, + "ipv6_dns_server1": {"required": False, "type": "str"}, + "ipv6_dns_server2": {"required": False, "type": "str"}, + "ipv6_dns_server3": {"required": False, "type": "str"}, + "ipv6_end_ip": {"required": False, "type": "str"}, + "ipv6_exclude_range": {"required": False, "type": "list", + "options": { + "end_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "start_ip": {"required": False, "type": "str"} + }}, + "ipv6_name": {"required": False, "type": "str"}, + "ipv6_prefix": {"required": False, "type": "int"}, + "ipv6_split_exclude": {"required": False, "type": "str"}, + "ipv6_split_include": {"required": False, "type": "str"}, + "ipv6_start_ip": {"required": False, "type": "str"}, + "keepalive": {"required": False, "type": "int"}, + "keylife": {"required": False, "type": "int"}, + "local_gw": {"required": False, "type": "str"}, + "local_gw6": {"required": False, "type": "str"}, + "localid": {"required": False, "type": "str"}, + "localid_type": {"required": False, "type": "str", + "choices": ["auto", + "fqdn", + "user-fqdn", + "keyid", + "address", + "asn1dn"]}, + "mesh_selector_type": {"required": False, "type": "str", + "choices": ["disable", + "subnet", + "host"]}, + "mode": {"required": False, "type": "str", + "choices": ["aggressive", + "main"]}, + "mode_cfg": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "monitor": {"required": False, "type": "str"}, + "monitor_hold_down_delay": {"required": False, "type": "int"}, + "monitor_hold_down_time": {"required": False, "type": "str"}, + "monitor_hold_down_type": {"required": False, "type": "str", + "choices": ["immediate", + "delay", + "time"]}, + "monitor_hold_down_weekday": {"required": False, "type": "str", + "choices": ["everyday", + "sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday"]}, + "name": {"required": True, "type": "str"}, + "nattraversal": {"required": False, "type": "str", + "choices": ["enable", + "disable", + "forced"]}, + "negotiate_timeout": {"required": False, "type": "int"}, + "net_device": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "npu_offload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "passive_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "peer": {"required": False, "type": "str"}, + "peergrp": {"required": False, "type": "str"}, + "peerid": {"required": False, "type": "str"}, + "peertype": {"required": False, "type": "str", + "choices": ["any", + "one", + "dialup", + "peer", + "peergrp"]}, + "ppk": {"required": False, "type": "str", + "choices": ["disable", + "allow", + "require"]}, + "ppk_identity": {"required": False, "type": "str"}, + "ppk_secret": {"required": False, "type": "str"}, + "priority": {"required": False, "type": "int"}, + "proposal": {"required": False, "type": "list", + "choices": ["des-md5", + "des-sha1", + "des-sha256", + "des-sha384", + "des-sha512", + "3des-md5", + "3des-sha1", + "3des-sha256", + "3des-sha384", + "3des-sha512", + "aes128-md5", + "aes128-sha1", + "aes128-sha256", + "aes128-sha384", + "aes128-sha512", + "aes192-md5", + "aes192-sha1", + "aes192-sha256", + "aes192-sha384", + "aes192-sha512", + "aes256-md5", + "aes256-sha1", + "aes256-sha256", + "aes256-sha384", + "aes256-sha512", + "aria128-md5", + "aria128-sha1", + "aria128-sha256", + "aria128-sha384", + "aria128-sha512", + "aria192-md5", + "aria192-sha1", + "aria192-sha256", + "aria192-sha384", + "aria192-sha512", + "aria256-md5", + "aria256-sha1", + "aria256-sha256", + "aria256-sha384", + "aria256-sha512", + "seed-md5", + "seed-sha1", + "seed-sha256", + "seed-sha384", + "seed-sha512"]}, + "psksecret": {"required": False, "type": "str"}, + "psksecret_remote": {"required": False, "type": "str"}, + "reauth": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rekey": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "remote_gw": {"required": False, "type": "str"}, + "remote_gw6": {"required": False, "type": "str"}, + "remotegw_ddns": {"required": False, "type": "str"}, + "rsa_signature_format": {"required": False, "type": "str", + "choices": ["pkcs1", + "pss"]}, + "save_password": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "send_cert_chain": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "signature_hash_alg": {"required": False, "type": "str", + "choices": ["sha1", + "sha2-256", + "sha2-384", + "sha2-512"]}, + "split_include_service": {"required": False, "type": "str"}, + "suite_b": {"required": False, "type": "str", + "choices": ["disable", + "suite-b-gcm-128", + "suite-b-gcm-256"]}, + "tunnel_search": {"required": False, "type": "str", + "choices": ["selectors", + "nexthop"]}, + "type": {"required": False, "type": "str", + "choices": ["static", + "dynamic", + "ddns"]}, + "unity_support": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "usrgrp": {"required": False, "type": "str"}, + "vni": {"required": False, "type": "int"}, + "wizard_type": {"required": False, "type": "str", + "choices": ["custom", + "dialup-forticlient", + "dialup-ios", + "dialup-android", + "dialup-windows", + "dialup-cisco", + "static-fortigate", + "dialup-fortigate", + "static-cisco", + "dialup-cisco-fw"]}, + "xauthtype": {"required": False, "type": "str", + "choices": ["disable", + "client", + "pap", + "chap", + "auto"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2.py new file mode 100644 index 00000000..dc2dc7fe --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2.py @@ -0,0 +1,804 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_phase2 +short_description: Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and phase2 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_phase2: + description: + - Configure VPN autokey tunnel. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + add_route: + description: + - Enable/disable automatic route addition. + type: str + choices: + - phase1 + - enable + - disable + auto_negotiate: + description: + - Enable/disable IPsec SA auto-negotiation. + type: str + choices: + - enable + - disable + comments: + description: + - Comment. + type: str + dhcp_ipsec: + description: + - Enable/disable DHCP-IPsec. + type: str + choices: + - enable + - disable + dhgrp: + description: + - Phase2 DH group. + type: str + choices: + - 1 + - 2 + - 5 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 27 + - 28 + - 29 + - 30 + - 31 + dst_addr_type: + description: + - Remote proxy ID type. + type: str + choices: + - subnet + - range + - ip + - name + dst_end_ip: + description: + - Remote proxy ID IPv4 end. + type: str + dst_end_ip6: + description: + - Remote proxy ID IPv6 end. + type: str + dst_name: + description: + - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. + type: str + dst_name6: + description: + - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. + type: str + dst_port: + description: + - Quick mode destination port (1 - 65535 or 0 for all). + type: int + dst_start_ip: + description: + - Remote proxy ID IPv4 start. + type: str + dst_start_ip6: + description: + - Remote proxy ID IPv6 start. + type: str + dst_subnet: + description: + - Remote proxy ID IPv4 subnet. + type: str + dst_subnet6: + description: + - Remote proxy ID IPv6 subnet. + type: str + encapsulation: + description: + - ESP encapsulation mode. + type: str + choices: + - tunnel-mode + - transport-mode + keepalive: + description: + - Enable/disable keep alive. + type: str + choices: + - enable + - disable + keylife_type: + description: + - Keylife type. + type: str + choices: + - seconds + - kbs + - both + keylifekbs: + description: + - Phase2 key life in number of bytes of traffic (5120 - 4294967295). + type: int + keylifeseconds: + description: + - Phase2 key life in time in seconds (120 - 172800). + type: int + l2tp: + description: + - Enable/disable L2TP over IPsec. + type: str + choices: + - enable + - disable + name: + description: + - IPsec tunnel name. + required: true + type: str + pfs: + description: + - Enable/disable PFS feature. + type: str + choices: + - enable + - disable + phase1name: + description: + - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1.name. + type: str + proposal: + description: + - Phase2 proposal. + type: str + choices: + - null-md5 + - null-sha1 + - null-sha256 + - null-sha384 + - null-sha512 + - des-null + - des-md5 + - des-sha1 + - des-sha256 + - des-sha384 + - des-sha512 + - 3des-null + - 3des-md5 + - 3des-sha1 + - 3des-sha256 + - 3des-sha384 + - 3des-sha512 + - aes128-null + - aes128-md5 + - aes128-sha1 + - aes128-sha256 + - aes128-sha384 + - aes128-sha512 + - aes128gcm + - aes192-null + - aes192-md5 + - aes192-sha1 + - aes192-sha256 + - aes192-sha384 + - aes192-sha512 + - aes256-null + - aes256-md5 + - aes256-sha1 + - aes256-sha256 + - aes256-sha384 + - aes256-sha512 + - aes256gcm + - chacha20poly1305 + - aria128-null + - aria128-md5 + - aria128-sha1 + - aria128-sha256 + - aria128-sha384 + - aria128-sha512 + - aria192-null + - aria192-md5 + - aria192-sha1 + - aria192-sha256 + - aria192-sha384 + - aria192-sha512 + - aria256-null + - aria256-md5 + - aria256-sha1 + - aria256-sha256 + - aria256-sha384 + - aria256-sha512 + - seed-null + - seed-md5 + - seed-sha1 + - seed-sha256 + - seed-sha384 + - seed-sha512 + protocol: + description: + - Quick mode protocol selector (1 - 255 or 0 for all). + type: int + replay: + description: + - Enable/disable replay detection. + type: str + choices: + - enable + - disable + route_overlap: + description: + - Action for overlapping routes. + type: str + choices: + - use-old + - use-new + - allow + selector_match: + description: + - Match type to use when comparing selectors. + type: str + choices: + - exact + - subset + - auto + single_source: + description: + - Enable/disable single source IP restriction. + type: str + choices: + - enable + - disable + src_addr_type: + description: + - Local proxy ID type. + type: str + choices: + - subnet + - range + - ip + - name + src_end_ip: + description: + - Local proxy ID end. + type: str + src_end_ip6: + description: + - Local proxy ID IPv6 end. + type: str + src_name: + description: + - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. + type: str + src_name6: + description: + - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. + type: str + src_port: + description: + - Quick mode source port (1 - 65535 or 0 for all). + type: int + src_start_ip: + description: + - Local proxy ID start. + type: str + src_start_ip6: + description: + - Local proxy ID IPv6 start. + type: str + src_subnet: + description: + - Local proxy ID subnet. + type: str + src_subnet6: + description: + - Local proxy ID IPv6 subnet. + type: str + use_natip: + description: + - Enable to use the FortiGate public IP as the source selector when outbound NAT is used. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN autokey tunnel. + fortios_vpn_ipsec_phase2: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase2: + add_route: "phase1" + auto_negotiate: "enable" + comments: "" + dhcp_ipsec: "enable" + dhgrp: "1" + dst_addr_type: "subnet" + dst_end_ip: "" + dst_end_ip6: "" + dst_name: " (source firewall.address.name firewall.addrgrp.name)" + dst_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + dst_port: "13" + dst_start_ip: "" + dst_start_ip6: "" + dst_subnet: "" + dst_subnet6: "" + encapsulation: "tunnel-mode" + keepalive: "enable" + keylife_type: "seconds" + keylifekbs: "21" + keylifeseconds: "22" + l2tp: "enable" + name: "default_name_24" + pfs: "enable" + phase1name: " (source vpn.ipsec.phase1.name)" + proposal: "null-md5" + protocol: "28" + replay: "enable" + route_overlap: "use-old" + selector_match: "exact" + single_source: "enable" + src_addr_type: "subnet" + src_end_ip: "" + src_end_ip6: "" + src_name: " (source firewall.address.name firewall.addrgrp.name)" + src_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + src_port: "38" + src_start_ip: "" + src_start_ip6: "" + src_subnet: "" + src_subnet6: "" + use_natip: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_phase2_data(json): + option_list = ['add_route', 'auto_negotiate', 'comments', + 'dhcp_ipsec', 'dhgrp', 'dst_addr_type', + 'dst_end_ip', 'dst_end_ip6', 'dst_name', + 'dst_name6', 'dst_port', 'dst_start_ip', + 'dst_start_ip6', 'dst_subnet', 'dst_subnet6', + 'encapsulation', 'keepalive', 'keylife_type', + 'keylifekbs', 'keylifeseconds', 'l2tp', + 'name', 'pfs', 'phase1name', + 'proposal', 'protocol', 'replay', + 'route_overlap', 'selector_match', 'single_source', + 'src_addr_type', 'src_end_ip', 'src_end_ip6', + 'src_name', 'src_name6', 'src_port', + 'src_start_ip', 'src_start_ip6', 'src_subnet', + 'src_subnet6', 'use_natip'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_phase2(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_phase2'] and data['vpn_ipsec_phase2']['state']: + state = data['vpn_ipsec_phase2']['state'] + else: + state = True + vpn_ipsec_phase2_data = data['vpn_ipsec_phase2'] + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase2_data(vpn_ipsec_phase2_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'phase2', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'phase2', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_phase2']: + resp = vpn_ipsec_phase2(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_phase2')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_phase2": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "add_route": {"required": False, "type": "str", + "choices": ["phase1", + "enable", + "disable"]}, + "auto_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comments": {"required": False, "type": "str"}, + "dhcp_ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhgrp": {"required": False, "type": "str", + "choices": ["1", + "2", + "5", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "27", + "28", + "29", + "30", + "31"]}, + "dst_addr_type": {"required": False, "type": "str", + "choices": ["subnet", + "range", + "ip", + "name"]}, + "dst_end_ip": {"required": False, "type": "str"}, + "dst_end_ip6": {"required": False, "type": "str"}, + "dst_name": {"required": False, "type": "str"}, + "dst_name6": {"required": False, "type": "str"}, + "dst_port": {"required": False, "type": "int"}, + "dst_start_ip": {"required": False, "type": "str"}, + "dst_start_ip6": {"required": False, "type": "str"}, + "dst_subnet": {"required": False, "type": "str"}, + "dst_subnet6": {"required": False, "type": "str"}, + "encapsulation": {"required": False, "type": "str", + "choices": ["tunnel-mode", + "transport-mode"]}, + "keepalive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "keylife_type": {"required": False, "type": "str", + "choices": ["seconds", + "kbs", + "both"]}, + "keylifekbs": {"required": False, "type": "int"}, + "keylifeseconds": {"required": False, "type": "int"}, + "l2tp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "pfs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "phase1name": {"required": False, "type": "str"}, + "proposal": {"required": False, "type": "str", + "choices": ["null-md5", + "null-sha1", + "null-sha256", + "null-sha384", + "null-sha512", + "des-null", + "des-md5", + "des-sha1", + "des-sha256", + "des-sha384", + "des-sha512", + "3des-null", + "3des-md5", + "3des-sha1", + "3des-sha256", + "3des-sha384", + "3des-sha512", + "aes128-null", + "aes128-md5", + "aes128-sha1", + "aes128-sha256", + "aes128-sha384", + "aes128-sha512", + "aes128gcm", + "aes192-null", + "aes192-md5", + "aes192-sha1", + "aes192-sha256", + "aes192-sha384", + "aes192-sha512", + "aes256-null", + "aes256-md5", + "aes256-sha1", + "aes256-sha256", + "aes256-sha384", + "aes256-sha512", + "aes256gcm", + "chacha20poly1305", + "aria128-null", + "aria128-md5", + "aria128-sha1", + "aria128-sha256", + "aria128-sha384", + "aria128-sha512", + "aria192-null", + "aria192-md5", + "aria192-sha1", + "aria192-sha256", + "aria192-sha384", + "aria192-sha512", + "aria256-null", + "aria256-md5", + "aria256-sha1", + "aria256-sha256", + "aria256-sha384", + "aria256-sha512", + "seed-null", + "seed-md5", + "seed-sha1", + "seed-sha256", + "seed-sha384", + "seed-sha512"]}, + "protocol": {"required": False, "type": "int"}, + "replay": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_overlap": {"required": False, "type": "str", + "choices": ["use-old", + "use-new", + "allow"]}, + "selector_match": {"required": False, "type": "str", + "choices": ["exact", + "subset", + "auto"]}, + "single_source": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "src_addr_type": {"required": False, "type": "str", + "choices": ["subnet", + "range", + "ip", + "name"]}, + "src_end_ip": {"required": False, "type": "str"}, + "src_end_ip6": {"required": False, "type": "str"}, + "src_name": {"required": False, "type": "str"}, + "src_name6": {"required": False, "type": "str"}, + "src_port": {"required": False, "type": "int"}, + "src_start_ip": {"required": False, "type": "str"}, + "src_start_ip6": {"required": False, "type": "str"}, + "src_subnet": {"required": False, "type": "str"}, + "src_subnet6": {"required": False, "type": "str"}, + "use_natip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2_interface.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2_interface.py new file mode 100644 index 00000000..8804e9a1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase2_interface.py @@ -0,0 +1,838 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ipsec_phase2_interface +short_description: Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ipsec feature and phase2_interface category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ipsec_phase2_interface: + description: + - Configure VPN autokey tunnel. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + add_route: + description: + - Enable/disable automatic route addition. + type: str + choices: + - phase1 + - enable + - disable + auto_discovery_forwarder: + description: + - Enable/disable forwarding short-cut messages. + type: str + choices: + - phase1 + - enable + - disable + auto_discovery_sender: + description: + - Enable/disable sending short-cut messages. + type: str + choices: + - phase1 + - enable + - disable + auto_negotiate: + description: + - Enable/disable IPsec SA auto-negotiation. + type: str + choices: + - enable + - disable + comments: + description: + - Comment. + type: str + dhcp_ipsec: + description: + - Enable/disable DHCP-IPsec. + type: str + choices: + - enable + - disable + dhgrp: + description: + - Phase2 DH group. + type: str + choices: + - 1 + - 2 + - 5 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 27 + - 28 + - 29 + - 30 + - 31 + dst_addr_type: + description: + - Remote proxy ID type. + type: str + choices: + - subnet + - range + - ip + - name + - subnet6 + - range6 + - ip6 + - name6 + dst_end_ip: + description: + - Remote proxy ID IPv4 end. + type: str + dst_end_ip6: + description: + - Remote proxy ID IPv6 end. + type: str + dst_name: + description: + - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. + type: str + dst_name6: + description: + - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. + type: str + dst_port: + description: + - Quick mode destination port (1 - 65535 or 0 for all). + type: int + dst_start_ip: + description: + - Remote proxy ID IPv4 start. + type: str + dst_start_ip6: + description: + - Remote proxy ID IPv6 start. + type: str + dst_subnet: + description: + - Remote proxy ID IPv4 subnet. + type: str + dst_subnet6: + description: + - Remote proxy ID IPv6 subnet. + type: str + encapsulation: + description: + - ESP encapsulation mode. + type: str + choices: + - tunnel-mode + - transport-mode + keepalive: + description: + - Enable/disable keep alive. + type: str + choices: + - enable + - disable + keylife_type: + description: + - Keylife type. + type: str + choices: + - seconds + - kbs + - both + keylifekbs: + description: + - Phase2 key life in number of bytes of traffic (5120 - 4294967295). + type: int + keylifeseconds: + description: + - Phase2 key life in time in seconds (120 - 172800). + type: int + l2tp: + description: + - Enable/disable L2TP over IPsec. + type: str + choices: + - enable + - disable + name: + description: + - IPsec tunnel name. + required: true + type: str + pfs: + description: + - Enable/disable PFS feature. + type: str + choices: + - enable + - disable + phase1name: + description: + - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1-interface.name. + type: str + proposal: + description: + - Phase2 proposal. + type: list + choices: + - null-md5 + - null-sha1 + - null-sha256 + - null-sha384 + - null-sha512 + - des-null + - des-md5 + - des-sha1 + - des-sha256 + - des-sha384 + - des-sha512 + - 3des-null + - 3des-md5 + - 3des-sha1 + - 3des-sha256 + - 3des-sha384 + - 3des-sha512 + - aes128-null + - aes128-md5 + - aes128-sha1 + - aes128-sha256 + - aes128-sha384 + - aes128-sha512 + - aes128gcm + - aes192-null + - aes192-md5 + - aes192-sha1 + - aes192-sha256 + - aes192-sha384 + - aes192-sha512 + - aes256-null + - aes256-md5 + - aes256-sha1 + - aes256-sha256 + - aes256-sha384 + - aes256-sha512 + - aes256gcm + - chacha20poly1305 + - aria128-null + - aria128-md5 + - aria128-sha1 + - aria128-sha256 + - aria128-sha384 + - aria128-sha512 + - aria192-null + - aria192-md5 + - aria192-sha1 + - aria192-sha256 + - aria192-sha384 + - aria192-sha512 + - aria256-null + - aria256-md5 + - aria256-sha1 + - aria256-sha256 + - aria256-sha384 + - aria256-sha512 + - seed-null + - seed-md5 + - seed-sha1 + - seed-sha256 + - seed-sha384 + - seed-sha512 + protocol: + description: + - Quick mode protocol selector (1 - 255 or 0 for all). + type: int + replay: + description: + - Enable/disable replay detection. + type: str + choices: + - enable + - disable + route_overlap: + description: + - Action for overlapping routes. + type: str + choices: + - use-old + - use-new + - allow + single_source: + description: + - Enable/disable single source IP restriction. + type: str + choices: + - enable + - disable + src_addr_type: + description: + - Local proxy ID type. + type: str + choices: + - subnet + - range + - ip + - name + - subnet6 + - range6 + - ip6 + - name6 + src_end_ip: + description: + - Local proxy ID end. + type: str + src_end_ip6: + description: + - Local proxy ID IPv6 end. + type: str + src_name: + description: + - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. + type: str + src_name6: + description: + - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. + type: str + src_port: + description: + - Quick mode source port (1 - 65535 or 0 for all). + type: int + src_start_ip: + description: + - Local proxy ID start. + type: str + src_start_ip6: + description: + - Local proxy ID IPv6 start. + type: str + src_subnet: + description: + - Local proxy ID subnet. + type: str + src_subnet6: + description: + - Local proxy ID IPv6 subnet. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure VPN autokey tunnel. + fortios_vpn_ipsec_phase2_interface: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ipsec_phase2_interface: + add_route: "phase1" + auto_discovery_forwarder: "phase1" + auto_discovery_sender: "phase1" + auto_negotiate: "enable" + comments: "" + dhcp_ipsec: "enable" + dhgrp: "1" + dst_addr_type: "subnet" + dst_end_ip: "" + dst_end_ip6: "" + dst_name: " (source firewall.address.name firewall.addrgrp.name)" + dst_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + dst_port: "15" + dst_start_ip: "" + dst_start_ip6: "" + dst_subnet: "" + dst_subnet6: "" + encapsulation: "tunnel-mode" + keepalive: "enable" + keylife_type: "seconds" + keylifekbs: "23" + keylifeseconds: "24" + l2tp: "enable" + name: "default_name_26" + pfs: "enable" + phase1name: " (source vpn.ipsec.phase1-interface.name)" + proposal: "null-md5" + protocol: "30" + replay: "enable" + route_overlap: "use-old" + single_source: "enable" + src_addr_type: "subnet" + src_end_ip: "" + src_end_ip6: "" + src_name: " (source firewall.address.name firewall.addrgrp.name)" + src_name6: " (source firewall.address6.name firewall.addrgrp6.name)" + src_port: "39" + src_start_ip: "" + src_start_ip6: "" + src_subnet: "" + src_subnet6: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ipsec_phase2_interface_data(json): + option_list = ['add_route', 'auto_discovery_forwarder', 'auto_discovery_sender', + 'auto_negotiate', 'comments', 'dhcp_ipsec', + 'dhgrp', 'dst_addr_type', 'dst_end_ip', + 'dst_end_ip6', 'dst_name', 'dst_name6', + 'dst_port', 'dst_start_ip', 'dst_start_ip6', + 'dst_subnet', 'dst_subnet6', 'encapsulation', + 'keepalive', 'keylife_type', 'keylifekbs', + 'keylifeseconds', 'l2tp', 'name', + 'pfs', 'phase1name', 'proposal', + 'protocol', 'replay', 'route_overlap', + 'single_source', 'src_addr_type', 'src_end_ip', + 'src_end_ip6', 'src_name', 'src_name6', + 'src_port', 'src_start_ip', 'src_start_ip6', + 'src_subnet', 'src_subnet6'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'proposal']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ipsec_phase2_interface(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ipsec_phase2_interface'] and data['vpn_ipsec_phase2_interface']['state']: + state = data['vpn_ipsec_phase2_interface']['state'] + else: + state = True + vpn_ipsec_phase2_interface_data = data['vpn_ipsec_phase2_interface'] + vpn_ipsec_phase2_interface_data = flatten_multilists_attributes(vpn_ipsec_phase2_interface_data) + filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase2_interface_data(vpn_ipsec_phase2_interface_data)) + + if state == "present": + return fos.set('vpn.ipsec', + 'phase2-interface', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ipsec', + 'phase2-interface', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ipsec(data, fos): + + if data['vpn_ipsec_phase2_interface']: + resp = vpn_ipsec_phase2_interface(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ipsec_phase2_interface')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ipsec_phase2_interface": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "add_route": {"required": False, "type": "str", + "choices": ["phase1", + "enable", + "disable"]}, + "auto_discovery_forwarder": {"required": False, "type": "str", + "choices": ["phase1", + "enable", + "disable"]}, + "auto_discovery_sender": {"required": False, "type": "str", + "choices": ["phase1", + "enable", + "disable"]}, + "auto_negotiate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comments": {"required": False, "type": "str"}, + "dhcp_ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhgrp": {"required": False, "type": "str", + "choices": ["1", + "2", + "5", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "27", + "28", + "29", + "30", + "31"]}, + "dst_addr_type": {"required": False, "type": "str", + "choices": ["subnet", + "range", + "ip", + "name", + "subnet6", + "range6", + "ip6", + "name6"]}, + "dst_end_ip": {"required": False, "type": "str"}, + "dst_end_ip6": {"required": False, "type": "str"}, + "dst_name": {"required": False, "type": "str"}, + "dst_name6": {"required": False, "type": "str"}, + "dst_port": {"required": False, "type": "int"}, + "dst_start_ip": {"required": False, "type": "str"}, + "dst_start_ip6": {"required": False, "type": "str"}, + "dst_subnet": {"required": False, "type": "str"}, + "dst_subnet6": {"required": False, "type": "str"}, + "encapsulation": {"required": False, "type": "str", + "choices": ["tunnel-mode", + "transport-mode"]}, + "keepalive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "keylife_type": {"required": False, "type": "str", + "choices": ["seconds", + "kbs", + "both"]}, + "keylifekbs": {"required": False, "type": "int"}, + "keylifeseconds": {"required": False, "type": "int"}, + "l2tp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "pfs": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "phase1name": {"required": False, "type": "str"}, + "proposal": {"required": False, "type": "list", + "choices": ["null-md5", + "null-sha1", + "null-sha256", + "null-sha384", + "null-sha512", + "des-null", + "des-md5", + "des-sha1", + "des-sha256", + "des-sha384", + "des-sha512", + "3des-null", + "3des-md5", + "3des-sha1", + "3des-sha256", + "3des-sha384", + "3des-sha512", + "aes128-null", + "aes128-md5", + "aes128-sha1", + "aes128-sha256", + "aes128-sha384", + "aes128-sha512", + "aes128gcm", + "aes192-null", + "aes192-md5", + "aes192-sha1", + "aes192-sha256", + "aes192-sha384", + "aes192-sha512", + "aes256-null", + "aes256-md5", + "aes256-sha1", + "aes256-sha256", + "aes256-sha384", + "aes256-sha512", + "aes256gcm", + "chacha20poly1305", + "aria128-null", + "aria128-md5", + "aria128-sha1", + "aria128-sha256", + "aria128-sha384", + "aria128-sha512", + "aria192-null", + "aria192-md5", + "aria192-sha1", + "aria192-sha256", + "aria192-sha384", + "aria192-sha512", + "aria256-null", + "aria256-md5", + "aria256-sha1", + "aria256-sha256", + "aria256-sha384", + "aria256-sha512", + "seed-null", + "seed-md5", + "seed-sha1", + "seed-sha256", + "seed-sha384", + "seed-sha512"]}, + "protocol": {"required": False, "type": "int"}, + "replay": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_overlap": {"required": False, "type": "str", + "choices": ["use-old", + "use-new", + "allow"]}, + "single_source": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "src_addr_type": {"required": False, "type": "str", + "choices": ["subnet", + "range", + "ip", + "name", + "subnet6", + "range6", + "ip6", + "name6"]}, + "src_end_ip": {"required": False, "type": "str"}, + "src_end_ip6": {"required": False, "type": "str"}, + "src_name": {"required": False, "type": "str"}, + "src_name6": {"required": False, "type": "str"}, + "src_port": {"required": False, "type": "int"}, + "src_start_ip": {"required": False, "type": "str"}, + "src_start_ip6": {"required": False, "type": "str"}, + "src_subnet": {"required": False, "type": "str"}, + "src_subnet6": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_l2tp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_l2tp.py new file mode 100644 index 00000000..8a679a31 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_l2tp.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_l2tp +short_description: Configure L2TP in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn feature and l2tp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + vpn_l2tp: + description: + - Configure L2TP. + default: null + type: dict + suboptions: + eip: + description: + - End IP. + type: str + enforce_ipsec: + description: + - Enable/disable IPsec enforcement. + type: str + choices: + - enable + - disable + sip: + description: + - Start IP. + type: str + status: + description: + - Enable/disable FortiGate as a L2TP gateway. + type: str + choices: + - enable + - disable + usrgrp: + description: + - User group. Source user.group.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure L2TP. + fortios_vpn_l2tp: + vdom: "{{ vdom }}" + vpn_l2tp: + eip: "" + enforce_ipsec: "enable" + sip: "" + status: "enable" + usrgrp: " (source user.group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_l2tp_data(json): + option_list = ['eip', 'enforce_ipsec', 'sip', + 'status', 'usrgrp'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_l2tp(data, fos): + vdom = data['vdom'] + vpn_l2tp_data = data['vpn_l2tp'] + filtered_data = underscore_to_hyphen(filter_vpn_l2tp_data(vpn_l2tp_data)) + + return fos.set('vpn', + 'l2tp', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn(data, fos): + + if data['vpn_l2tp']: + resp = vpn_l2tp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_l2tp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "vpn_l2tp": { + "required": False, "type": "dict", "default": None, + "options": { + "eip": {"required": False, "type": "str"}, + "enforce_ipsec": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "usrgrp": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ocvpn.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ocvpn.py new file mode 100644 index 00000000..5d940a03 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ocvpn.py @@ -0,0 +1,292 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ocvpn +short_description: Configure One-Click VPN settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn feature and ocvpn category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + vpn_ocvpn: + description: + - Configure One-Click VPN settings. + default: null + type: dict + suboptions: + poll_interval: + description: + - OCVPN polling interval. + type: int + status: + description: + - Enable/disable One-Click cloud assisted VPN. + type: str + choices: + - enable + - disable + subnets: + description: + - Internal subnets to register with OCVPN service. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + subnet: + description: + - IPv4 address and subnet mask. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure One-Click VPN settings. + fortios_vpn_ocvpn: + vdom: "{{ vdom }}" + vpn_ocvpn: + poll_interval: "3" + status: "enable" + subnets: + - + id: "6" + subnet: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ocvpn_data(json): + option_list = ['poll_interval', 'status', 'subnets'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ocvpn(data, fos): + vdom = data['vdom'] + vpn_ocvpn_data = data['vpn_ocvpn'] + filtered_data = underscore_to_hyphen(filter_vpn_ocvpn_data(vpn_ocvpn_data)) + + return fos.set('vpn', + 'ocvpn', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn(data, fos): + + if data['vpn_ocvpn']: + resp = vpn_ocvpn(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ocvpn')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "vpn_ocvpn": { + "required": False, "type": "dict", "default": None, + "options": { + "poll_interval": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "subnets": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "subnet": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_pptp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_pptp.py new file mode 100644 index 00000000..e15093ad --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_pptp.py @@ -0,0 +1,299 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_pptp +short_description: Configure PPTP in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn feature and pptp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + vpn_pptp: + description: + - Configure PPTP. + default: null + type: dict + suboptions: + eip: + description: + - End IP. + type: str + ip_mode: + description: + - IP assignment mode for PPTP client. + type: str + choices: + - range + - usrgrp + local_ip: + description: + - Local IP to be used for peer"s remote IP. + type: str + sip: + description: + - Start IP. + type: str + status: + description: + - Enable/disable FortiGate as a PPTP gateway. + type: str + choices: + - enable + - disable + usrgrp: + description: + - User group. Source user.group.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure PPTP. + fortios_vpn_pptp: + vdom: "{{ vdom }}" + vpn_pptp: + eip: "" + ip_mode: "range" + local_ip: "" + sip: "" + status: "enable" + usrgrp: " (source user.group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_pptp_data(json): + option_list = ['eip', 'ip_mode', 'local_ip', + 'sip', 'status', 'usrgrp'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_pptp(data, fos): + vdom = data['vdom'] + vpn_pptp_data = data['vpn_pptp'] + filtered_data = underscore_to_hyphen(filter_vpn_pptp_data(vpn_pptp_data)) + + return fos.set('vpn', + 'pptp', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn(data, fos): + + if data['vpn_pptp']: + resp = vpn_pptp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_pptp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "vpn_pptp": { + "required": False, "type": "dict", "default": None, + "options": { + "eip": {"required": False, "type": "str"}, + "ip_mode": {"required": False, "type": "str", + "choices": ["range", + "usrgrp"]}, + "local_ip": {"required": False, "type": "str"}, + "sip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "usrgrp": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_settings.py new file mode 100644 index 00000000..5ec3ec21 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_settings.py @@ -0,0 +1,986 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ssl_settings +short_description: Configure SSL VPN in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ssl feature and settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + vpn_ssl_settings: + description: + - Configure SSL VPN. + default: null + type: dict + suboptions: + algorithm: + description: + - Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. + type: str + choices: + - high + - medium + - default + - low + auth_timeout: + description: + - SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout). + type: int + authentication_rule: + description: + - Authentication rule for SSL VPN. + type: list + suboptions: + auth: + description: + - SSL VPN authentication method restriction. + type: str + choices: + - any + - local + - radius + - tacacs+ + - ldap + cipher: + description: + - SSL VPN cipher strength. + type: str + choices: + - any + - high + - medium + client_cert: + description: + - Enable/disable SSL VPN client certificate restrictive. + type: str + choices: + - enable + - disable + groups: + description: + - User groups. + type: list + suboptions: + name: + description: + - Group name. Source user.group.name. + required: true + type: str + id: + description: + - ID (0 - 4294967295). + required: true + type: int + portal: + description: + - SSL VPN portal. Source vpn.ssl.web.portal.name. + type: str + realm: + description: + - SSL VPN realm. Source vpn.ssl.web.realm.url-path. + type: str + source_address: + description: + - Source address of incoming traffic. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + source_address_negate: + description: + - Enable/disable negated source address match. + type: str + choices: + - enable + - disable + source_address6: + description: + - IPv6 source address of incoming traffic. + type: list + suboptions: + name: + description: + - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + source_address6_negate: + description: + - Enable/disable negated source IPv6 address match. + type: str + choices: + - enable + - disable + source_interface: + description: + - SSL VPN source interface of incoming traffic. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + users: + description: + - User name. + type: list + suboptions: + name: + description: + - User name. Source user.local.name. + required: true + type: str + auto_tunnel_static_route: + description: + - Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. + type: str + choices: + - enable + - disable + banned_cipher: + description: + - Select one or more cipher technologies that cannot be used in SSL-VPN negotiations. + type: list + choices: + - RSA + - DH + - DHE + - ECDH + - ECDHE + - DSS + - ECDSA + - AES + - AESGCM + - CAMELLIA + - 3DES + - SHA1 + - SHA256 + - SHA384 + - STATIC + check_referer: + description: + - Enable/disable verification of referer field in HTTP request header. + type: str + choices: + - enable + - disable + default_portal: + description: + - Default SSL VPN portal. Source vpn.ssl.web.portal.name. + type: str + deflate_compression_level: + description: + - Compression level (0~9). + type: int + deflate_min_data_size: + description: + - Minimum amount of data that triggers compression (200 - 65535 bytes). + type: int + dns_server1: + description: + - DNS server 1. + type: str + dns_server2: + description: + - DNS server 2. + type: str + dns_suffix: + description: + - DNS suffix used for SSL-VPN clients. + type: str + dtls_hello_timeout: + description: + - SSLVPN maximum DTLS hello timeout (10 - 60 sec). + type: int + dtls_tunnel: + description: + - Enable DTLS to prevent eavesdropping, tampering, or message forgery. + type: str + choices: + - enable + - disable + force_two_factor_auth: + description: + - Enable to force two-factor authentication for all SSL-VPNs. + type: str + choices: + - enable + - disable + header_x_forwarded_for: + description: + - Forward the same, add, or remove HTTP header. + type: str + choices: + - pass + - add + - remove + http_compression: + description: + - Enable to allow HTTP compression over SSL-VPN tunnels. + type: str + choices: + - enable + - disable + http_only_cookie: + description: + - Enable/disable SSL-VPN support for HttpOnly cookies. + type: str + choices: + - enable + - disable + http_request_body_timeout: + description: + - SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec). + type: int + http_request_header_timeout: + description: + - SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec). + type: int + https_redirect: + description: + - Enable/disable redirect of port 80 to SSL-VPN port. + type: str + choices: + - enable + - disable + idle_timeout: + description: + - SSL VPN disconnects if idle for specified time in seconds. + type: int + ipv6_dns_server1: + description: + - IPv6 DNS server 1. + type: str + ipv6_dns_server2: + description: + - IPv6 DNS server 2. + type: str + ipv6_wins_server1: + description: + - IPv6 WINS server 1. + type: str + ipv6_wins_server2: + description: + - IPv6 WINS server 2. + type: str + login_attempt_limit: + description: + - SSL VPN maximum login attempt times before block (0 - 10). + type: int + login_block_time: + description: + - Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec). + type: int + login_timeout: + description: + - SSLVPN maximum login timeout (10 - 180 sec). + type: int + port: + description: + - SSL-VPN access port (1 - 65535). + type: int + port_precedence: + description: + - Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. + type: str + choices: + - enable + - disable + reqclientcert: + description: + - Enable to require client certificates for all SSL-VPN users. + type: str + choices: + - enable + - disable + route_source_interface: + description: + - Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. + type: str + choices: + - enable + - disable + servercert: + description: + - Name of the server certificate to be used for SSL-VPNs. Source vpn.certificate.local.name. + type: str + source_address: + description: + - Source address of incoming traffic. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + source_address_negate: + description: + - Enable/disable negated source address match. + type: str + choices: + - enable + - disable + source_address6: + description: + - IPv6 source address of incoming traffic. + type: list + suboptions: + name: + description: + - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + source_address6_negate: + description: + - Enable/disable negated source IPv6 address match. + type: str + choices: + - enable + - disable + source_interface: + description: + - SSL VPN source interface of incoming traffic. + type: list + suboptions: + name: + description: + - Interface name. Source system.interface.name system.zone.name. + required: true + type: str + ssl_big_buffer: + description: + - Disable use of the big SSLv3 buffer feature to save memory and force higher security. + type: str + choices: + - enable + - disable + ssl_client_renegotiation: + description: + - Enable to allow client renegotiation by the server if the tunnel goes down. + type: str + choices: + - disable + - enable + ssl_insert_empty_fragment: + description: + - Enable/disable insertion of empty fragment. + type: str + choices: + - enable + - disable + sslv3: + description: + - sslv3 + type: str + choices: + - enable + - disable + tlsv1_0: + description: + - Enable/disable TLSv1.0. + type: str + choices: + - enable + - disable + tlsv1_1: + description: + - Enable/disable TLSv1.1. + type: str + choices: + - enable + - disable + tlsv1_2: + description: + - Enable/disable TLSv1.2. + type: str + choices: + - enable + - disable + tunnel_ip_pools: + description: + - Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + tunnel_ipv6_pools: + description: + - Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + unsafe_legacy_renegotiation: + description: + - Enable/disable unsafe legacy re-negotiation. + type: str + choices: + - enable + - disable + url_obscuration: + description: + - Enable to obscure the host name of the URL of the web browser display. + type: str + choices: + - enable + - disable + wins_server1: + description: + - WINS server 1. + type: str + wins_server2: + description: + - WINS server 2. + type: str + x_content_type_options: + description: + - Add HTTP X-Content-Type-Options header. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL VPN. + fortios_vpn_ssl_settings: + vdom: "{{ vdom }}" + vpn_ssl_settings: + algorithm: "high" + auth_timeout: "4" + authentication_rule: + - + auth: "any" + cipher: "any" + client_cert: "enable" + groups: + - + name: "default_name_10 (source user.group.name)" + id: "11" + portal: " (source vpn.ssl.web.portal.name)" + realm: " (source vpn.ssl.web.realm.url-path)" + source_address: + - + name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)" + source_address_negate: "enable" + source_address6: + - + name: "default_name_18 (source firewall.address6.name firewall.addrgrp6.name)" + source_address6_negate: "enable" + source_interface: + - + name: "default_name_21 (source system.interface.name system.zone.name)" + users: + - + name: "default_name_23 (source user.local.name)" + auto_tunnel_static_route: "enable" + banned_cipher: "RSA" + check_referer: "enable" + default_portal: " (source vpn.ssl.web.portal.name)" + deflate_compression_level: "28" + deflate_min_data_size: "29" + dns_server1: "" + dns_server2: "" + dns_suffix: "" + dtls_hello_timeout: "33" + dtls_tunnel: "enable" + force_two_factor_auth: "enable" + header_x_forwarded_for: "pass" + http_compression: "enable" + http_only_cookie: "enable" + http_request_body_timeout: "39" + http_request_header_timeout: "40" + https_redirect: "enable" + idle_timeout: "42" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_wins_server1: "" + ipv6_wins_server2: "" + login_attempt_limit: "47" + login_block_time: "48" + login_timeout: "49" + port: "50" + port_precedence: "enable" + reqclientcert: "enable" + route_source_interface: "enable" + servercert: " (source vpn.certificate.local.name)" + source_address: + - + name: "default_name_56 (source firewall.address.name firewall.addrgrp.name)" + source_address_negate: "enable" + source_address6: + - + name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)" + source_address6_negate: "enable" + source_interface: + - + name: "default_name_62 (source system.interface.name system.zone.name)" + ssl_big_buffer: "enable" + ssl_client_renegotiation: "disable" + ssl_insert_empty_fragment: "enable" + sslv3: "enable" + tlsv1_0: "enable" + tlsv1_1: "enable" + tlsv1_2: "enable" + tunnel_ip_pools: + - + name: "default_name_71 (source firewall.address.name firewall.addrgrp.name)" + tunnel_ipv6_pools: + - + name: "default_name_73 (source firewall.address6.name firewall.addrgrp6.name)" + unsafe_legacy_renegotiation: "enable" + url_obscuration: "enable" + wins_server1: "" + wins_server2: "" + x_content_type_options: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ssl_settings_data(json): + option_list = ['algorithm', 'auth_timeout', 'authentication_rule', + 'auto_tunnel_static_route', 'banned_cipher', 'check_referer', + 'default_portal', 'deflate_compression_level', 'deflate_min_data_size', + 'dns_server1', 'dns_server2', 'dns_suffix', + 'dtls_hello_timeout', 'dtls_tunnel', 'force_two_factor_auth', + 'header_x_forwarded_for', 'http_compression', 'http_only_cookie', + 'http_request_body_timeout', 'http_request_header_timeout', 'https_redirect', + 'idle_timeout', 'ipv6_dns_server1', 'ipv6_dns_server2', + 'ipv6_wins_server1', 'ipv6_wins_server2', 'login_attempt_limit', + 'login_block_time', 'login_timeout', 'port', + 'port_precedence', 'reqclientcert', 'route_source_interface', + 'servercert', 'source_address', 'source_address_negate', + 'source_address6', 'source_address6_negate', 'source_interface', + 'ssl_big_buffer', 'ssl_client_renegotiation', 'ssl_insert_empty_fragment', + 'sslv3', 'tlsv1_0', 'tlsv1_1', + 'tlsv1_2', 'tunnel_ip_pools', 'tunnel_ipv6_pools', + 'unsafe_legacy_renegotiation', 'url_obscuration', 'wins_server1', + 'wins_server2', 'x_content_type_options'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def flatten_multilists_attributes(data): + multilist_attrs = [[u'banned_cipher']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ssl_settings(data, fos): + vdom = data['vdom'] + vpn_ssl_settings_data = data['vpn_ssl_settings'] + vpn_ssl_settings_data = flatten_multilists_attributes(vpn_ssl_settings_data) + filtered_data = underscore_to_hyphen(filter_vpn_ssl_settings_data(vpn_ssl_settings_data)) + + return fos.set('vpn.ssl', + 'settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ssl(data, fos): + + if data['vpn_ssl_settings']: + resp = vpn_ssl_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ssl_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "vpn_ssl_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "default", + "low"]}, + "auth_timeout": {"required": False, "type": "int"}, + "authentication_rule": {"required": False, "type": "list", + "options": { + "auth": {"required": False, "type": "str", + "choices": ["any", + "local", + "radius", + "tacacs+", + "ldap"]}, + "cipher": {"required": False, "type": "str", + "choices": ["any", + "high", + "medium"]}, + "client_cert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "groups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "portal": {"required": False, "type": "str"}, + "realm": {"required": False, "type": "str"}, + "source_address": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "source_address_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "source_address6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "source_address6_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "source_interface": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "users": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "auto_tunnel_static_route": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "banned_cipher": {"required": False, "type": "list", + "choices": ["RSA", + "DH", + "DHE", + "ECDH", + "ECDHE", + "DSS", + "ECDSA", + "AES", + "AESGCM", + "CAMELLIA", + "3DES", + "SHA1", + "SHA256", + "SHA384", + "STATIC"]}, + "check_referer": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_portal": {"required": False, "type": "str"}, + "deflate_compression_level": {"required": False, "type": "int"}, + "deflate_min_data_size": {"required": False, "type": "int"}, + "dns_server1": {"required": False, "type": "str"}, + "dns_server2": {"required": False, "type": "str"}, + "dns_suffix": {"required": False, "type": "str"}, + "dtls_hello_timeout": {"required": False, "type": "int"}, + "dtls_tunnel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "force_two_factor_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "header_x_forwarded_for": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "http_compression": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "http_only_cookie": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "http_request_body_timeout": {"required": False, "type": "int"}, + "http_request_header_timeout": {"required": False, "type": "int"}, + "https_redirect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "idle_timeout": {"required": False, "type": "int"}, + "ipv6_dns_server1": {"required": False, "type": "str"}, + "ipv6_dns_server2": {"required": False, "type": "str"}, + "ipv6_wins_server1": {"required": False, "type": "str"}, + "ipv6_wins_server2": {"required": False, "type": "str"}, + "login_attempt_limit": {"required": False, "type": "int"}, + "login_block_time": {"required": False, "type": "int"}, + "login_timeout": {"required": False, "type": "int"}, + "port": {"required": False, "type": "int"}, + "port_precedence": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "reqclientcert": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "route_source_interface": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "servercert": {"required": False, "type": "str"}, + "source_address": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "source_address_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "source_address6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "source_address6_negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "source_interface": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ssl_big_buffer": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_client_renegotiation": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ssl_insert_empty_fragment": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sslv3": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tlsv1_0": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tlsv1_1": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tlsv1_2": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_ip_pools": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "tunnel_ipv6_pools": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "unsafe_legacy_renegotiation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "url_obscuration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wins_server1": {"required": False, "type": "str"}, + "wins_server2": {"required": False, "type": "str"}, + "x_content_type_options": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ssl(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_host_check_software.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_host_check_software.py new file mode 100644 index 00000000..eb099c52 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_host_check_software.py @@ -0,0 +1,386 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ssl_web_host_check_software +short_description: SSL-VPN host check software in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ssl_web feature and host_check_software category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_ssl_web_host_check_software: + description: + - SSL-VPN host check software. + default: null + type: dict + suboptions: + check_item_list: + description: + - Check item list. + type: list + suboptions: + action: + description: + - Action. + type: str + choices: + - require + - deny + id: + description: + - ID (0 - 4294967295). + required: true + type: int + md5s: + description: + - MD5 checksum. + type: list + suboptions: + id: + description: + - Hex string of MD5 checksum. + required: true + type: str + target: + description: + - Target. + type: str + type: + description: + - Type. + type: str + choices: + - file + - registry + - process + version: + description: + - Version. + type: str + guid: + description: + - Globally unique ID. + type: str + name: + description: + - Name. + required: true + type: str + os_type: + description: + - OS type. + type: str + choices: + - windows + - macos + type: + description: + - Type. + type: str + choices: + - av + - fw + version: + description: + - Version. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: SSL-VPN host check software. + fortios_vpn_ssl_web_host_check_software: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_host_check_software: + check_item_list: + - + action: "require" + id: "5" + md5s: + - + id: "7" + target: "" + type: "file" + version: "" + guid: "" + name: "default_name_12" + os_type: "windows" + type: "av" + version: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ssl_web_host_check_software_data(json): + option_list = ['check_item_list', 'guid', 'name', + 'os_type', 'type', 'version'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ssl_web_host_check_software(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_ssl_web_host_check_software_data = data['vpn_ssl_web_host_check_software'] + filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_host_check_software_data(vpn_ssl_web_host_check_software_data)) + + if state == "present": + return fos.set('vpn.ssl.web', + 'host-check-software', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ssl.web', + 'host-check-software', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ssl_web(data, fos): + + if data['vpn_ssl_web_host_check_software']: + resp = vpn_ssl_web_host_check_software(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ssl_web_host_check_software')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ssl_web_host_check_software": { + "required": False, "type": "dict", "default": None, + "options": { + "check_item_list": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["require", + "deny"]}, + "id": {"required": True, "type": "int"}, + "md5s": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "str"} + }}, + "target": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["file", + "registry", + "process"]}, + "version": {"required": False, "type": "str"} + }}, + "guid": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "os_type": {"required": False, "type": "str", + "choices": ["windows", + "macos"]}, + "type": {"required": False, "type": "str", + "choices": ["av", + "fw"]}, + "version": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_portal.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_portal.py new file mode 100644 index 00000000..a67eeba3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_portal.py @@ -0,0 +1,1239 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ssl_web_portal +short_description: Portal in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ssl_web feature and portal category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + vpn_ssl_web_portal: + description: + - Portal. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + allow_user_access: + description: + - Allow user access to SSL-VPN applications. + type: str + choices: + - web + - ftp + - smb + - telnet + - ssh + - vnc + - rdp + - ping + - citrix + - portforward + auto_connect: + description: + - Enable/disable automatic connect by client when system is up. + type: str + choices: + - enable + - disable + bookmark_group: + description: + - Portal bookmark group. + type: list + suboptions: + bookmarks: + description: + - Bookmark table. + type: list + suboptions: + additional_params: + description: + - Additional parameters. + type: str + apptype: + description: + - Application type. + type: str + choices: + - citrix + - ftp + - portforward + - rdp + - smb + - ssh + - telnet + - vnc + - web + description: + description: + - Description. + type: str + folder: + description: + - Network shared file folder parameter. + type: str + form_data: + description: + - Form data. + type: list + suboptions: + name: + description: + - Name. + required: true + type: str + value: + description: + - Value. + type: str + host: + description: + - Host name/IP parameter. + type: str + listening_port: + description: + - Listening port (0 - 65535). + type: int + logon_password: + description: + - Logon password. + type: str + logon_user: + description: + - Logon user. + type: str + name: + description: + - Bookmark name. + required: true + type: str + port: + description: + - Remote port. + type: int + remote_port: + description: + - Remote port (0 - 65535). + type: int + security: + description: + - Security mode for RDP connection. + type: str + choices: + - rdp + - nla + - tls + - any + server_layout: + description: + - Server side keyboard layout. + type: str + choices: + - en-us-qwerty + - de-de-qwertz + - fr-fr-azerty + - it-it-qwerty + - sv-se-qwerty + - failsafe + show_status_window: + description: + - Enable/disable showing of status window. + type: str + choices: + - enable + - disable + sso: + description: + - Single Sign-On. + type: str + choices: + - disable + - static + - auto + sso_credential: + description: + - Single sign-on credentials. + type: str + choices: + - sslvpn-login + - alternative + sso_credential_sent_once: + description: + - Single sign-on credentials are only sent once to remote server. + type: str + choices: + - enable + - disable + sso_password: + description: + - SSO password. + type: str + sso_username: + description: + - SSO user name. + type: str + url: + description: + - URL parameter. + type: str + name: + description: + - Bookmark group name. + required: true + type: str + custom_lang: + description: + - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and + execute system custom-language to add custom language files. Source system.custom-language.name. + type: str + customize_forticlient_download_url: + description: + - Enable support of customized download URL for FortiClient. + type: str + choices: + - enable + - disable + display_bookmark: + description: + - Enable to display the web portal bookmark widget. + type: str + choices: + - enable + - disable + display_connection_tools: + description: + - Enable to display the web portal connection tools widget. + type: str + choices: + - enable + - disable + display_history: + description: + - Enable to display the web portal user login history widget. + type: str + choices: + - enable + - disable + display_status: + description: + - Enable to display the web portal status widget. + type: str + choices: + - enable + - disable + dns_server1: + description: + - IPv4 DNS server 1. + type: str + dns_server2: + description: + - IPv4 DNS server 2. + type: str + dns_suffix: + description: + - DNS suffix. + type: str + exclusive_routing: + description: + - Enable/disable all traffic go through tunnel only. + type: str + choices: + - enable + - disable + forticlient_download: + description: + - Enable/disable download option for FortiClient. + type: str + choices: + - enable + - disable + forticlient_download_method: + description: + - FortiClient download method. + type: str + choices: + - direct + - ssl-vpn + heading: + description: + - Web portal heading message. + type: str + host_check: + description: + - Type of host checking performed on endpoints. + type: str + choices: + - none + - av + - fw + - av-fw + - custom + host_check_interval: + description: + - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. + type: int + host_check_policy: + description: + - One or more policies to require the endpoint to have specific security software. + type: list + suboptions: + name: + description: + - Host check software list name. Source vpn.ssl.web.host-check-software.name. + required: true + type: str + ip_mode: + description: + - Method by which users of this SSL-VPN tunnel obtain IP addresses. + type: str + choices: + - range + - user-group + ip_pools: + description: + - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + ipv6_dns_server1: + description: + - IPv6 DNS server 1. + type: str + ipv6_dns_server2: + description: + - IPv6 DNS server 2. + type: str + ipv6_exclusive_routing: + description: + - Enable/disable all IPv6 traffic go through tunnel only. + type: str + choices: + - enable + - disable + ipv6_pools: + description: + - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + ipv6_service_restriction: + description: + - Enable/disable IPv6 tunnel service restriction. + type: str + choices: + - enable + - disable + ipv6_split_tunneling: + description: + - Enable/disable IPv6 split tunneling. + type: str + choices: + - enable + - disable + ipv6_split_tunneling_routing_address: + description: + - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + ipv6_tunnel_mode: + description: + - Enable/disable IPv6 SSL-VPN tunnel mode. + type: str + choices: + - enable + - disable + ipv6_wins_server1: + description: + - IPv6 WINS server 1. + type: str + ipv6_wins_server2: + description: + - IPv6 WINS server 2. + type: str + keep_alive: + description: + - Enable/disable automatic reconnect for FortiClient connections. + type: str + choices: + - enable + - disable + limit_user_logins: + description: + - Enable to limit each user to one SSL-VPN session at a time. + type: str + choices: + - enable + - disable + mac_addr_action: + description: + - Client MAC address action. + type: str + choices: + - allow + - deny + mac_addr_check: + description: + - Enable/disable MAC address host checking. + type: str + choices: + - enable + - disable + mac_addr_check_rule: + description: + - Client MAC address check rule. + type: list + suboptions: + mac_addr_list: + description: + - Client MAC address list. + type: list + suboptions: + addr: + description: + - Client MAC address. + required: true + type: str + mac_addr_mask: + description: + - Client MAC address mask. + type: int + name: + description: + - Client MAC address check rule name. + required: true + type: str + macos_forticlient_download_url: + description: + - Download URL for Mac FortiClient. + type: str + name: + description: + - Portal name. + required: true + type: str + os_check: + description: + - Enable to let the FortiGate decide action based on client OS. + type: str + choices: + - enable + - disable + os_check_list: + description: + - SSL VPN OS checks. + type: list + suboptions: + action: + description: + - OS check options. + type: str + choices: + - deny + - allow + - check-up-to-date + latest_patch_level: + description: + - Latest OS patch level. + type: str + name: + description: + - Name. + required: true + type: str + tolerance: + description: + - OS patch level tolerance. + type: int + redir_url: + description: + - Client login redirect URL. + type: str + save_password: + description: + - Enable/disable FortiClient saving the user"s password. + type: str + choices: + - enable + - disable + service_restriction: + description: + - Enable/disable tunnel service restriction. + type: str + choices: + - enable + - disable + skip_check_for_unsupported_browser: + description: + - Enable to skip host check if browser does not support it. + type: str + choices: + - enable + - disable + skip_check_for_unsupported_os: + description: + - Enable to skip host check if client OS does not support it. + type: str + choices: + - enable + - disable + smb_ntlmv1_auth: + description: + - Enable support of NTLMv1 for Samba authentication. + type: str + choices: + - enable + - disable + split_dns: + description: + - Split DNS for SSL VPN. + type: list + suboptions: + dns_server1: + description: + - DNS server 1. + type: str + dns_server2: + description: + - DNS server 2. + type: str + domains: + description: + - Split DNS domains used for SSL-VPN clients separated by comma(,). + type: str + id: + description: + - ID. + required: true + type: int + ipv6_dns_server1: + description: + - IPv6 DNS server 1. + type: str + ipv6_dns_server2: + description: + - IPv6 DNS server 2. + type: str + split_tunneling: + description: + - Enable/disable IPv4 split tunneling. + type: str + choices: + - enable + - disable + split_tunneling_routing_address: + description: + - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + theme: + description: + - Web portal color scheme. + type: str + choices: + - blue + - green + - red + - melongene + - mariner + tunnel_mode: + description: + - Enable/disable IPv4 SSL-VPN tunnel mode. + type: str + choices: + - enable + - disable + user_bookmark: + description: + - Enable to allow web portal users to create their own bookmarks. + type: str + choices: + - enable + - disable + user_group_bookmark: + description: + - Enable to allow web portal users to create bookmarks for all users in the same user group. + type: str + choices: + - enable + - disable + web_mode: + description: + - Enable/disable SSL VPN web mode. + type: str + choices: + - enable + - disable + windows_forticlient_download_url: + description: + - Download URL for Windows FortiClient. + type: str + wins_server1: + description: + - IPv4 WINS server 1. + type: str + wins_server2: + description: + - IPv4 WINS server 1. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Portal. + fortios_vpn_ssl_web_portal: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_portal: + allow_user_access: "web" + auto_connect: "enable" + bookmark_group: + - + bookmarks: + - + additional_params: "" + apptype: "citrix" + description: "" + folder: "" + form_data: + - + name: "default_name_12" + value: "" + host: "" + listening_port: "15" + logon_password: "" + logon_user: "" + name: "default_name_18" + port: "19" + remote_port: "20" + security: "rdp" + server_layout: "en-us-qwerty" + show_status_window: "enable" + sso: "disable" + sso_credential: "sslvpn-login" + sso_credential_sent_once: "enable" + sso_password: "" + sso_username: "" + url: "myurl.com" + name: "default_name_30" + custom_lang: " (source system.custom-language.name)" + customize_forticlient_download_url: "enable" + display_bookmark: "enable" + display_connection_tools: "enable" + display_history: "enable" + display_status: "enable" + dns_server1: "" + dns_server2: "" + dns_suffix: "" + exclusive_routing: "enable" + forticlient_download: "enable" + forticlient_download_method: "direct" + heading: "" + host_check: "none" + host_check_interval: "45" + host_check_policy: + - + name: "default_name_47 (source vpn.ssl.web.host-check-software.name)" + ip_mode: "range" + ip_pools: + - + name: "default_name_50 (source firewall.address.name firewall.addrgrp.name)" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + ipv6_exclusive_routing: "enable" + ipv6_pools: + - + name: "default_name_55 (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_service_restriction: "enable" + ipv6_split_tunneling: "enable" + ipv6_split_tunneling_routing_address: + - + name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)" + ipv6_tunnel_mode: "enable" + ipv6_wins_server1: "" + ipv6_wins_server2: "" + keep_alive: "enable" + limit_user_logins: "enable" + mac_addr_action: "allow" + mac_addr_check: "enable" + mac_addr_check_rule: + - + mac_addr_list: + - + addr: "" + mac_addr_mask: "70" + name: "default_name_71" + macos_forticlient_download_url: "" + name: "default_name_73" + os_check: "enable" + os_check_list: + - + action: "deny" + latest_patch_level: "" + name: "default_name_78" + tolerance: "79" + redir_url: "" + save_password: "enable" + service_restriction: "enable" + skip_check_for_unsupported_browser: "enable" + skip_check_for_unsupported_os: "enable" + smb_ntlmv1_auth: "enable" + split_dns: + - + dns_server1: "" + dns_server2: "" + domains: "" + id: "90" + ipv6_dns_server1: "" + ipv6_dns_server2: "" + split_tunneling: "enable" + split_tunneling_routing_address: + - + name: "default_name_95 (source firewall.address.name firewall.addrgrp.name)" + theme: "blue" + tunnel_mode: "enable" + user_bookmark: "enable" + user_group_bookmark: "enable" + web_mode: "enable" + windows_forticlient_download_url: "" + wins_server1: "" + wins_server2: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ssl_web_portal_data(json): + option_list = ['allow_user_access', 'auto_connect', 'bookmark_group', + 'custom_lang', 'customize_forticlient_download_url', 'display_bookmark', + 'display_connection_tools', 'display_history', 'display_status', + 'dns_server1', 'dns_server2', 'dns_suffix', + 'exclusive_routing', 'forticlient_download', 'forticlient_download_method', + 'heading', 'host_check', 'host_check_interval', + 'host_check_policy', 'ip_mode', 'ip_pools', + 'ipv6_dns_server1', 'ipv6_dns_server2', 'ipv6_exclusive_routing', + 'ipv6_pools', 'ipv6_service_restriction', 'ipv6_split_tunneling', + 'ipv6_split_tunneling_routing_address', 'ipv6_tunnel_mode', 'ipv6_wins_server1', + 'ipv6_wins_server2', 'keep_alive', 'limit_user_logins', + 'mac_addr_action', 'mac_addr_check', 'mac_addr_check_rule', + 'macos_forticlient_download_url', 'name', 'os_check', + 'os_check_list', 'redir_url', 'save_password', + 'service_restriction', 'skip_check_for_unsupported_browser', 'skip_check_for_unsupported_os', + 'smb_ntlmv1_auth', 'split_dns', 'split_tunneling', + 'split_tunneling_routing_address', 'theme', 'tunnel_mode', + 'user_bookmark', 'user_group_bookmark', 'web_mode', + 'windows_forticlient_download_url', 'wins_server1', 'wins_server2'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ssl_web_portal(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['vpn_ssl_web_portal'] and data['vpn_ssl_web_portal']['state']: + state = data['vpn_ssl_web_portal']['state'] + else: + state = True + vpn_ssl_web_portal_data = data['vpn_ssl_web_portal'] + filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_portal_data(vpn_ssl_web_portal_data)) + + if state == "present": + return fos.set('vpn.ssl.web', + 'portal', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ssl.web', + 'portal', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ssl_web(data, fos): + + if data['vpn_ssl_web_portal']: + resp = vpn_ssl_web_portal(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ssl_web_portal')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ssl_web_portal": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "allow_user_access": {"required": False, "type": "str", + "choices": ["web", + "ftp", + "smb", + "telnet", + "ssh", + "vnc", + "rdp", + "ping", + "citrix", + "portforward"]}, + "auto_connect": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bookmark_group": {"required": False, "type": "list", + "options": { + "bookmarks": {"required": False, "type": "list", + "options": { + "additional_params": {"required": False, "type": "str"}, + "apptype": {"required": False, "type": "str", + "choices": ["citrix", + "ftp", + "portforward", + "rdp", + "smb", + "ssh", + "telnet", + "vnc", + "web"]}, + "description": {"required": False, "type": "str"}, + "folder": {"required": False, "type": "str"}, + "form_data": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "value": {"required": False, "type": "str"} + }}, + "host": {"required": False, "type": "str"}, + "listening_port": {"required": False, "type": "int"}, + "logon_password": {"required": False, "type": "str"}, + "logon_user": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "remote_port": {"required": False, "type": "int"}, + "security": {"required": False, "type": "str", + "choices": ["rdp", + "nla", + "tls", + "any"]}, + "server_layout": {"required": False, "type": "str", + "choices": ["en-us-qwerty", + "de-de-qwertz", + "fr-fr-azerty", + "it-it-qwerty", + "sv-se-qwerty", + "failsafe"]}, + "show_status_window": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sso": {"required": False, "type": "str", + "choices": ["disable", + "static", + "auto"]}, + "sso_credential": {"required": False, "type": "str", + "choices": ["sslvpn-login", + "alternative"]}, + "sso_credential_sent_once": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sso_password": {"required": False, "type": "str"}, + "sso_username": {"required": False, "type": "str"}, + "url": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + }}, + "custom_lang": {"required": False, "type": "str"}, + "customize_forticlient_download_url": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "display_bookmark": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "display_connection_tools": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "display_history": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "display_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dns_server1": {"required": False, "type": "str"}, + "dns_server2": {"required": False, "type": "str"}, + "dns_suffix": {"required": False, "type": "str"}, + "exclusive_routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_download": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forticlient_download_method": {"required": False, "type": "str", + "choices": ["direct", + "ssl-vpn"]}, + "heading": {"required": False, "type": "str"}, + "host_check": {"required": False, "type": "str", + "choices": ["none", + "av", + "fw", + "av-fw", + "custom"]}, + "host_check_interval": {"required": False, "type": "int"}, + "host_check_policy": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ip_mode": {"required": False, "type": "str", + "choices": ["range", + "user-group"]}, + "ip_pools": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ipv6_dns_server1": {"required": False, "type": "str"}, + "ipv6_dns_server2": {"required": False, "type": "str"}, + "ipv6_exclusive_routing": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipv6_pools": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ipv6_service_restriction": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipv6_split_tunneling": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipv6_split_tunneling_routing_address": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "ipv6_tunnel_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipv6_wins_server1": {"required": False, "type": "str"}, + "ipv6_wins_server2": {"required": False, "type": "str"}, + "keep_alive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "limit_user_logins": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mac_addr_action": {"required": False, "type": "str", + "choices": ["allow", + "deny"]}, + "mac_addr_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mac_addr_check_rule": {"required": False, "type": "list", + "options": { + "mac_addr_list": {"required": False, "type": "list", + "options": { + "addr": {"required": True, "type": "str"} + }}, + "mac_addr_mask": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"} + }}, + "macos_forticlient_download_url": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "os_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "os_check_list": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["deny", + "allow", + "check-up-to-date"]}, + "latest_patch_level": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "tolerance": {"required": False, "type": "int"} + }}, + "redir_url": {"required": False, "type": "str"}, + "save_password": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "service_restriction": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "skip_check_for_unsupported_browser": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "skip_check_for_unsupported_os": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "smb_ntlmv1_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "split_dns": {"required": False, "type": "list", + "options": { + "dns_server1": {"required": False, "type": "str"}, + "dns_server2": {"required": False, "type": "str"}, + "domains": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ipv6_dns_server1": {"required": False, "type": "str"}, + "ipv6_dns_server2": {"required": False, "type": "str"} + }}, + "split_tunneling": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "split_tunneling_routing_address": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "theme": {"required": False, "type": "str", + "choices": ["blue", + "green", + "red", + "melongene", + "mariner"]}, + "tunnel_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "user_bookmark": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "user_group_bookmark": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "windows_forticlient_download_url": {"required": False, "type": "str"}, + "wins_server1": {"required": False, "type": "str"}, + "wins_server2": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_realm.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_realm.py new file mode 100644 index 00000000..9a132f2c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_realm.py @@ -0,0 +1,299 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ssl_web_realm +short_description: Realm in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ssl_web feature and realm category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_ssl_web_realm: + description: + - Realm. + default: null + type: dict + suboptions: + login_page: + description: + - Replacement HTML for SSL-VPN login page. + type: str + max_concurrent_user: + description: + - Maximum concurrent users (0 - 65535, 0 means unlimited). + type: int + url_path: + description: + - URL path to access SSL-VPN login page. + type: str + virtual_host: + description: + - Virtual host name for realm. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Realm. + fortios_vpn_ssl_web_realm: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_realm: + login_page: "" + max_concurrent_user: "4" + url_path: "" + virtual_host: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ssl_web_realm_data(json): + option_list = ['login_page', 'max_concurrent_user', 'url_path', + 'virtual_host'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ssl_web_realm(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_ssl_web_realm_data = data['vpn_ssl_web_realm'] + filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_realm_data(vpn_ssl_web_realm_data)) + + if state == "present": + return fos.set('vpn.ssl.web', + 'realm', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ssl.web', + 'realm', + mkey=filtered_data['url-path'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ssl_web(data, fos): + + if data['vpn_ssl_web_realm']: + resp = vpn_ssl_web_realm(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ssl_web_realm')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'url-path' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ssl_web_realm": { + "required": False, "type": "dict", "default": None, + "options": { + "login_page": {"required": False, "type": "str"}, + "max_concurrent_user": {"required": False, "type": "int"}, + "url_path": {"required": False, "type": "str"}, + "virtual_host": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_bookmark.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_bookmark.py new file mode 100644 index 00000000..0c6d0b5e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_bookmark.py @@ -0,0 +1,504 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ssl_web_user_bookmark +short_description: Configure SSL VPN user bookmark in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ssl_web feature and user_bookmark category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_ssl_web_user_bookmark: + description: + - Configure SSL VPN user bookmark. + default: null + type: dict + suboptions: + bookmarks: + description: + - Bookmark table. + type: list + suboptions: + additional_params: + description: + - Additional parameters. + type: str + apptype: + description: + - Application type. + type: str + choices: + - citrix + - ftp + - portforward + - rdp + - smb + - ssh + - telnet + - vnc + - web + description: + description: + - Description. + type: str + folder: + description: + - Network shared file folder parameter. + type: str + form_data: + description: + - Form data. + type: list + suboptions: + name: + description: + - Name. + required: true + type: str + value: + description: + - Value. + type: str + host: + description: + - Host name/IP parameter. + type: str + listening_port: + description: + - Listening port (0 - 65535). + type: int + logon_password: + description: + - Logon password. + type: str + logon_user: + description: + - Logon user. + type: str + name: + description: + - Bookmark name. + required: true + type: str + port: + description: + - Remote port. + type: int + remote_port: + description: + - Remote port (0 - 65535). + type: int + security: + description: + - Security mode for RDP connection. + type: str + choices: + - rdp + - nla + - tls + - any + server_layout: + description: + - Server side keyboard layout. + type: str + choices: + - en-us-qwerty + - de-de-qwertz + - fr-fr-azerty + - it-it-qwerty + - sv-se-qwerty + - failsafe + show_status_window: + description: + - Enable/disable showing of status window. + type: str + choices: + - enable + - disable + sso: + description: + - Single Sign-On. + type: str + choices: + - disable + - static + - auto + sso_credential: + description: + - Single sign-on credentials. + type: str + choices: + - sslvpn-login + - alternative + sso_credential_sent_once: + description: + - Single sign-on credentials are only sent once to remote server. + type: str + choices: + - enable + - disable + sso_password: + description: + - SSO password. + type: str + sso_username: + description: + - SSO user name. + type: str + url: + description: + - URL parameter. + type: str + custom_lang: + description: + - Personal language. Source system.custom-language.name. + type: str + name: + description: + - User and group name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL VPN user bookmark. + fortios_vpn_ssl_web_user_bookmark: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_user_bookmark: + bookmarks: + - + additional_params: "" + apptype: "citrix" + description: "" + folder: "" + form_data: + - + name: "default_name_9" + value: "" + host: "" + listening_port: "12" + logon_password: "" + logon_user: "" + name: "default_name_15" + port: "16" + remote_port: "17" + security: "rdp" + server_layout: "en-us-qwerty" + show_status_window: "enable" + sso: "disable" + sso_credential: "sslvpn-login" + sso_credential_sent_once: "enable" + sso_password: "" + sso_username: "" + url: "myurl.com" + custom_lang: " (source system.custom-language.name)" + name: "default_name_28" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ssl_web_user_bookmark_data(json): + option_list = ['bookmarks', 'custom_lang', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ssl_web_user_bookmark(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_ssl_web_user_bookmark_data = data['vpn_ssl_web_user_bookmark'] + filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_user_bookmark_data(vpn_ssl_web_user_bookmark_data)) + + if state == "present": + return fos.set('vpn.ssl.web', + 'user-bookmark', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ssl.web', + 'user-bookmark', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ssl_web(data, fos): + + if data['vpn_ssl_web_user_bookmark']: + resp = vpn_ssl_web_user_bookmark(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ssl_web_user_bookmark')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ssl_web_user_bookmark": { + "required": False, "type": "dict", "default": None, + "options": { + "bookmarks": {"required": False, "type": "list", + "options": { + "additional_params": {"required": False, "type": "str"}, + "apptype": {"required": False, "type": "str", + "choices": ["citrix", + "ftp", + "portforward", + "rdp", + "smb", + "ssh", + "telnet", + "vnc", + "web"]}, + "description": {"required": False, "type": "str"}, + "folder": {"required": False, "type": "str"}, + "form_data": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "value": {"required": False, "type": "str"} + }}, + "host": {"required": False, "type": "str"}, + "listening_port": {"required": False, "type": "int"}, + "logon_password": {"required": False, "type": "str"}, + "logon_user": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "remote_port": {"required": False, "type": "int"}, + "security": {"required": False, "type": "str", + "choices": ["rdp", + "nla", + "tls", + "any"]}, + "server_layout": {"required": False, "type": "str", + "choices": ["en-us-qwerty", + "de-de-qwertz", + "fr-fr-azerty", + "it-it-qwerty", + "sv-se-qwerty", + "failsafe"]}, + "show_status_window": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sso": {"required": False, "type": "str", + "choices": ["disable", + "static", + "auto"]}, + "sso_credential": {"required": False, "type": "str", + "choices": ["sslvpn-login", + "alternative"]}, + "sso_credential_sent_once": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sso_password": {"required": False, "type": "str"}, + "sso_username": {"required": False, "type": "str"}, + "url": {"required": False, "type": "str"} + }}, + "custom_lang": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_group_bookmark.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_group_bookmark.py new file mode 100644 index 00000000..0ee97dc6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ssl_web_user_group_bookmark.py @@ -0,0 +1,498 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_vpn_ssl_web_user_group_bookmark +short_description: Configure SSL VPN user group bookmark in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify vpn_ssl_web feature and user_group_bookmark category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + vpn_ssl_web_user_group_bookmark: + description: + - Configure SSL VPN user group bookmark. + default: null + type: dict + suboptions: + bookmarks: + description: + - Bookmark table. + type: list + suboptions: + additional_params: + description: + - Additional parameters. + type: str + apptype: + description: + - Application type. + type: str + choices: + - citrix + - ftp + - portforward + - rdp + - smb + - ssh + - telnet + - vnc + - web + description: + description: + - Description. + type: str + folder: + description: + - Network shared file folder parameter. + type: str + form_data: + description: + - Form data. + type: list + suboptions: + name: + description: + - Name. + required: true + type: str + value: + description: + - Value. + type: str + host: + description: + - Host name/IP parameter. + type: str + listening_port: + description: + - Listening port (0 - 65535). + type: int + logon_password: + description: + - Logon password. + type: str + logon_user: + description: + - Logon user. + type: str + name: + description: + - Bookmark name. + required: true + type: str + port: + description: + - Remote port. + type: int + remote_port: + description: + - Remote port (0 - 65535). + type: int + security: + description: + - Security mode for RDP connection. + type: str + choices: + - rdp + - nla + - tls + - any + server_layout: + description: + - Server side keyboard layout. + type: str + choices: + - en-us-qwerty + - de-de-qwertz + - fr-fr-azerty + - it-it-qwerty + - sv-se-qwerty + - failsafe + show_status_window: + description: + - Enable/disable showing of status window. + type: str + choices: + - enable + - disable + sso: + description: + - Single Sign-On. + type: str + choices: + - disable + - static + - auto + sso_credential: + description: + - Single sign-on credentials. + type: str + choices: + - sslvpn-login + - alternative + sso_credential_sent_once: + description: + - Single sign-on credentials are only sent once to remote server. + type: str + choices: + - enable + - disable + sso_password: + description: + - SSO password. + type: str + sso_username: + description: + - SSO user name. + type: str + url: + description: + - URL parameter. + type: str + name: + description: + - Group name. Source user.group.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure SSL VPN user group bookmark. + fortios_vpn_ssl_web_user_group_bookmark: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + vpn_ssl_web_user_group_bookmark: + bookmarks: + - + additional_params: "" + apptype: "citrix" + description: "" + folder: "" + form_data: + - + name: "default_name_9" + value: "" + host: "" + listening_port: "12" + logon_password: "" + logon_user: "" + name: "default_name_15" + port: "16" + remote_port: "17" + security: "rdp" + server_layout: "en-us-qwerty" + show_status_window: "enable" + sso: "disable" + sso_credential: "sslvpn-login" + sso_credential_sent_once: "enable" + sso_password: "" + sso_username: "" + url: "myurl.com" + name: "default_name_27 (source user.group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_vpn_ssl_web_user_group_bookmark_data(json): + option_list = ['bookmarks', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def vpn_ssl_web_user_group_bookmark(data, fos): + vdom = data['vdom'] + state = data['state'] + vpn_ssl_web_user_group_bookmark_data = data['vpn_ssl_web_user_group_bookmark'] + filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_user_group_bookmark_data(vpn_ssl_web_user_group_bookmark_data)) + + if state == "present": + return fos.set('vpn.ssl.web', + 'user-group-bookmark', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('vpn.ssl.web', + 'user-group-bookmark', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_vpn_ssl_web(data, fos): + + if data['vpn_ssl_web_user_group_bookmark']: + resp = vpn_ssl_web_user_group_bookmark(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('vpn_ssl_web_user_group_bookmark')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "vpn_ssl_web_user_group_bookmark": { + "required": False, "type": "dict", "default": None, + "options": { + "bookmarks": {"required": False, "type": "list", + "options": { + "additional_params": {"required": False, "type": "str"}, + "apptype": {"required": False, "type": "str", + "choices": ["citrix", + "ftp", + "portforward", + "rdp", + "smb", + "ssh", + "telnet", + "vnc", + "web"]}, + "description": {"required": False, "type": "str"}, + "folder": {"required": False, "type": "str"}, + "form_data": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "value": {"required": False, "type": "str"} + }}, + "host": {"required": False, "type": "str"}, + "listening_port": {"required": False, "type": "int"}, + "logon_password": {"required": False, "type": "str"}, + "logon_user": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "remote_port": {"required": False, "type": "int"}, + "security": {"required": False, "type": "str", + "choices": ["rdp", + "nla", + "tls", + "any"]}, + "server_layout": {"required": False, "type": "str", + "choices": ["en-us-qwerty", + "de-de-qwertz", + "fr-fr-azerty", + "it-it-qwerty", + "sv-se-qwerty", + "failsafe"]}, + "show_status_window": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sso": {"required": False, "type": "str", + "choices": ["disable", + "static", + "auto"]}, + "sso_credential": {"required": False, "type": "str", + "choices": ["sslvpn-login", + "alternative"]}, + "sso_credential_sent_once": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sso_password": {"required": False, "type": "str"}, + "sso_username": {"required": False, "type": "str"}, + "url": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_main_class.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_main_class.py new file mode 100644 index 00000000..45423275 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_main_class.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_waf_main_class +short_description: Hidden table for datasource in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify waf feature and main_class category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + waf_main_class: + description: + - Hidden table for datasource. + default: null + type: dict + suboptions: + id: + description: + - Main signature class ID. + required: true + type: int + name: + description: + - Main signature class name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Hidden table for datasource. + fortios_waf_main_class: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_main_class: + id: "3" + name: "default_name_4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_waf_main_class_data(json): + option_list = ['id', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def waf_main_class(data, fos): + vdom = data['vdom'] + state = data['state'] + waf_main_class_data = data['waf_main_class'] + filtered_data = underscore_to_hyphen(filter_waf_main_class_data(waf_main_class_data)) + + if state == "present": + return fos.set('waf', + 'main-class', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('waf', + 'main-class', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_waf(data, fos): + + if data['waf_main_class']: + resp = waf_main_class(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('waf_main_class')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "waf_main_class": { + "required": False, "type": "dict", "default": None, + "options": { + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_waf(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_profile.py new file mode 100644 index 00000000..338d8a96 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_profile.py @@ -0,0 +1,1856 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_waf_profile +short_description: Web application firewall configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify waf feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + waf_profile: + description: + - Web application firewall configuration. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + address_list: + description: + - Black address list and white address list. + type: dict + suboptions: + blocked_address: + description: + - Blocked address. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + blocked_log: + description: + - Enable/disable logging on blocked addresses. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Status. + type: str + choices: + - enable + - disable + trusted_address: + description: + - Trusted address. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + comment: + description: + - Comment. + type: str + constraint: + description: + - WAF HTTP protocol restrictions. + type: dict + suboptions: + content_length: + description: + - HTTP content length in request. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + length: + description: + - Length of HTTP content in bytes (0 to 2147483647). + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + exception: + description: + - HTTP constraint exception. + type: list + suboptions: + address: + description: + - Host address. Source firewall.address.name firewall.addrgrp.name. + type: str + content_length: + description: + - HTTP content length in request. + type: str + choices: + - enable + - disable + header_length: + description: + - HTTP header length in request. + type: str + choices: + - enable + - disable + hostname: + description: + - Enable/disable hostname check. + type: str + choices: + - enable + - disable + id: + description: + - Exception ID. + required: true + type: int + line_length: + description: + - HTTP line length in request. + type: str + choices: + - enable + - disable + malformed: + description: + - Enable/disable malformed HTTP request check. + type: str + choices: + - enable + - disable + max_cookie: + description: + - Maximum number of cookies in HTTP request. + type: str + choices: + - enable + - disable + max_header_line: + description: + - Maximum number of HTTP header line. + type: str + choices: + - enable + - disable + max_range_segment: + description: + - Maximum number of range segments in HTTP range line. + type: str + choices: + - enable + - disable + max_url_param: + description: + - Maximum number of parameters in URL. + type: str + choices: + - enable + - disable + method: + description: + - Enable/disable HTTP method check. + type: str + choices: + - enable + - disable + param_length: + description: + - Maximum length of parameter in URL, HTTP POST request or HTTP body. + type: str + choices: + - enable + - disable + pattern: + description: + - URL pattern. + type: str + regex: + description: + - Enable/disable regular expression based pattern match. + type: str + choices: + - enable + - disable + url_param_length: + description: + - Maximum length of parameter in URL. + type: str + choices: + - enable + - disable + version: + description: + - Enable/disable HTTP version check. + type: str + choices: + - enable + - disable + header_length: + description: + - HTTP header length in request. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + length: + description: + - Length of HTTP header in bytes (0 to 2147483647). + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + hostname: + description: + - Enable/disable hostname check. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + line_length: + description: + - HTTP line length in request. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + length: + description: + - Length of HTTP line in bytes (0 to 2147483647). + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + malformed: + description: + - Enable/disable malformed HTTP request check. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + max_cookie: + description: + - Maximum number of cookies in HTTP request. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + max_cookie: + description: + - Maximum number of cookies in HTTP request (0 to 2147483647). + type: int + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + max_header_line: + description: + - Maximum number of HTTP header line. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + max_header_line: + description: + - Maximum number HTTP header lines (0 to 2147483647). + type: int + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + max_range_segment: + description: + - Maximum number of range segments in HTTP range line. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + max_range_segment: + description: + - Maximum number of range segments in HTTP range line (0 to 2147483647). + type: int + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + max_url_param: + description: + - Maximum number of parameters in URL. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + max_url_param: + description: + - Maximum number of parameters in URL (0 to 2147483647). + type: int + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + method: + description: + - Enable/disable HTTP method check. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + param_length: + description: + - Maximum length of parameter in URL, HTTP POST request or HTTP body. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + length: + description: + - Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + url_param_length: + description: + - Maximum length of parameter in URL. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + length: + description: + - Maximum length of URL parameter in bytes (0 to 2147483647). + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + version: + description: + - Enable/disable HTTP version check. + type: dict + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the constraint. + type: str + choices: + - enable + - disable + extended_log: + description: + - Enable/disable extended logging. + type: str + choices: + - enable + - disable + external: + description: + - Disable/Enable external HTTP Inspection. + type: str + choices: + - disable + - enable + method: + description: + - Method restriction. + type: dict + suboptions: + default_allowed_methods: + description: + - Methods. + type: str + choices: + - get + - post + - put + - head + - connect + - trace + - options + - delete + - others + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + method_policy: + description: + - HTTP method policy. + type: list + suboptions: + address: + description: + - Host address. Source firewall.address.name firewall.addrgrp.name. + type: str + allowed_methods: + description: + - Allowed Methods. + type: str + choices: + - get + - post + - put + - head + - connect + - trace + - options + - delete + - others + id: + description: + - HTTP method policy ID. + required: true + type: int + pattern: + description: + - URL pattern. + type: str + regex: + description: + - Enable/disable regular expression based pattern match. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Status. + type: str + choices: + - enable + - disable + name: + description: + - WAF Profile name. + required: true + type: str + signature: + description: + - WAF signatures. + type: dict + suboptions: + credit_card_detection_threshold: + description: + - The minimum number of Credit cards to detect violation. + type: int + custom_signature: + description: + - Custom signature. + type: list + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + - erase + case_sensitivity: + description: + - Case sensitivity in pattern. + type: str + choices: + - disable + - enable + direction: + description: + - Traffic direction. + type: str + choices: + - request + - response + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + name: + description: + - Signature name. + required: true + type: str + pattern: + description: + - Match pattern. + type: str + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Status. + type: str + choices: + - enable + - disable + target: + description: + - Match HTTP target. + type: str + choices: + - arg + - arg-name + - req-body + - req-cookie + - req-cookie-name + - req-filename + - req-header + - req-header-name + - req-raw-uri + - req-uri + - resp-body + - resp-hdr + - resp-status + disabled_signature: + description: + - Disabled signatures + type: list + suboptions: + id: + description: + - Signature ID. Source waf.signature.id. + required: true + type: int + disabled_sub_class: + description: + - Disabled signature subclasses. + type: list + suboptions: + id: + description: + - Signature subclass ID. Source waf.sub-class.id. + required: true + type: int + main_class: + description: + - Main signature class. + type: list + suboptions: + action: + description: + - Action. + type: str + choices: + - allow + - block + - erase + id: + description: + - Main signature class ID. Source waf.main-class.id. + required: true + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low + status: + description: + - Status. + type: str + choices: + - enable + - disable + url_access: + description: + - URL access list + type: list + suboptions: + access_pattern: + description: + - URL access pattern. + type: list + suboptions: + id: + description: + - URL access pattern ID. + required: true + type: int + negate: + description: + - Enable/disable match negation. + type: str + choices: + - enable + - disable + pattern: + description: + - URL pattern. + type: str + regex: + description: + - Enable/disable regular expression based pattern match. + type: str + choices: + - enable + - disable + srcaddr: + description: + - Source address. Source firewall.address.name firewall.addrgrp.name. + type: str + action: + description: + - Action. + type: str + choices: + - bypass + - permit + - block + address: + description: + - Host address. Source firewall.address.name firewall.addrgrp.name. + type: str + id: + description: + - URL access ID. + required: true + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + severity: + description: + - Severity. + type: str + choices: + - high + - medium + - low +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Web application firewall configuration. + fortios_waf_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_profile: + address_list: + blocked_address: + - + name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" + blocked_log: "enable" + severity: "high" + status: "enable" + trusted_address: + - + name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)" + comment: "Comment." + constraint: + content_length: + action: "allow" + length: "15" + log: "enable" + severity: "high" + status: "enable" + exception: + - + address: " (source firewall.address.name firewall.addrgrp.name)" + content_length: "enable" + header_length: "enable" + hostname: "enable" + id: "24" + line_length: "enable" + malformed: "enable" + max_cookie: "enable" + max_header_line: "enable" + max_range_segment: "enable" + max_url_param: "enable" + method: "enable" + param_length: "enable" + pattern: "" + regex: "enable" + url_param_length: "enable" + version: "enable" + header_length: + action: "allow" + length: "39" + log: "enable" + severity: "high" + status: "enable" + hostname: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + line_length: + action: "allow" + length: "50" + log: "enable" + severity: "high" + status: "enable" + malformed: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + max_cookie: + action: "allow" + log: "enable" + max_cookie: "62" + severity: "high" + status: "enable" + max_header_line: + action: "allow" + log: "enable" + max_header_line: "68" + severity: "high" + status: "enable" + max_range_segment: + action: "allow" + log: "enable" + max_range_segment: "74" + severity: "high" + status: "enable" + max_url_param: + action: "allow" + log: "enable" + max_url_param: "80" + severity: "high" + status: "enable" + method: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + param_length: + action: "allow" + length: "90" + log: "enable" + severity: "high" + status: "enable" + url_param_length: + action: "allow" + length: "96" + log: "enable" + severity: "high" + status: "enable" + version: + action: "allow" + log: "enable" + severity: "high" + status: "enable" + extended_log: "enable" + external: "disable" + method: + default_allowed_methods: "get" + log: "enable" + method_policy: + - + address: " (source firewall.address.name firewall.addrgrp.name)" + allowed_methods: "get" + id: "113" + pattern: "" + regex: "enable" + severity: "high" + status: "enable" + name: "default_name_118" + signature: + credit_card_detection_threshold: "120" + custom_signature: + - + action: "allow" + case_sensitivity: "disable" + direction: "request" + log: "enable" + name: "default_name_126" + pattern: "" + severity: "high" + status: "enable" + target: "arg" + disabled_signature: + - + id: "132 (source waf.signature.id)" + disabled_sub_class: + - + id: "134 (source waf.sub-class.id)" + main_class: + - + action: "allow" + id: "137 (source waf.main-class.id)" + log: "enable" + severity: "high" + status: "enable" + url_access: + - + access_pattern: + - + id: "143" + negate: "enable" + pattern: "" + regex: "enable" + srcaddr: " (source firewall.address.name firewall.addrgrp.name)" + action: "bypass" + address: " (source firewall.address.name firewall.addrgrp.name)" + id: "150" + log: "enable" + severity: "high" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_waf_profile_data(json): + option_list = ['address_list', 'comment', 'constraint', + 'extended_log', 'external', 'method', + 'name', 'signature', 'url_access'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def waf_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['waf_profile'] and data['waf_profile']['state']: + state = data['waf_profile']['state'] + else: + state = True + waf_profile_data = data['waf_profile'] + filtered_data = underscore_to_hyphen(filter_waf_profile_data(waf_profile_data)) + + if state == "present": + return fos.set('waf', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('waf', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_waf(data, fos): + + if data['waf_profile']: + resp = waf_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('waf_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "waf_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "address_list": {"required": False, "type": "dict", + "options": { + "blocked_address": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "blocked_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trusted_address": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "comment": {"required": False, "type": "str"}, + "constraint": {"required": False, "type": "dict", + "options": { + "content_length": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "length": {"required": False, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "exception": {"required": False, "type": "list", + "options": { + "address": {"required": False, "type": "str"}, + "content_length": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "header_length": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "hostname": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "id": {"required": True, "type": "int"}, + "line_length": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "malformed": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_cookie": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_header_line": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_range_segment": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_url_param": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "method": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "param_length": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pattern": {"required": False, "type": "str"}, + "regex": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "url_param_length": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "version": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "header_length": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "length": {"required": False, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "hostname": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "line_length": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "length": {"required": False, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "malformed": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "max_cookie": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_cookie": {"required": False, "type": "int"}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "max_header_line": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_header_line": {"required": False, "type": "int"}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "max_range_segment": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_range_segment": {"required": False, "type": "int"}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "max_url_param": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_url_param": {"required": False, "type": "int"}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "method": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "param_length": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "length": {"required": False, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "url_param_length": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "length": {"required": False, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "version": {"required": False, "type": "dict", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }} + }}, + "extended_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "external": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "method": {"required": False, "type": "dict", + "options": { + "default_allowed_methods": {"required": False, "type": "str", + "choices": ["get", + "post", + "put", + "head", + "connect", + "trace", + "options", + "delete", + "others"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "method_policy": {"required": False, "type": "list", + "options": { + "address": {"required": False, "type": "str"}, + "allowed_methods": {"required": False, "type": "str", + "choices": ["get", + "post", + "put", + "head", + "connect", + "trace", + "options", + "delete", + "others"]}, + "id": {"required": True, "type": "int"}, + "pattern": {"required": False, "type": "str"}, + "regex": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "name": {"required": True, "type": "str"}, + "signature": {"required": False, "type": "dict", + "options": { + "credit_card_detection_threshold": {"required": False, "type": "int"}, + "custom_signature": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block", + "erase"]}, + "case_sensitivity": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "direction": {"required": False, "type": "str", + "choices": ["request", + "response"]}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "pattern": {"required": False, "type": "str"}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "target": {"required": False, "type": "str", + "choices": ["arg", + "arg-name", + "req-body", + "req-cookie", + "req-cookie-name", + "req-filename", + "req-header", + "req-header-name", + "req-raw-uri", + "req-uri", + "resp-body", + "resp-hdr", + "resp-status"]} + }}, + "disabled_signature": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "disabled_sub_class": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "main_class": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["allow", + "block", + "erase"]}, + "id": {"required": True, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }} + }}, + "url_access": {"required": False, "type": "list", + "options": { + "access_pattern": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "negate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pattern": {"required": False, "type": "str"}, + "regex": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "srcaddr": {"required": False, "type": "str"} + }}, + "action": {"required": False, "type": "str", + "choices": ["bypass", + "permit", + "block"]}, + "address": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "severity": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_waf(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_signature.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_signature.py new file mode 100644 index 00000000..23de8253 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_signature.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_waf_signature +short_description: Hidden table for datasource in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify waf feature and signature category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + waf_signature: + description: + - Hidden table for datasource. + default: null + type: dict + suboptions: + desc: + description: + - Signature description. + type: str + id: + description: + - Signature ID. + required: true + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Hidden table for datasource. + fortios_waf_signature: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_signature: + desc: "" + id: "4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_waf_signature_data(json): + option_list = ['desc', 'id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def waf_signature(data, fos): + vdom = data['vdom'] + state = data['state'] + waf_signature_data = data['waf_signature'] + filtered_data = underscore_to_hyphen(filter_waf_signature_data(waf_signature_data)) + + if state == "present": + return fos.set('waf', + 'signature', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('waf', + 'signature', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_waf(data, fos): + + if data['waf_signature']: + resp = waf_signature(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('waf_signature')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "waf_signature": { + "required": False, "type": "dict", "default": None, + "options": { + "desc": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_waf(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_sub_class.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_sub_class.py new file mode 100644 index 00000000..a84e0ab5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_waf_sub_class.py @@ -0,0 +1,287 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_waf_sub_class +short_description: Hidden table for datasource in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify waf feature and sub_class category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + waf_sub_class: + description: + - Hidden table for datasource. + default: null + type: dict + suboptions: + id: + description: + - Signature subclass ID. + required: true + type: int + name: + description: + - Signature subclass name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Hidden table for datasource. + fortios_waf_sub_class: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + waf_sub_class: + id: "3" + name: "default_name_4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_waf_sub_class_data(json): + option_list = ['id', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def waf_sub_class(data, fos): + vdom = data['vdom'] + state = data['state'] + waf_sub_class_data = data['waf_sub_class'] + filtered_data = underscore_to_hyphen(filter_waf_sub_class_data(waf_sub_class_data)) + + if state == "present": + return fos.set('waf', + 'sub-class', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('waf', + 'sub-class', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_waf(data, fos): + + if data['waf_sub_class']: + resp = waf_sub_class(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('waf_sub_class')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "waf_sub_class": { + "required": False, "type": "dict", "default": None, + "options": { + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_waf(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_auth_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_auth_group.py new file mode 100644 index 00000000..e85cde93 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_auth_group.py @@ -0,0 +1,325 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_auth_group +short_description: Configure WAN optimization authentication groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and auth_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wanopt_auth_group: + description: + - Configure WAN optimization authentication groups. + default: null + type: dict + suboptions: + auth_method: + description: + - Select certificate or pre-shared key authentication for this authentication group. + type: str + choices: + - cert + - psk + cert: + description: + - Name of certificate to identify this peer. Source vpn.certificate.local.name. + type: str + name: + description: + - Auth-group name. + required: true + type: str + peer: + description: + - If peer-accept is set to one, select the name of one peer to add to this authentication group. The peer must have added with the wanopt + peer command. Source wanopt.peer.peer-host-id. + type: str + peer_accept: + description: + - Determine if this auth group accepts, any peer, a list of defined peers, or just one peer. + type: str + choices: + - any + - defined + - one + psk: + description: + - Pre-shared key used by the peers in this authentication group. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization authentication groups. + fortios_wanopt_auth_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_auth_group: + auth_method: "cert" + cert: " (source vpn.certificate.local.name)" + name: "default_name_5" + peer: " (source wanopt.peer.peer-host-id)" + peer_accept: "any" + psk: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_auth_group_data(json): + option_list = ['auth_method', 'cert', 'name', + 'peer', 'peer_accept', 'psk'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_auth_group(data, fos): + vdom = data['vdom'] + state = data['state'] + wanopt_auth_group_data = data['wanopt_auth_group'] + filtered_data = underscore_to_hyphen(filter_wanopt_auth_group_data(wanopt_auth_group_data)) + + if state == "present": + return fos.set('wanopt', + 'auth-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wanopt', + 'auth-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_auth_group']: + resp = wanopt_auth_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_auth_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wanopt_auth_group": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_method": {"required": False, "type": "str", + "choices": ["cert", + "psk"]}, + "cert": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "peer": {"required": False, "type": "str"}, + "peer_accept": {"required": False, "type": "str", + "choices": ["any", + "defined", + "one"]}, + "psk": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_cache_service.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_cache_service.py new file mode 100644 index 00000000..8aa3e1bd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_cache_service.py @@ -0,0 +1,374 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_cache_service +short_description: Designate cache-service for wan-optimization and webcache in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and cache_service category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wanopt_cache_service: + description: + - Designate cache-service for wan-optimization and webcache. + default: null + type: dict + suboptions: + acceptable_connections: + description: + - Set strategy when accepting cache collaboration connection. + type: str + choices: + - any + - peers + collaboration: + description: + - Enable/disable cache-collaboration between cache-service clusters. + type: str + choices: + - enable + - disable + device_id: + description: + - Set identifier for this cache device. + type: str + dst_peer: + description: + - Modify cache-service destination peer list. + type: list + suboptions: + auth_type: + description: + - Set authentication type for this peer. + type: int + device_id: + description: + - Device ID of this peer. + type: str + encode_type: + description: + - Set encode type for this peer. + type: int + ip: + description: + - Set cluster IP address of this peer. + type: str + priority: + description: + - Set priority for this peer. + type: int + prefer_scenario: + description: + - Set the preferred cache behavior towards the balance between latency and hit-ratio. + type: str + choices: + - balance + - prefer-speed + - prefer-cache + src_peer: + description: + - Modify cache-service source peer list. + type: list + suboptions: + auth_type: + description: + - Set authentication type for this peer. + type: int + device_id: + description: + - Device ID of this peer. + type: str + encode_type: + description: + - Set encode type for this peer. + type: int + ip: + description: + - Set cluster IP address of this peer. + type: str + priority: + description: + - Set priority for this peer. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Designate cache-service for wan-optimization and webcache. + fortios_wanopt_cache_service: + vdom: "{{ vdom }}" + wanopt_cache_service: + acceptable_connections: "any" + collaboration: "enable" + device_id: "" + dst_peer: + - + auth_type: "7" + device_id: "" + encode_type: "9" + ip: "" + priority: "11" + prefer_scenario: "balance" + src_peer: + - + auth_type: "14" + device_id: "" + encode_type: "16" + ip: "" + priority: "18" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_cache_service_data(json): + option_list = ['acceptable_connections', 'collaboration', 'device_id', + 'dst_peer', 'prefer_scenario', 'src_peer'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_cache_service(data, fos): + vdom = data['vdom'] + wanopt_cache_service_data = data['wanopt_cache_service'] + filtered_data = underscore_to_hyphen(filter_wanopt_cache_service_data(wanopt_cache_service_data)) + + return fos.set('wanopt', + 'cache-service', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_cache_service']: + resp = wanopt_cache_service(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_cache_service')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wanopt_cache_service": { + "required": False, "type": "dict", "default": None, + "options": { + "acceptable_connections": {"required": False, "type": "str", + "choices": ["any", + "peers"]}, + "collaboration": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "device_id": {"required": False, "type": "str"}, + "dst_peer": {"required": False, "type": "list", + "options": { + "auth_type": {"required": False, "type": "int"}, + "device_id": {"required": False, "type": "str"}, + "encode_type": {"required": False, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "priority": {"required": False, "type": "int"} + }}, + "prefer_scenario": {"required": False, "type": "str", + "choices": ["balance", + "prefer-speed", + "prefer-cache"]}, + "src_peer": {"required": False, "type": "list", + "options": { + "auth_type": {"required": False, "type": "int"}, + "device_id": {"required": False, "type": "str"}, + "encode_type": {"required": False, "type": "int"}, + "ip": {"required": False, "type": "str"}, + "priority": {"required": False, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_content_delivery_network_rule.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_content_delivery_network_rule.py new file mode 100644 index 00000000..3c4fc1e0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_content_delivery_network_rule.py @@ -0,0 +1,617 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_content_delivery_network_rule +short_description: Configure WAN optimization content delivery network rules in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and content_delivery_network_rule category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wanopt_content_delivery_network_rule: + description: + - Configure WAN optimization content delivery network rules. + default: null + type: dict + suboptions: + category: + description: + - Content delivery network rule category. + type: str + choices: + - vcache + - youtube + comment: + description: + - Comment about this CDN-rule. + type: str + host_domain_name_suffix: + description: + - Suffix portion of the fully qualified domain name (eg. fortinet.com in "www.fortinet.com"). + type: list + suboptions: + name: + description: + - Suffix portion of the fully qualified domain name. + required: true + type: str + name: + description: + - Name of table. + required: true + type: str + request_cache_control: + description: + - Enable/disable HTTP request cache control. + type: str + choices: + - enable + - disable + response_cache_control: + description: + - Enable/disable HTTP response cache control. + type: str + choices: + - enable + - disable + response_expires: + description: + - Enable/disable HTTP response cache expires. + type: str + choices: + - enable + - disable + rules: + description: + - WAN optimization content delivery network rule entries. + type: list + suboptions: + content_id: + description: + - Content ID settings. + type: dict + suboptions: + end_direction: + description: + - Search direction from end-str match. + type: str + choices: + - forward + - backward + end_skip: + description: + - Number of characters in URL to skip after end-str has been matched. + type: int + end_str: + description: + - String from which to end search. + type: str + range_str: + description: + - Name of content ID within the start string and end string. + type: str + start_direction: + description: + - Search direction from start-str match. + type: str + choices: + - forward + - backward + start_skip: + description: + - Number of characters in URL to skip after start-str has been matched. + type: int + start_str: + description: + - String from which to start search. + type: str + target: + description: + - Option in HTTP header or URL parameter to match. + type: str + choices: + - path + - parameter + - referrer + - youtube-map + - youtube-id + - youku-id + - hls-manifest + - dash-manifest + - hls-fragment + - dash-fragment + match_entries: + description: + - List of entries to match. + type: list + suboptions: + id: + description: + - Rule ID. + required: true + type: int + pattern: + description: + - Pattern string for matching target (Referrer or URL pattern, eg. "a", "a*c", "*a*", "a*c*e", and "*"). + type: list + suboptions: + string: + description: + - Pattern strings. + required: true + type: str + target: + description: + - Option in HTTP header or URL parameter to match. + type: str + choices: + - path + - parameter + - referrer + - youtube-map + - youtube-id + - youku-id + match_mode: + description: + - Match criteria for collecting content ID. + type: str + choices: + - all + - any + name: + description: + - WAN optimization content delivery network rule name. + required: true + type: str + skip_entries: + description: + - List of entries to skip. + type: list + suboptions: + id: + description: + - Rule ID. + required: true + type: int + pattern: + description: + - Pattern string for matching target (Referrer or URL pattern, eg. "a", "a*c", "*a*", "a*c*e", and "*"). + type: list + suboptions: + string: + description: + - Pattern strings. + required: true + type: str + target: + description: + - Option in HTTP header or URL parameter to match. + type: str + choices: + - path + - parameter + - referrer + - youtube-map + - youtube-id + - youku-id + skip_rule_mode: + description: + - Skip mode when evaluating skip-rules. + type: str + choices: + - all + - any + status: + description: + - Enable/disable WAN optimization content delivery network rules. + type: str + choices: + - enable + - disable + text_response_vcache: + description: + - Enable/disable caching of text responses. + type: str + choices: + - enable + - disable + updateserver: + description: + - Enable/disable update server. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization content delivery network rules. + fortios_wanopt_content_delivery_network_rule: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_content_delivery_network_rule: + category: "vcache" + comment: "Comment about this CDN-rule." + host_domain_name_suffix: + - + name: "default_name_6" + name: "default_name_7" + request_cache_control: "enable" + response_cache_control: "enable" + response_expires: "enable" + rules: + - + content_id: + end_direction: "forward" + end_skip: "14" + end_str: "" + range_str: "" + start_direction: "forward" + start_skip: "18" + start_str: "" + target: "path" + match_entries: + - + id: "22" + pattern: + - + string: "" + target: "path" + match_mode: "all" + name: "default_name_27" + skip_entries: + - + id: "29" + pattern: + - + string: "" + target: "path" + skip_rule_mode: "all" + status: "enable" + text_response_vcache: "enable" + updateserver: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_content_delivery_network_rule_data(json): + option_list = ['category', 'comment', 'host_domain_name_suffix', + 'name', 'request_cache_control', 'response_cache_control', + 'response_expires', 'rules', 'status', + 'text_response_vcache', 'updateserver'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_content_delivery_network_rule(data, fos): + vdom = data['vdom'] + state = data['state'] + wanopt_content_delivery_network_rule_data = data['wanopt_content_delivery_network_rule'] + filtered_data = underscore_to_hyphen(filter_wanopt_content_delivery_network_rule_data(wanopt_content_delivery_network_rule_data)) + + if state == "present": + return fos.set('wanopt', + 'content-delivery-network-rule', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wanopt', + 'content-delivery-network-rule', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_content_delivery_network_rule']: + resp = wanopt_content_delivery_network_rule(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_content_delivery_network_rule')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wanopt_content_delivery_network_rule": { + "required": False, "type": "dict", "default": None, + "options": { + "category": {"required": False, "type": "str", + "choices": ["vcache", + "youtube"]}, + "comment": {"required": False, "type": "str"}, + "host_domain_name_suffix": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"}, + "request_cache_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "response_cache_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "response_expires": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "rules": {"required": False, "type": "list", + "options": { + "content_id": {"required": False, "type": "dict", + "options": { + "end_direction": {"required": False, "type": "str", + "choices": ["forward", + "backward"]}, + "end_skip": {"required": False, "type": "int"}, + "end_str": {"required": False, "type": "str"}, + "range_str": {"required": False, "type": "str"}, + "start_direction": {"required": False, "type": "str", + "choices": ["forward", + "backward"]}, + "start_skip": {"required": False, "type": "int"}, + "start_str": {"required": False, "type": "str"}, + "target": {"required": False, "type": "str", + "choices": ["path", + "parameter", + "referrer", + "youtube-map", + "youtube-id", + "youku-id", + "hls-manifest", + "dash-manifest", + "hls-fragment", + "dash-fragment"]} + }}, + "match_entries": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "pattern": {"required": False, "type": "list", + "options": { + "string": {"required": True, "type": "str"} + }}, + "target": {"required": False, "type": "str", + "choices": ["path", + "parameter", + "referrer", + "youtube-map", + "youtube-id", + "youku-id"]} + }}, + "match_mode": {"required": False, "type": "str", + "choices": ["all", + "any"]}, + "name": {"required": True, "type": "str"}, + "skip_entries": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "pattern": {"required": False, "type": "list", + "options": { + "string": {"required": True, "type": "str"} + }}, + "target": {"required": False, "type": "str", + "choices": ["path", + "parameter", + "referrer", + "youtube-map", + "youtube-id", + "youku-id"]} + }}, + "skip_rule_mode": {"required": False, "type": "str", + "choices": ["all", + "any"]} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "text_response_vcache": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "updateserver": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_peer.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_peer.py new file mode 100644 index 00000000..d6f820d9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_peer.py @@ -0,0 +1,286 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_peer +short_description: Configure WAN optimization peers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and peer category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wanopt_peer: + description: + - Configure WAN optimization peers. + default: null + type: dict + suboptions: + ip: + description: + - Peer IP address. + type: str + peer_host_id: + description: + - Peer host ID. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization peers. + fortios_wanopt_peer: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_peer: + ip: "" + peer_host_id: "myhostname" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_peer_data(json): + option_list = ['ip', 'peer_host_id'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_peer(data, fos): + vdom = data['vdom'] + state = data['state'] + wanopt_peer_data = data['wanopt_peer'] + filtered_data = underscore_to_hyphen(filter_wanopt_peer_data(wanopt_peer_data)) + + if state == "present": + return fos.set('wanopt', + 'peer', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wanopt', + 'peer', + mkey=filtered_data['peer-host-id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_peer']: + resp = wanopt_peer(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_peer')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'peer-host-id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wanopt_peer": { + "required": False, "type": "dict", "default": None, + "options": { + "ip": {"required": False, "type": "str"}, + "peer_host_id": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_profile.py new file mode 100644 index 00000000..d81ba5fb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_profile.py @@ -0,0 +1,801 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_profile +short_description: Configure WAN optimization profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + wanopt_profile: + description: + - Configure WAN optimization profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + auth_group: + description: + - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. Source + wanopt.auth-group.name. + type: str + cifs: + description: + - Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features. + type: dict + suboptions: + byte_caching: + description: + - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in + future serving if from the cache. + type: str + choices: + - enable + - disable + log_traffic: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + port: + description: + - Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or + range are accepted by this profile. + type: int + prefer_chunking: + description: + - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. + type: str + choices: + - dynamic + - fix + secure_tunnel: + description: + - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable HTTP WAN Optimization. + type: str + choices: + - enable + - disable + tunnel_sharing: + description: + - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. + type: str + choices: + - private + - shared + - express-shared + comments: + description: + - Comment. + type: str + ftp: + description: + - Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features. + type: dict + suboptions: + byte_caching: + description: + - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in + future serving if from the cache. + type: str + choices: + - enable + - disable + log_traffic: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + port: + description: + - Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or + range are accepted by this profile. + type: int + prefer_chunking: + description: + - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. + type: str + choices: + - dynamic + - fix + secure_tunnel: + description: + - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable HTTP WAN Optimization. + type: str + choices: + - enable + - disable + tunnel_sharing: + description: + - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. + type: str + choices: + - private + - shared + - express-shared + http: + description: + - Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features. + type: dict + suboptions: + byte_caching: + description: + - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in + future serving if from the cache. + type: str + choices: + - enable + - disable + log_traffic: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + port: + description: + - Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or + range are accepted by this profile. + type: int + prefer_chunking: + description: + - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. + type: str + choices: + - dynamic + - fix + secure_tunnel: + description: + - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). + type: str + choices: + - enable + - disable + ssl: + description: + - Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel. + type: str + choices: + - enable + - disable + ssl_port: + description: + - Port on which to expect HTTPS traffic for SSL/TLS offloading. + type: int + status: + description: + - Enable/disable HTTP WAN Optimization. + type: str + choices: + - enable + - disable + tunnel_non_http: + description: + - Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an + application sends non-HTTP traffic using an HTTP destination port. + type: str + choices: + - enable + - disable + tunnel_sharing: + description: + - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. + type: str + choices: + - private + - shared + - express-shared + unknown_http_version: + description: + - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. + type: str + choices: + - reject + - tunnel + - best-effort + mapi: + description: + - Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features. + type: dict + suboptions: + byte_caching: + description: + - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in + future serving if from the cache. + type: str + choices: + - enable + - disable + log_traffic: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + port: + description: + - Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or + range are accepted by this profile. + type: int + secure_tunnel: + description: + - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). + type: str + choices: + - enable + - disable + status: + description: + - Enable/disable HTTP WAN Optimization. + type: str + choices: + - enable + - disable + tunnel_sharing: + description: + - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. + type: str + choices: + - private + - shared + - express-shared + name: + description: + - Profile name. + required: true + type: str + tcp: + description: + - Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features. + type: dict + suboptions: + byte_caching: + description: + - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in + future serving if from the cache. + type: str + choices: + - enable + - disable + byte_caching_opt: + description: + - Select whether TCP byte-caching uses system memory only or both memory and disk space. + type: str + choices: + - mem-only + - mem-disk + log_traffic: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + port: + description: + - Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or + range are accepted by this profile. + type: str + secure_tunnel: + description: + - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). + type: str + choices: + - enable + - disable + ssl: + description: + - Enable/disable SSL/TLS offloading. + type: str + choices: + - enable + - disable + ssl_port: + description: + - Port on which to expect HTTPS traffic for SSL/TLS offloading. + type: int + status: + description: + - Enable/disable HTTP WAN Optimization. + type: str + choices: + - enable + - disable + tunnel_sharing: + description: + - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. + type: str + choices: + - private + - shared + - express-shared + transparent: + description: + - Enable/disable transparent mode. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization profiles. + fortios_wanopt_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wanopt_profile: + auth_group: " (source wanopt.auth-group.name)" + cifs: + byte_caching: "enable" + log_traffic: "enable" + port: "7" + prefer_chunking: "dynamic" + secure_tunnel: "enable" + status: "enable" + tunnel_sharing: "private" + comments: "" + ftp: + byte_caching: "enable" + log_traffic: "enable" + port: "16" + prefer_chunking: "dynamic" + secure_tunnel: "enable" + status: "enable" + tunnel_sharing: "private" + http: + byte_caching: "enable" + log_traffic: "enable" + port: "24" + prefer_chunking: "dynamic" + secure_tunnel: "enable" + ssl: "enable" + ssl_port: "28" + status: "enable" + tunnel_non_http: "enable" + tunnel_sharing: "private" + unknown_http_version: "reject" + mapi: + byte_caching: "enable" + log_traffic: "enable" + port: "36" + secure_tunnel: "enable" + status: "enable" + tunnel_sharing: "private" + name: "default_name_40" + tcp: + byte_caching: "enable" + byte_caching_opt: "mem-only" + log_traffic: "enable" + port: "" + secure_tunnel: "enable" + ssl: "enable" + ssl_port: "48" + status: "enable" + tunnel_sharing: "private" + transparent: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_profile_data(json): + option_list = ['auth_group', 'cifs', 'comments', + 'ftp', 'http', 'mapi', + 'name', 'tcp', 'transparent'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['wanopt_profile'] and data['wanopt_profile']['state']: + state = data['wanopt_profile']['state'] + else: + state = True + wanopt_profile_data = data['wanopt_profile'] + filtered_data = underscore_to_hyphen(filter_wanopt_profile_data(wanopt_profile_data)) + + if state == "present": + return fos.set('wanopt', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wanopt', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_profile']: + resp = wanopt_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "wanopt_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "auth_group": {"required": False, "type": "str"}, + "cifs": {"required": False, "type": "dict", + "options": { + "byte_caching": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "int"}, + "prefer_chunking": {"required": False, "type": "str", + "choices": ["dynamic", + "fix"]}, + "secure_tunnel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_sharing": {"required": False, "type": "str", + "choices": ["private", + "shared", + "express-shared"]} + }}, + "comments": {"required": False, "type": "str"}, + "ftp": {"required": False, "type": "dict", + "options": { + "byte_caching": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "int"}, + "prefer_chunking": {"required": False, "type": "str", + "choices": ["dynamic", + "fix"]}, + "secure_tunnel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_sharing": {"required": False, "type": "str", + "choices": ["private", + "shared", + "express-shared"]} + }}, + "http": {"required": False, "type": "dict", + "options": { + "byte_caching": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "int"}, + "prefer_chunking": {"required": False, "type": "str", + "choices": ["dynamic", + "fix"]}, + "secure_tunnel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_non_http": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_sharing": {"required": False, "type": "str", + "choices": ["private", + "shared", + "express-shared"]}, + "unknown_http_version": {"required": False, "type": "str", + "choices": ["reject", + "tunnel", + "best-effort"]} + }}, + "mapi": {"required": False, "type": "dict", + "options": { + "byte_caching": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "log_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "int"}, + "secure_tunnel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_sharing": {"required": False, "type": "str", + "choices": ["private", + "shared", + "express-shared"]} + }}, + "name": {"required": True, "type": "str"}, + "tcp": {"required": False, "type": "dict", + "options": { + "byte_caching": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "byte_caching_opt": {"required": False, "type": "str", + "choices": ["mem-only", + "mem-disk"]}, + "log_traffic": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "port": {"required": False, "type": "str"}, + "secure_tunnel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssl_port": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_sharing": {"required": False, "type": "str", + "choices": ["private", + "shared", + "express-shared"]} + }}, + "transparent": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_remote_storage.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_remote_storage.py new file mode 100644 index 00000000..44a643dd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_remote_storage.py @@ -0,0 +1,282 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_remote_storage +short_description: Configure a remote cache device as Web cache storage in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and remote_storage category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wanopt_remote_storage: + description: + - Configure a remote cache device as Web cache storage. + default: null + type: dict + suboptions: + local_cache_id: + description: + - ID that this device uses to connect to the remote device. + type: str + remote_cache_id: + description: + - ID of the remote device to which the device connects. + type: str + remote_cache_ip: + description: + - IP address of the remote device to which the device connects. + type: str + status: + description: + - Enable/disable using remote device as Web cache storage. + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure a remote cache device as Web cache storage. + fortios_wanopt_remote_storage: + vdom: "{{ vdom }}" + wanopt_remote_storage: + local_cache_id: "" + remote_cache_id: "" + remote_cache_ip: "" + status: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_remote_storage_data(json): + option_list = ['local_cache_id', 'remote_cache_id', 'remote_cache_ip', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_remote_storage(data, fos): + vdom = data['vdom'] + wanopt_remote_storage_data = data['wanopt_remote_storage'] + filtered_data = underscore_to_hyphen(filter_wanopt_remote_storage_data(wanopt_remote_storage_data)) + + return fos.set('wanopt', + 'remote-storage', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_remote_storage']: + resp = wanopt_remote_storage(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_remote_storage')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wanopt_remote_storage": { + "required": False, "type": "dict", "default": None, + "options": { + "local_cache_id": {"required": False, "type": "str"}, + "remote_cache_id": {"required": False, "type": "str"}, + "remote_cache_ip": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_settings.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_settings.py new file mode 100644 index 00000000..860e1836 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_settings.py @@ -0,0 +1,282 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_settings +short_description: Configure WAN optimization settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and settings category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wanopt_settings: + description: + - Configure WAN optimization settings. + default: null + type: dict + suboptions: + auto_detect_algorithm: + description: + - Auto detection algorithms used in tunnel negotiations. + type: str + choices: + - simple + - diff-req-resp + host_id: + description: + - Local host ID (must also be entered in the remote FortiGate"s peer list). + type: str + tunnel_ssl_algorithm: + description: + - Relative strength of encryption algorithms accepted during tunnel negotiation. + type: str + choices: + - high + - medium + - low +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN optimization settings. + fortios_wanopt_settings: + vdom: "{{ vdom }}" + wanopt_settings: + auto_detect_algorithm: "simple" + host_id: "myhostname" + tunnel_ssl_algorithm: "high" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_settings_data(json): + option_list = ['auto_detect_algorithm', 'host_id', 'tunnel_ssl_algorithm'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_settings(data, fos): + vdom = data['vdom'] + wanopt_settings_data = data['wanopt_settings'] + filtered_data = underscore_to_hyphen(filter_wanopt_settings_data(wanopt_settings_data)) + + return fos.set('wanopt', + 'settings', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_settings']: + resp = wanopt_settings(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_settings')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wanopt_settings": { + "required": False, "type": "dict", "default": None, + "options": { + "auto_detect_algorithm": {"required": False, "type": "str", + "choices": ["simple", + "diff-req-resp"]}, + "host_id": {"required": False, "type": "str"}, + "tunnel_ssl_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_webcache.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_webcache.py new file mode 100644 index 00000000..6771c46f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wanopt_webcache.py @@ -0,0 +1,416 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wanopt_webcache +short_description: Configure global Web cache settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wanopt feature and webcache category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wanopt_webcache: + description: + - Configure global Web cache settings. + default: null + type: dict + suboptions: + always_revalidate: + description: + - Enable/disable revalidation of requested cached objects, which have content on the server, before serving it to the client. + type: str + choices: + - enable + - disable + cache_by_default: + description: + - Enable/disable caching content that lacks explicit caching policies from the server. + type: str + choices: + - enable + - disable + cache_cookie: + description: + - Enable/disable caching cookies. Since cookies contain information for or about individual users, they not usually cached. + type: str + choices: + - enable + - disable + cache_expired: + description: + - Enable/disable caching type-1 objects that are already expired on arrival. + type: str + choices: + - enable + - disable + default_ttl: + description: + - Default object expiry time . This only applies to those objects that do not have an expiry time set by the web server. + type: int + external: + description: + - Enable/disable external Web caching. + type: str + choices: + - enable + - disable + fresh_factor: + description: + - Frequency that the server is checked to see if any objects have expired (1 - 100). The higher the fresh factor, the less often the + checks occur. + type: int + host_validate: + description: + - 'Enable/disable validating "Host:" with original server IP.' + type: str + choices: + - enable + - disable + ignore_conditional: + description: + - Enable/disable controlling the behavior of cache-control HTTP 1.1 header values. + type: str + choices: + - enable + - disable + ignore_ie_reload: + description: + - 'Enable/disable ignoring the PNC-interpretation of Internet Explorer"s Accept: / header.' + type: str + choices: + - enable + - disable + ignore_ims: + description: + - Enable/disable ignoring the if-modified-since (IMS) header. + type: str + choices: + - enable + - disable + ignore_pnc: + description: + - Enable/disable ignoring the pragma no-cache (PNC) header. + type: str + choices: + - enable + - disable + max_object_size: + description: + - Maximum cacheable object size in kB (1 - 2147483 kb (2GB). All objects that exceed this are delivered to the client but not stored in + the web cache. + type: int + max_ttl: + description: + - Maximum time an object can stay in the web cache without checking to see if it has expired on the server . + type: int + min_ttl: + description: + - Minimum time an object can stay in the web cache without checking to see if it has expired on the server . + type: int + neg_resp_time: + description: + - Time in minutes to cache negative responses or errors (0 - 4294967295). + type: int + reval_pnc: + description: + - Enable/disable revalidation of pragma-no-cache (PNC) to address bandwidth concerns. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure global Web cache settings. + fortios_wanopt_webcache: + vdom: "{{ vdom }}" + wanopt_webcache: + always_revalidate: "enable" + cache_by_default: "enable" + cache_cookie: "enable" + cache_expired: "enable" + default_ttl: "7" + external: "enable" + fresh_factor: "9" + host_validate: "enable" + ignore_conditional: "enable" + ignore_ie_reload: "enable" + ignore_ims: "enable" + ignore_pnc: "enable" + max_object_size: "15" + max_ttl: "16" + min_ttl: "17" + neg_resp_time: "18" + reval_pnc: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wanopt_webcache_data(json): + option_list = ['always_revalidate', 'cache_by_default', 'cache_cookie', + 'cache_expired', 'default_ttl', 'external', + 'fresh_factor', 'host_validate', 'ignore_conditional', + 'ignore_ie_reload', 'ignore_ims', 'ignore_pnc', + 'max_object_size', 'max_ttl', 'min_ttl', + 'neg_resp_time', 'reval_pnc'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wanopt_webcache(data, fos): + vdom = data['vdom'] + wanopt_webcache_data = data['wanopt_webcache'] + filtered_data = underscore_to_hyphen(filter_wanopt_webcache_data(wanopt_webcache_data)) + + return fos.set('wanopt', + 'webcache', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wanopt(data, fos): + + if data['wanopt_webcache']: + resp = wanopt_webcache(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wanopt_webcache')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wanopt_webcache": { + "required": False, "type": "dict", "default": None, + "options": { + "always_revalidate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cache_by_default": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cache_cookie": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "cache_expired": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "default_ttl": {"required": False, "type": "int"}, + "external": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fresh_factor": {"required": False, "type": "int"}, + "host_validate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ignore_conditional": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ignore_ie_reload": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ignore_ims": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ignore_pnc": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_object_size": {"required": False, "type": "int"}, + "max_ttl": {"required": False, "type": "int"}, + "min_ttl": {"required": False, "type": "int"}, + "neg_resp_time": {"required": False, "type": "int"}, + "reval_pnc": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wanopt(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_debug_url.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_debug_url.py new file mode 100644 index 00000000..b0e982b9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_debug_url.py @@ -0,0 +1,310 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_debug_url +short_description: Configure debug URL addresses in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and debug_url category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + web_proxy_debug_url: + description: + - Configure debug URL addresses. + default: null + type: dict + suboptions: + exact: + description: + - Enable/disable matching the exact path. + type: str + choices: + - enable + - disable + name: + description: + - Debug URL name. + required: true + type: str + status: + description: + - Enable/disable this URL exemption. + type: str + choices: + - enable + - disable + url_pattern: + description: + - URL exemption pattern. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure debug URL addresses. + fortios_web_proxy_debug_url: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_debug_url: + exact: "enable" + name: "default_name_4" + status: "enable" + url_pattern: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_debug_url_data(json): + option_list = ['exact', 'name', 'status', + 'url_pattern'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_debug_url(data, fos): + vdom = data['vdom'] + state = data['state'] + web_proxy_debug_url_data = data['web_proxy_debug_url'] + filtered_data = underscore_to_hyphen(filter_web_proxy_debug_url_data(web_proxy_debug_url_data)) + + if state == "present": + return fos.set('web-proxy', + 'debug-url', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('web-proxy', + 'debug-url', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_debug_url']: + resp = web_proxy_debug_url(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_debug_url')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "web_proxy_debug_url": { + "required": False, "type": "dict", "default": None, + "options": { + "exact": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "url_pattern": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_explicit.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_explicit.py new file mode 100644 index 00000000..3a7b8dc3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_explicit.py @@ -0,0 +1,580 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_explicit +short_description: Configure explicit Web proxy settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and explicit category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + web_proxy_explicit: + description: + - Configure explicit Web proxy settings. + default: null + type: dict + suboptions: + ftp_incoming_port: + description: + - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). + type: str + ftp_over_http: + description: + - Enable to proxy FTP-over-HTTP sessions sent from a web browser. + type: str + choices: + - enable + - disable + http_incoming_port: + description: + - Accept incoming HTTP requests on one or more ports (0 - 65535). + type: str + https_incoming_port: + description: + - Accept incoming HTTPS requests on one or more ports (0 - 65535). + type: str + https_replacement_message: + description: + - Enable/disable sending the client a replacement message for HTTPS requests. + type: str + choices: + - enable + - disable + incoming_ip: + description: + - Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. + type: str + incoming_ip6: + description: + - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. + type: str + ipv6_status: + description: + - Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. + type: str + choices: + - enable + - disable + message_upon_server_error: + description: + - Enable/disable displaying a replacement message when a server error is detected. + type: str + choices: + - enable + - disable + outgoing_ip: + description: + - Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. + type: str + outgoing_ip6: + description: + - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. + type: str + pac_file_data: + description: + - PAC file contents enclosed in quotes (maximum of 256K bytes). + type: str + pac_file_name: + description: + - Pac file name. + type: str + pac_file_server_port: + description: + - Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). + type: str + pac_file_server_status: + description: + - Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. + type: str + choices: + - enable + - disable + pac_file_url: + description: + - PAC file access URL. + type: str + pac_policy: + description: + - PAC policies. + type: list + suboptions: + comments: + description: + - Optional comments. + type: str + dstaddr: + description: + - Destination address objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + pac_file_data: + description: + - PAC file contents enclosed in quotes (maximum of 256K bytes). + type: str + pac_file_name: + description: + - Pac file name. + type: str + policyid: + description: + - Policy ID. + required: true + type: int + srcaddr: + description: + - Source address objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. + required: true + type: str + srcaddr6: + description: + - Source address6 objects. + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + status: + description: + - Enable/disable policy. + type: str + choices: + - enable + - disable + pref_dns_result: + description: + - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . + type: str + choices: + - ipv4 + - ipv6 + realm: + description: + - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). + type: str + sec_default_action: + description: + - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. + type: str + choices: + - accept + - deny + socks: + description: + - Enable/disable the SOCKS proxy. + type: str + choices: + - enable + - disable + socks_incoming_port: + description: + - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). + type: str + ssl_algorithm: + description: + - 'Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low.' + type: str + choices: + - high + - medium + - low + status: + description: + - Enable/disable the explicit Web proxy for HTTP and HTTPS session. + type: str + choices: + - enable + - disable + strict_guest: + description: + - Enable/disable strict guest user checking by the explicit web proxy. + type: str + choices: + - enable + - disable + trace_auth_no_rsp: + description: + - Enable/disable logging timed-out authentication requests. + type: str + choices: + - enable + - disable + unknown_http_version: + description: + - Either reject unknown HTTP traffic as malformed or handle unknown HTTP traffic as best as the proxy server can. + type: str + choices: + - reject + - best-effort +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure explicit Web proxy settings. + fortios_web_proxy_explicit: + vdom: "{{ vdom }}" + web_proxy_explicit: + ftp_incoming_port: "" + ftp_over_http: "enable" + http_incoming_port: "" + https_incoming_port: "" + https_replacement_message: "enable" + incoming_ip: "" + incoming_ip6: "" + ipv6_status: "enable" + message_upon_server_error: "enable" + outgoing_ip: "" + outgoing_ip6: "" + pac_file_data: "" + pac_file_name: "" + pac_file_server_port: "" + pac_file_server_status: "enable" + pac_file_url: "" + pac_policy: + - + comments: "" + dstaddr: + - + name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" + pac_file_data: "" + pac_file_name: "" + policyid: "25" + srcaddr: + - + name: "default_name_27 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)" + srcaddr6: + - + name: "default_name_29 (source firewall.address6.name firewall.addrgrp6.name)" + status: "enable" + pref_dns_result: "ipv4" + realm: "" + sec_default_action: "accept" + socks: "enable" + socks_incoming_port: "" + ssl_algorithm: "high" + status: "enable" + strict_guest: "enable" + trace_auth_no_rsp: "enable" + unknown_http_version: "reject" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_explicit_data(json): + option_list = ['ftp_incoming_port', 'ftp_over_http', 'http_incoming_port', + 'https_incoming_port', 'https_replacement_message', 'incoming_ip', + 'incoming_ip6', 'ipv6_status', 'message_upon_server_error', + 'outgoing_ip', 'outgoing_ip6', 'pac_file_data', + 'pac_file_name', 'pac_file_server_port', 'pac_file_server_status', + 'pac_file_url', 'pac_policy', 'pref_dns_result', + 'realm', 'sec_default_action', 'socks', + 'socks_incoming_port', 'ssl_algorithm', 'status', + 'strict_guest', 'trace_auth_no_rsp', 'unknown_http_version'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_explicit(data, fos): + vdom = data['vdom'] + web_proxy_explicit_data = data['web_proxy_explicit'] + filtered_data = underscore_to_hyphen(filter_web_proxy_explicit_data(web_proxy_explicit_data)) + + return fos.set('web-proxy', + 'explicit', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_explicit']: + resp = web_proxy_explicit(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_explicit')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "web_proxy_explicit": { + "required": False, "type": "dict", "default": None, + "options": { + "ftp_incoming_port": {"required": False, "type": "str"}, + "ftp_over_http": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "http_incoming_port": {"required": False, "type": "str"}, + "https_incoming_port": {"required": False, "type": "str"}, + "https_replacement_message": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "incoming_ip": {"required": False, "type": "str"}, + "incoming_ip6": {"required": False, "type": "str"}, + "ipv6_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "message_upon_server_error": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "outgoing_ip": {"required": False, "type": "str"}, + "outgoing_ip6": {"required": False, "type": "str"}, + "pac_file_data": {"required": False, "type": "str"}, + "pac_file_name": {"required": False, "type": "str"}, + "pac_file_server_port": {"required": False, "type": "str"}, + "pac_file_server_status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "pac_file_url": {"required": False, "type": "str"}, + "pac_policy": {"required": False, "type": "list", + "options": { + "comments": {"required": False, "type": "str"}, + "dstaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "pac_file_data": {"required": False, "type": "str"}, + "pac_file_name": {"required": False, "type": "str"}, + "policyid": {"required": True, "type": "int"}, + "srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "srcaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "pref_dns_result": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6"]}, + "realm": {"required": False, "type": "str"}, + "sec_default_action": {"required": False, "type": "str", + "choices": ["accept", + "deny"]}, + "socks": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "socks_incoming_port": {"required": False, "type": "str"}, + "ssl_algorithm": {"required": False, "type": "str", + "choices": ["high", + "medium", + "low"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "strict_guest": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "trace_auth_no_rsp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unknown_http_version": {"required": False, "type": "str", + "choices": ["reject", + "best-effort"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server.py new file mode 100644 index 00000000..262e31c1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server.py @@ -0,0 +1,348 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_forward_server +short_description: Configure forward-server addresses in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and forward_server category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + web_proxy_forward_server: + description: + - Configure forward-server addresses. + default: null + type: dict + suboptions: + addr_type: + description: + - 'Address type of the forwarding proxy server: IP or FQDN.' + type: str + choices: + - ip + - fqdn + comment: + description: + - Comment. + type: str + fqdn: + description: + - Forward server Fully Qualified Domain Name (FQDN). + type: str + healthcheck: + description: + - Enable/disable forward server health checking. Attempts to connect through the remote forwarding server to a destination to verify that + the forwarding server is operating normally. + type: str + choices: + - disable + - enable + ip: + description: + - Forward proxy server IP address. + type: str + monitor: + description: + - 'URL for forward server health check monitoring .' + type: str + name: + description: + - Server name. + required: true + type: str + port: + description: + - Port number that the forwarding server expects to receive HTTP sessions on (1 - 65535). + type: int + server_down_option: + description: + - 'Action to take when the forward server is found to be down: block sessions until the server is back up or pass sessions to their + destination.' + type: str + choices: + - block + - pass +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure forward-server addresses. + fortios_web_proxy_forward_server: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_forward_server: + addr_type: "ip" + comment: "Comment." + fqdn: "" + healthcheck: "disable" + ip: "" + monitor: "" + name: "default_name_9" + port: "10" + server_down_option: "block" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_forward_server_data(json): + option_list = ['addr_type', 'comment', 'fqdn', + 'healthcheck', 'ip', 'monitor', + 'name', 'port', 'server_down_option'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_forward_server(data, fos): + vdom = data['vdom'] + state = data['state'] + web_proxy_forward_server_data = data['web_proxy_forward_server'] + filtered_data = underscore_to_hyphen(filter_web_proxy_forward_server_data(web_proxy_forward_server_data)) + + if state == "present": + return fos.set('web-proxy', + 'forward-server', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('web-proxy', + 'forward-server', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_forward_server']: + resp = web_proxy_forward_server(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_forward_server')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "web_proxy_forward_server": { + "required": False, "type": "dict", "default": None, + "options": { + "addr_type": {"required": False, "type": "str", + "choices": ["ip", + "fqdn"]}, + "comment": {"required": False, "type": "str"}, + "fqdn": {"required": False, "type": "str"}, + "healthcheck": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ip": {"required": False, "type": "str"}, + "monitor": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "port": {"required": False, "type": "int"}, + "server_down_option": {"required": False, "type": "str", + "choices": ["block", + "pass"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server_group.py new file mode 100644 index 00000000..1e82000b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_forward_server_group.py @@ -0,0 +1,341 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_forward_server_group +short_description: Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing in Fortinet's FortiOS and + FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and forward_server_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + web_proxy_forward_server_group: + description: + - Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing. + default: null + type: dict + suboptions: + affinity: + description: + - Enable/disable affinity, attaching a source-ip"s traffic to the assigned forwarding server until the forward-server-affinity-timeout is + reached (under web-proxy global). + type: str + choices: + - enable + - disable + group_down_option: + description: + - 'Action to take when all of the servers in the forward server group are down: block sessions until at least one server is back up or + pass sessions to their destination.' + type: str + choices: + - block + - pass + ldb_method: + description: + - 'Load balance method: weighted or least-session.' + type: str + choices: + - weighted + - least-session + name: + description: + - Configure a forward server group consisting one or multiple forward servers. Supports failover and load balancing. + required: true + type: str + server_list: + description: + - Add web forward servers to a list to form a server group. Optionally assign weights to each server. + type: list + suboptions: + name: + description: + - Forward server name. Source web-proxy.forward-server.name. + required: true + type: str + weight: + description: + - Optionally assign a weight of the forwarding server for weighted load balancing (1 - 100) + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing. + fortios_web_proxy_forward_server_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_forward_server_group: + affinity: "enable" + group_down_option: "block" + ldb_method: "weighted" + name: "default_name_6" + server_list: + - + name: "default_name_8 (source web-proxy.forward-server.name)" + weight: "9" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_forward_server_group_data(json): + option_list = ['affinity', 'group_down_option', 'ldb_method', + 'name', 'server_list'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_forward_server_group(data, fos): + vdom = data['vdom'] + state = data['state'] + web_proxy_forward_server_group_data = data['web_proxy_forward_server_group'] + filtered_data = underscore_to_hyphen(filter_web_proxy_forward_server_group_data(web_proxy_forward_server_group_data)) + + if state == "present": + return fos.set('web-proxy', + 'forward-server-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('web-proxy', + 'forward-server-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_forward_server_group']: + resp = web_proxy_forward_server_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_forward_server_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "web_proxy_forward_server_group": { + "required": False, "type": "dict", "default": None, + "options": { + "affinity": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "group_down_option": {"required": False, "type": "str", + "choices": ["block", + "pass"]}, + "ldb_method": {"required": False, "type": "str", + "choices": ["weighted", + "least-session"]}, + "name": {"required": True, "type": "str"}, + "server_list": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"}, + "weight": {"required": False, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_global.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_global.py new file mode 100644 index 00000000..3a6b788e --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_global.py @@ -0,0 +1,408 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_global +short_description: Configure Web proxy global settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and global category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + web_proxy_global: + description: + - Configure Web proxy global settings. + default: null + type: dict + suboptions: + fast_policy_match: + description: + - Enable/disable fast matching algorithm for explicit and transparent proxy policy. + type: str + choices: + - enable + - disable + forward_proxy_auth: + description: + - Enable/disable forwarding proxy authentication headers. + type: str + choices: + - enable + - disable + forward_server_affinity_timeout: + description: + - Period of time before the source IP"s traffic is no longer assigned to the forwarding server (6 - 60 min). + type: int + learn_client_ip: + description: + - Enable/disable learning the client"s IP address from headers. + type: str + choices: + - enable + - disable + learn_client_ip_from_header: + description: + - Learn client IP address from the specified headers. + type: str + choices: + - true-client-ip + - x-real-ip + - x-forwarded-for + learn_client_ip_srcaddr: + description: + - Source address name (srcaddr or srcaddr6 must be set). + type: list + suboptions: + name: + description: + - Address name. Source firewall.address.name firewall.addrgrp.name. + required: true + type: str + learn_client_ip_srcaddr6: + description: + - IPv6 Source address name (srcaddr or srcaddr6 must be set). + type: list + suboptions: + name: + description: + - Address name. Source firewall.address6.name firewall.addrgrp6.name. + required: true + type: str + max_message_length: + description: + - Maximum length of HTTP message, not including body (16 - 256 Kbytes). + type: int + max_request_length: + description: + - Maximum length of HTTP request line (2 - 64 Kbytes). + type: int + max_waf_body_cache_length: + description: + - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes). + type: int + proxy_fqdn: + description: + - Fully Qualified Domain Name (FQDN) that clients connect to to connect to the explicit web proxy. + type: str + strict_web_check: + description: + - Enable/disable strict web checking to block web sites that send incorrect headers that don"t conform to HTTP 1.1. + type: str + choices: + - enable + - disable + tunnel_non_http: + description: + - Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. + type: str + choices: + - enable + - disable + unknown_http_version: + description: + - 'Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort.' + type: str + choices: + - reject + - tunnel + - best-effort + webproxy_profile: + description: + - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an + explicit proxy policy. Source web-proxy.profile.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Web proxy global settings. + fortios_web_proxy_global: + vdom: "{{ vdom }}" + web_proxy_global: + fast_policy_match: "enable" + forward_proxy_auth: "enable" + forward_server_affinity_timeout: "5" + learn_client_ip: "enable" + learn_client_ip_from_header: "true-client-ip" + learn_client_ip_srcaddr: + - + name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" + learn_client_ip_srcaddr6: + - + name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)" + max_message_length: "12" + max_request_length: "13" + max_waf_body_cache_length: "14" + proxy_fqdn: "" + strict_web_check: "enable" + tunnel_non_http: "enable" + unknown_http_version: "reject" + webproxy_profile: " (source web-proxy.profile.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_global_data(json): + option_list = ['fast_policy_match', 'forward_proxy_auth', 'forward_server_affinity_timeout', + 'learn_client_ip', 'learn_client_ip_from_header', 'learn_client_ip_srcaddr', + 'learn_client_ip_srcaddr6', 'max_message_length', 'max_request_length', + 'max_waf_body_cache_length', 'proxy_fqdn', 'strict_web_check', + 'tunnel_non_http', 'unknown_http_version', 'webproxy_profile'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_global(data, fos): + vdom = data['vdom'] + web_proxy_global_data = data['web_proxy_global'] + filtered_data = underscore_to_hyphen(filter_web_proxy_global_data(web_proxy_global_data)) + + return fos.set('web-proxy', + 'global', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_global']: + resp = web_proxy_global(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_global')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "web_proxy_global": { + "required": False, "type": "dict", "default": None, + "options": { + "fast_policy_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forward_proxy_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "forward_server_affinity_timeout": {"required": False, "type": "int"}, + "learn_client_ip": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "learn_client_ip_from_header": {"required": False, "type": "str", + "choices": ["true-client-ip", + "x-real-ip", + "x-forwarded-for"]}, + "learn_client_ip_srcaddr": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "learn_client_ip_srcaddr6": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "max_message_length": {"required": False, "type": "int"}, + "max_request_length": {"required": False, "type": "int"}, + "max_waf_body_cache_length": {"required": False, "type": "int"}, + "proxy_fqdn": {"required": False, "type": "str"}, + "strict_web_check": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "tunnel_non_http": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "unknown_http_version": {"required": False, "type": "str", + "choices": ["reject", + "tunnel", + "best-effort"]}, + "webproxy_profile": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_profile.py new file mode 100644 index 00000000..3e9128a7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_profile.py @@ -0,0 +1,462 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_profile +short_description: Configure web proxy profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + web_proxy_profile: + description: + - Configure web proxy profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + header_client_ip: + description: + - 'Actions to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header.' + type: str + choices: + - pass + - add + - remove + header_front_end_https: + description: + - 'Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header.' + type: str + choices: + - pass + - add + - remove + header_via_request: + description: + - 'Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header.' + type: str + choices: + - pass + - add + - remove + header_via_response: + description: + - 'Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header.' + type: str + choices: + - pass + - add + - remove + header_x_authenticated_groups: + description: + - 'Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header.' + type: str + choices: + - pass + - add + - remove + header_x_authenticated_user: + description: + - 'Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header.' + type: str + choices: + - pass + - add + - remove + header_x_forwarded_for: + description: + - 'Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header.' + type: str + choices: + - pass + - add + - remove + headers: + description: + - Configure HTTP forwarded requests headers. + type: list + suboptions: + action: + description: + - Action when HTTP the header forwarded. + type: str + choices: + - add-to-request + - add-to-response + - remove-from-request + - remove-from-response + content: + description: + - HTTP header"s content. + type: str + id: + description: + - HTTP forwarded header id. + required: true + type: int + name: + description: + - HTTP forwarded header name. + type: str + log_header_change: + description: + - Enable/disable logging HTTP header changes. + type: str + choices: + - enable + - disable + name: + description: + - Profile name. + required: true + type: str + strip_encoding: + description: + - Enable/disable stripping unsupported encoding from the request header. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web proxy profiles. + fortios_web_proxy_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_profile: + header_client_ip: "pass" + header_front_end_https: "pass" + header_via_request: "pass" + header_via_response: "pass" + header_x_authenticated_groups: "pass" + header_x_authenticated_user: "pass" + header_x_forwarded_for: "pass" + headers: + - + action: "add-to-request" + content: "" + id: "13" + name: "default_name_14" + log_header_change: "enable" + name: "default_name_16" + strip_encoding: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_profile_data(json): + option_list = ['header_client_ip', 'header_front_end_https', 'header_via_request', + 'header_via_response', 'header_x_authenticated_groups', 'header_x_authenticated_user', + 'header_x_forwarded_for', 'headers', 'log_header_change', + 'name', 'strip_encoding'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['web_proxy_profile'] and data['web_proxy_profile']['state']: + state = data['web_proxy_profile']['state'] + else: + state = True + web_proxy_profile_data = data['web_proxy_profile'] + filtered_data = underscore_to_hyphen(filter_web_proxy_profile_data(web_proxy_profile_data)) + + if state == "present": + return fos.set('web-proxy', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('web-proxy', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_profile']: + resp = web_proxy_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "web_proxy_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "header_client_ip": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "header_front_end_https": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "header_via_request": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "header_via_response": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "header_x_authenticated_groups": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "header_x_authenticated_user": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "header_x_forwarded_for": {"required": False, "type": "str", + "choices": ["pass", + "add", + "remove"]}, + "headers": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["add-to-request", + "add-to-response", + "remove-from-request", + "remove-from-response"]}, + "content": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + }}, + "log_header_change": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "strip_encoding": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_url_match.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_url_match.py new file mode 100644 index 00000000..58bbcb45 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_url_match.py @@ -0,0 +1,322 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_url_match +short_description: Exempt URLs from web proxy forwarding and caching in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and url_match category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + web_proxy_url_match: + description: + - Exempt URLs from web proxy forwarding and caching. + default: null + type: dict + suboptions: + cache_exemption: + description: + - Enable/disable exempting this URL pattern from caching. + type: str + choices: + - enable + - disable + comment: + description: + - Comment. + type: str + forward_server: + description: + - Forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. + type: str + name: + description: + - Configure a name for the URL to be exempted. + required: true + type: str + status: + description: + - Enable/disable exempting the URLs matching the URL pattern from web proxy forwarding and caching. + type: str + choices: + - enable + - disable + url_pattern: + description: + - URL pattern to be exempted from web proxy forwarding and caching. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Exempt URLs from web proxy forwarding and caching. + fortios_web_proxy_url_match: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_url_match: + cache_exemption: "enable" + comment: "Comment." + forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" + name: "default_name_6" + status: "enable" + url_pattern: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_url_match_data(json): + option_list = ['cache_exemption', 'comment', 'forward_server', + 'name', 'status', 'url_pattern'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_url_match(data, fos): + vdom = data['vdom'] + state = data['state'] + web_proxy_url_match_data = data['web_proxy_url_match'] + filtered_data = underscore_to_hyphen(filter_web_proxy_url_match_data(web_proxy_url_match_data)) + + if state == "present": + return fos.set('web-proxy', + 'url-match', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('web-proxy', + 'url-match', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_url_match']: + resp = web_proxy_url_match(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_url_match')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "web_proxy_url_match": { + "required": False, "type": "dict", "default": None, + "options": { + "cache_exemption": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comment": {"required": False, "type": "str"}, + "forward_server": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "url_pattern": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_wisp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_wisp.py new file mode 100644 index 00000000..21e6ab10 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_web_proxy_wisp.py @@ -0,0 +1,319 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_web_proxy_wisp +short_description: Configure Wireless Internet service provider (WISP) servers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify web_proxy feature and wisp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + web_proxy_wisp: + description: + - Configure Wireless Internet service provider (WISP) servers. + default: null + type: dict + suboptions: + comment: + description: + - Comment. + type: str + max_connections: + description: + - Maximum number of web proxy WISP connections (4 - 4096). + type: int + name: + description: + - Server name. + required: true + type: str + outgoing_ip: + description: + - WISP outgoing IP address. + type: str + server_ip: + description: + - WISP server IP address. + type: str + server_port: + description: + - WISP server port (1 - 65535). + type: int + timeout: + description: + - Period of time before WISP requests time out (1 - 15 sec). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Wireless Internet service provider (WISP) servers. + fortios_web_proxy_wisp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + web_proxy_wisp: + comment: "Comment." + max_connections: "4" + name: "default_name_5" + outgoing_ip: "" + server_ip: "" + server_port: "8" + timeout: "9" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_web_proxy_wisp_data(json): + option_list = ['comment', 'max_connections', 'name', + 'outgoing_ip', 'server_ip', 'server_port', + 'timeout'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def web_proxy_wisp(data, fos): + vdom = data['vdom'] + state = data['state'] + web_proxy_wisp_data = data['web_proxy_wisp'] + filtered_data = underscore_to_hyphen(filter_web_proxy_wisp_data(web_proxy_wisp_data)) + + if state == "present": + return fos.set('web-proxy', + 'wisp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('web-proxy', + 'wisp', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_web_proxy(data, fos): + + if data['web_proxy_wisp']: + resp = web_proxy_wisp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_wisp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "web_proxy_wisp": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "max_connections": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "outgoing_ip": {"required": False, "type": "str"}, + "server_ip": {"required": False, "type": "str"}, + "server_port": {"required": False, "type": "int"}, + "timeout": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_web_proxy(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content.py new file mode 100644 index 00000000..fedace16 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content.py @@ -0,0 +1,396 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_content +short_description: Configure Web filter banned word table in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and content category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_content: + description: + - Configure Web filter banned word table. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Optional comments. + type: str + entries: + description: + - Configure banned word entries. + type: list + suboptions: + action: + description: + - Block or exempt word when a match is found. + type: str + choices: + - block + - exempt + lang: + description: + - Language of banned word. + type: str + choices: + - western + - simch + - trach + - japanese + - korean + - french + - thai + - spanish + - cyrillic + name: + description: + - Banned word. + required: true + type: str + pattern_type: + description: + - 'Banned word pattern type: wildcard pattern or Perl regular expression.' + type: str + choices: + - wildcard + - regexp + score: + description: + - Score, to be applied every time the word appears on a web page (0 - 4294967295). + type: int + status: + description: + - Enable/disable banned word. + type: str + choices: + - enable + - disable + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Web filter banned word table. + fortios_webfilter_content: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_content: + comment: "Optional comments." + entries: + - + action: "block" + lang: "western" + name: "default_name_7" + pattern_type: "wildcard" + score: "9" + status: "enable" + id: "11" + name: "default_name_12" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_content_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_content(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_content'] and data['webfilter_content']['state']: + state = data['webfilter_content']['state'] + else: + state = True + webfilter_content_data = data['webfilter_content'] + filtered_data = underscore_to_hyphen(filter_webfilter_content_data(webfilter_content_data)) + + if state == "present": + return fos.set('webfilter', + 'content', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'content', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_content']: + resp = webfilter_content(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_content')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_content": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["block", + "exempt"]}, + "lang": {"required": False, "type": "str", + "choices": ["western", + "simch", + "trach", + "japanese", + "korean", + "french", + "thai", + "spanish", + "cyrillic"]}, + "name": {"required": True, "type": "str"}, + "pattern_type": {"required": False, "type": "str", + "choices": ["wildcard", + "regexp"]}, + "score": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content_header.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content_header.py new file mode 100644 index 00000000..08cf62cd --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_content_header.py @@ -0,0 +1,351 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_content_header +short_description: Configure content types used by Web filter in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and content_header category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_content_header: + description: + - Configure content types used by Web filter. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Optional comments. + type: str + entries: + description: + - Configure content types used by web filter. + type: list + suboptions: + action: + description: + - Action to take for this content type. + type: str + choices: + - block + - allow + - exempt + category: + description: + - Categories that this content type applies to. + type: str + pattern: + description: + - Content type (regular expression). + required: true + type: str + id: + description: + - ID. + required: true + type: int + name: + description: + - Name of table. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure content types used by Web filter. + fortios_webfilter_content_header: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_content_header: + comment: "Optional comments." + entries: + - + action: "block" + category: "" + pattern: "" + id: "8" + name: "default_name_9" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_content_header_data(json): + option_list = ['comment', 'entries', 'id', + 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_content_header(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_content_header'] and data['webfilter_content_header']['state']: + state = data['webfilter_content_header']['state'] + else: + state = True + webfilter_content_header_data = data['webfilter_content_header'] + filtered_data = underscore_to_hyphen(filter_webfilter_content_header_data(webfilter_content_header_data)) + + if state == "present": + return fos.set('webfilter', + 'content-header', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'content-header', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_content_header']: + resp = webfilter_content_header(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_content_header')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_content_header": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["block", + "allow", + "exempt"]}, + "category": {"required": False, "type": "str"}, + "pattern": {"required": True, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "name": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_fortiguard.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_fortiguard.py new file mode 100644 index 00000000..a7512fe0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_fortiguard.py @@ -0,0 +1,346 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_fortiguard +short_description: Configure FortiGuard Web Filter service in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and fortiguard category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + webfilter_fortiguard: + description: + - Configure FortiGuard Web Filter service. + default: null + type: dict + suboptions: + cache_mem_percent: + description: + - Maximum percentage of available memory allocated to caching (1 - 15%). + type: int + cache_mode: + description: + - Cache entry expiration mode. + type: str + choices: + - ttl + - db-ver + cache_prefix_match: + description: + - Enable/disable prefix matching in the cache. + type: str + choices: + - enable + - disable + close_ports: + description: + - Close ports used for HTTP/HTTPS override authentication and disable user overrides. + type: str + choices: + - enable + - disable + ovrd_auth_https: + description: + - Enable/disable use of HTTPS for override authentication. + type: str + choices: + - enable + - disable + ovrd_auth_port: + description: + - Port to use for FortiGuard Web Filter override authentication. + type: int + ovrd_auth_port_http: + description: + - Port to use for FortiGuard Web Filter HTTP override authentication + type: int + ovrd_auth_port_https: + description: + - Port to use for FortiGuard Web Filter HTTPS override authentication. + type: int + ovrd_auth_port_warning: + description: + - Port to use for FortiGuard Web Filter Warning override authentication. + type: int + request_packet_size_limit: + description: + - Limit size of URL request packets sent to FortiGuard server (0 for default). + type: int + warn_auth_https: + description: + - Enable/disable use of HTTPS for warning and authentication. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard Web Filter service. + fortios_webfilter_fortiguard: + vdom: "{{ vdom }}" + webfilter_fortiguard: + cache_mem_percent: "3" + cache_mode: "ttl" + cache_prefix_match: "enable" + close_ports: "enable" + ovrd_auth_https: "enable" + ovrd_auth_port: "8" + ovrd_auth_port_http: "9" + ovrd_auth_port_https: "10" + ovrd_auth_port_warning: "11" + request_packet_size_limit: "12" + warn_auth_https: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_fortiguard_data(json): + option_list = ['cache_mem_percent', 'cache_mode', 'cache_prefix_match', + 'close_ports', 'ovrd_auth_https', 'ovrd_auth_port', + 'ovrd_auth_port_http', 'ovrd_auth_port_https', 'ovrd_auth_port_warning', + 'request_packet_size_limit', 'warn_auth_https'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_fortiguard(data, fos): + vdom = data['vdom'] + webfilter_fortiguard_data = data['webfilter_fortiguard'] + filtered_data = underscore_to_hyphen(filter_webfilter_fortiguard_data(webfilter_fortiguard_data)) + + return fos.set('webfilter', + 'fortiguard', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_fortiguard']: + resp = webfilter_fortiguard(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_fortiguard')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "webfilter_fortiguard": { + "required": False, "type": "dict", "default": None, + "options": { + "cache_mem_percent": {"required": False, "type": "int"}, + "cache_mode": {"required": False, "type": "str", + "choices": ["ttl", + "db-ver"]}, + "cache_prefix_match": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "close_ports": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ovrd_auth_https": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ovrd_auth_port": {"required": False, "type": "int"}, + "ovrd_auth_port_http": {"required": False, "type": "int"}, + "ovrd_auth_port_https": {"required": False, "type": "int"}, + "ovrd_auth_port_warning": {"required": False, "type": "int"}, + "request_packet_size_limit": {"required": False, "type": "int"}, + "warn_auth_https": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_cat.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_cat.py new file mode 100644 index 00000000..f71f420d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_cat.py @@ -0,0 +1,319 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_ftgd_local_cat +short_description: Configure FortiGuard Web Filter local categories in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and ftgd_local_cat category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_ftgd_local_cat: + description: + - Configure FortiGuard Web Filter local categories. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + desc: + description: + - Local category description. + required: true + type: str + id: + description: + - Local category ID. + type: int + status: + description: + - Enable/disable the local category. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard Web Filter local categories. + fortios_webfilter_ftgd_local_cat: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_ftgd_local_cat: + desc: "" + id: "4" + status: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_ftgd_local_cat_data(json): + option_list = ['desc', 'id', 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_ftgd_local_cat(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_ftgd_local_cat'] and data['webfilter_ftgd_local_cat']['state']: + state = data['webfilter_ftgd_local_cat']['state'] + else: + state = True + webfilter_ftgd_local_cat_data = data['webfilter_ftgd_local_cat'] + filtered_data = underscore_to_hyphen(filter_webfilter_ftgd_local_cat_data(webfilter_ftgd_local_cat_data)) + + if state == "present": + return fos.set('webfilter', + 'ftgd-local-cat', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'ftgd-local-cat', + mkey=filtered_data['desc'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_ftgd_local_cat']: + resp = webfilter_ftgd_local_cat(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_ftgd_local_cat')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'desc' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_ftgd_local_cat": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "desc": {"required": True, "type": "str"}, + "id": {"required": False, "type": "int"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_rating.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_rating.py new file mode 100644 index 00000000..34d420d2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ftgd_local_rating.py @@ -0,0 +1,319 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_ftgd_local_rating +short_description: Configure local FortiGuard Web Filter local ratings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and ftgd_local_rating category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_ftgd_local_rating: + description: + - Configure local FortiGuard Web Filter local ratings. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + rating: + description: + - Local rating. + type: str + status: + description: + - Enable/disable local rating. + type: str + choices: + - enable + - disable + url: + description: + - URL to rate locally. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure local FortiGuard Web Filter local ratings. + fortios_webfilter_ftgd_local_rating: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_ftgd_local_rating: + rating: "" + status: "enable" + url: "myurl.com" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_ftgd_local_rating_data(json): + option_list = ['rating', 'status', 'url'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_ftgd_local_rating(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_ftgd_local_rating'] and data['webfilter_ftgd_local_rating']['state']: + state = data['webfilter_ftgd_local_rating']['state'] + else: + state = True + webfilter_ftgd_local_rating_data = data['webfilter_ftgd_local_rating'] + filtered_data = underscore_to_hyphen(filter_webfilter_ftgd_local_rating_data(webfilter_ftgd_local_rating_data)) + + if state == "present": + return fos.set('webfilter', + 'ftgd-local-rating', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'ftgd-local-rating', + mkey=filtered_data['url'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_ftgd_local_rating']: + resp = webfilter_ftgd_local_rating(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_ftgd_local_rating')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'url' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_ftgd_local_rating": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "rating": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "url": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_cache_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_cache_setting.py new file mode 100644 index 00000000..ffeaf42f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_cache_setting.py @@ -0,0 +1,264 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_ips_urlfilter_cache_setting +short_description: Configure IPS URL filter cache settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and ips_urlfilter_cache_setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + webfilter_ips_urlfilter_cache_setting: + description: + - Configure IPS URL filter cache settings. + default: null + type: dict + suboptions: + dns_retry_interval: + description: + - Retry interval. Refresh DNS faster than TTL to capture multiple IPs for hosts. 0 means use DNS server"s TTL only. + type: int + extended_ttl: + description: + - Extend time to live beyond reported by DNS. 0 means use DNS server"s TTL + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter cache settings. + fortios_webfilter_ips_urlfilter_cache_setting: + vdom: "{{ vdom }}" + webfilter_ips_urlfilter_cache_setting: + dns_retry_interval: "3" + extended_ttl: "4" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_ips_urlfilter_cache_setting_data(json): + option_list = ['dns_retry_interval', 'extended_ttl'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_ips_urlfilter_cache_setting(data, fos): + vdom = data['vdom'] + webfilter_ips_urlfilter_cache_setting_data = data['webfilter_ips_urlfilter_cache_setting'] + filtered_data = underscore_to_hyphen(filter_webfilter_ips_urlfilter_cache_setting_data(webfilter_ips_urlfilter_cache_setting_data)) + + return fos.set('webfilter', + 'ips-urlfilter-cache-setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_ips_urlfilter_cache_setting']: + resp = webfilter_ips_urlfilter_cache_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_ips_urlfilter_cache_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "webfilter_ips_urlfilter_cache_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "dns_retry_interval": {"required": False, "type": "int"}, + "extended_ttl": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting.py new file mode 100644 index 00000000..778b73d3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting.py @@ -0,0 +1,277 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_ips_urlfilter_setting +short_description: Configure IPS URL filter settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and ips_urlfilter_setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + webfilter_ips_urlfilter_setting: + description: + - Configure IPS URL filter settings. + default: null + type: dict + suboptions: + device: + description: + - Interface for this route. Source system.interface.name. + type: str + distance: + description: + - Administrative distance (1 - 255) for this route. + type: int + gateway: + description: + - Gateway IP address for this route. + type: str + geo_filter: + description: + - Filter based on geographical location. Route will NOT be installed if the resolved IP address belongs to the country in the filter. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter settings. + fortios_webfilter_ips_urlfilter_setting: + vdom: "{{ vdom }}" + webfilter_ips_urlfilter_setting: + device: " (source system.interface.name)" + distance: "4" + gateway: "" + geo_filter: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_ips_urlfilter_setting_data(json): + option_list = ['device', 'distance', 'gateway', + 'geo_filter'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_ips_urlfilter_setting(data, fos): + vdom = data['vdom'] + webfilter_ips_urlfilter_setting_data = data['webfilter_ips_urlfilter_setting'] + filtered_data = underscore_to_hyphen(filter_webfilter_ips_urlfilter_setting_data(webfilter_ips_urlfilter_setting_data)) + + return fos.set('webfilter', + 'ips-urlfilter-setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_ips_urlfilter_setting']: + resp = webfilter_ips_urlfilter_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_ips_urlfilter_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "webfilter_ips_urlfilter_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "device": {"required": False, "type": "str"}, + "distance": {"required": False, "type": "int"}, + "gateway": {"required": False, "type": "str"}, + "geo_filter": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting6.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting6.py new file mode 100644 index 00000000..58f1277c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_ips_urlfilter_setting6.py @@ -0,0 +1,277 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_ips_urlfilter_setting6 +short_description: Configure IPS URL filter settings for IPv6 in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and ips_urlfilter_setting6 category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + webfilter_ips_urlfilter_setting6: + description: + - Configure IPS URL filter settings for IPv6. + default: null + type: dict + suboptions: + device: + description: + - Interface for this route. Source system.interface.name. + type: str + distance: + description: + - Administrative distance (1 - 255) for this route. + type: int + gateway6: + description: + - Gateway IPv6 address for this route. + type: str + geo_filter: + description: + - Filter based on geographical location. Route will NOT be installed if the resolved IPv6 address belongs to the country in the filter. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IPS URL filter settings for IPv6. + fortios_webfilter_ips_urlfilter_setting6: + vdom: "{{ vdom }}" + webfilter_ips_urlfilter_setting6: + device: " (source system.interface.name)" + distance: "4" + gateway6: "" + geo_filter: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_ips_urlfilter_setting6_data(json): + option_list = ['device', 'distance', 'gateway6', + 'geo_filter'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_ips_urlfilter_setting6(data, fos): + vdom = data['vdom'] + webfilter_ips_urlfilter_setting6_data = data['webfilter_ips_urlfilter_setting6'] + filtered_data = underscore_to_hyphen(filter_webfilter_ips_urlfilter_setting6_data(webfilter_ips_urlfilter_setting6_data)) + + return fos.set('webfilter', + 'ips-urlfilter-setting6', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_ips_urlfilter_setting6']: + resp = webfilter_ips_urlfilter_setting6(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_ips_urlfilter_setting6')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "webfilter_ips_urlfilter_setting6": { + "required": False, "type": "dict", "default": None, + "options": { + "device": {"required": False, "type": "str"}, + "distance": {"required": False, "type": "int"}, + "gateway6": {"required": False, "type": "str"}, + "geo_filter": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_override.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_override.py new file mode 100644 index 00000000..b2de81ec --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_override.py @@ -0,0 +1,379 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_override +short_description: Configure FortiGuard Web Filter administrative overrides in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and override category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_override: + description: + - Configure FortiGuard Web Filter administrative overrides. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + expires: + description: + - 'Override expiration date and time, from 5 minutes to 365 from now (format: yyyy/mm/dd hh:mm:ss).' + type: str + id: + description: + - Override rule ID. + required: true + type: int + initiator: + description: + - Initiating user of override (read-only setting). + type: str + ip: + description: + - IPv4 address which the override applies. + type: str + ip6: + description: + - IPv6 address which the override applies. + type: str + new_profile: + description: + - Name of the new web filter profile used by the override. Source webfilter.profile.name. + type: str + old_profile: + description: + - Name of the web filter profile which the override applies. Source webfilter.profile.name. + type: str + scope: + description: + - Override either the specific user, user group, IPv4 address, or IPv6 address. + type: str + choices: + - user + - user-group + - ip + - ip6 + status: + description: + - Enable/disable override rule. + type: str + choices: + - enable + - disable + user: + description: + - Name of the user which the override applies. + type: str + user_group: + description: + - Specify the user group for which the override applies. Source user.group.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure FortiGuard Web Filter administrative overrides. + fortios_webfilter_override: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_override: + expires: "" + id: "4" + initiator: "" + ip: "" + ip6: "" + new_profile: " (source webfilter.profile.name)" + old_profile: " (source webfilter.profile.name)" + scope: "user" + status: "enable" + user: "" + user_group: " (source user.group.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_override_data(json): + option_list = ['expires', 'id', 'initiator', + 'ip', 'ip6', 'new_profile', + 'old_profile', 'scope', 'status', + 'user', 'user_group'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_override(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_override'] and data['webfilter_override']['state']: + state = data['webfilter_override']['state'] + else: + state = True + webfilter_override_data = data['webfilter_override'] + filtered_data = underscore_to_hyphen(filter_webfilter_override_data(webfilter_override_data)) + + if state == "present": + return fos.set('webfilter', + 'override', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'override', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_override']: + resp = webfilter_override(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_override')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_override": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "expires": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "initiator": {"required": False, "type": "str"}, + "ip": {"required": False, "type": "str"}, + "ip6": {"required": False, "type": "str"}, + "new_profile": {"required": False, "type": "str"}, + "old_profile": {"required": False, "type": "str"}, + "scope": {"required": False, "type": "str", + "choices": ["user", + "user-group", + "ip", + "ip6"]}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "user": {"required": False, "type": "str"}, + "user_group": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_profile.py new file mode 100644 index 00000000..81b159eb --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_profile.py @@ -0,0 +1,1203 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_profile +short_description: Configure Web filter profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_profile: + description: + - Configure Web filter profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Optional comments. + type: str + extended_log: + description: + - Enable/disable extended logging for web filtering. + type: str + choices: + - enable + - disable + ftgd_wf: + description: + - FortiGuard Web Filter settings. + type: dict + suboptions: + exempt_quota: + description: + - Do not stop quota for these categories. + type: str + filters: + description: + - FortiGuard filters. + type: list + suboptions: + action: + description: + - Action to take for matches. + type: str + choices: + - block + - authenticate + - monitor + - warning + auth_usr_grp: + description: + - Groups with permission to authenticate. + type: str + suboptions: + name: + description: + - User group name. Source user.group.name. + required: true + type: str + category: + description: + - Categories and groups the filter examines. + type: int + id: + description: + - ID number. + required: true + type: int + log: + description: + - Enable/disable logging. + type: str + choices: + - enable + - disable + override_replacemsg: + description: + - Override replacement message. + type: str + warn_duration: + description: + - Duration of warnings. + type: str + warning_duration_type: + description: + - Re-display warning after closing browser or after a timeout. + type: str + choices: + - session + - timeout + warning_prompt: + description: + - Warning prompts in each category or each domain. + type: str + choices: + - per-domain + - per-category + max_quota_timeout: + description: + - Maximum FortiGuard quota used by single page view in seconds (excludes streams). + type: int + options: + description: + - Options for FortiGuard Web Filter. + type: str + choices: + - error-allow + - rate-server-ip + - connect-request-bypass + - ftgd-disable + ovrd: + description: + - Allow web filter profile overrides. + type: str + quota: + description: + - FortiGuard traffic quota settings. + type: list + suboptions: + category: + description: + - FortiGuard categories to apply quota to (category action must be set to monitor). + type: str + duration: + description: + - Duration of quota. + type: str + id: + description: + - ID number. + required: true + type: int + override_replacemsg: + description: + - Override replacement message. + type: str + type: + description: + - Quota type. + type: str + choices: + - time + - traffic + unit: + description: + - Traffic quota unit of measurement. + type: str + choices: + - B + - KB + - MB + - GB + value: + description: + - Traffic quota value. + type: int + rate_crl_urls: + description: + - Enable/disable rating CRL by URL. + type: str + choices: + - disable + - enable + rate_css_urls: + description: + - Enable/disable rating CSS by URL. + type: str + choices: + - disable + - enable + rate_image_urls: + description: + - Enable/disable rating images by URL. + type: str + choices: + - disable + - enable + rate_javascript_urls: + description: + - Enable/disable rating JavaScript by URL. + type: str + choices: + - disable + - enable + https_replacemsg: + description: + - Enable replacement messages for HTTPS. + type: str + choices: + - enable + - disable + inspection_mode: + description: + - Web filtering inspection mode. + type: str + choices: + - proxy + - flow-based + log_all_url: + description: + - Enable/disable logging all URLs visited. + type: str + choices: + - enable + - disable + name: + description: + - Profile name. + required: true + type: str + options: + description: + - Options. + type: str + choices: + - activexfilter + - cookiefilter + - javafilter + - block-invalid-url + - jscript + - js + - vbs + - unknown + - intrinsic + - wf-referer + - wf-cookie + - per-user-bwl + override: + description: + - Web Filter override settings. + type: dict + suboptions: + ovrd_cookie: + description: + - Allow/deny browser-based (cookie) overrides. + type: str + choices: + - allow + - deny + ovrd_dur: + description: + - Override duration. + type: str + ovrd_dur_mode: + description: + - Override duration mode. + type: str + choices: + - constant + - ask + ovrd_scope: + description: + - Override scope. + type: str + choices: + - user + - user-group + - ip + - browser + - ask + ovrd_user_group: + description: + - User groups with permission to use the override. + type: str + suboptions: + name: + description: + - User group name. Source user.group.name. + required: true + type: str + profile: + description: + - Web filter profile with permission to create overrides. + type: list + suboptions: + name: + description: + - Web profile. Source webfilter.profile.name. + required: true + type: str + profile_attribute: + description: + - Profile attribute to retrieve from the RADIUS server. + type: str + choices: + - User-Name + - NAS-IP-Address + - Framed-IP-Address + - Framed-IP-Netmask + - Filter-Id + - Login-IP-Host + - Reply-Message + - Callback-Number + - Callback-Id + - Framed-Route + - Framed-IPX-Network + - Class + - Called-Station-Id + - Calling-Station-Id + - NAS-Identifier + - Proxy-State + - Login-LAT-Service + - Login-LAT-Node + - Login-LAT-Group + - Framed-AppleTalk-Zone + - Acct-Session-Id + - Acct-Multi-Session-Id + profile_type: + description: + - Override profile type. + type: str + choices: + - list + - radius + ovrd_perm: + description: + - Permitted override types. + type: str + choices: + - bannedword-override + - urlfilter-override + - fortiguard-wf-override + - contenttype-check-override + post_action: + description: + - Action taken for HTTP POST traffic. + type: str + choices: + - normal + - block + replacemsg_group: + description: + - Replacement message group. Source system.replacemsg-group.name. + type: str + web: + description: + - Web content filtering settings. + type: dict + suboptions: + blacklist: + description: + - Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. + type: str + choices: + - enable + - disable + bword_table: + description: + - Banned word table ID. Source webfilter.content.id. + type: int + bword_threshold: + description: + - Banned word score threshold. + type: int + content_header_list: + description: + - Content header list. Source webfilter.content-header.id. + type: int + keyword_match: + description: + - Search keywords to log when match is found. + type: str + suboptions: + pattern: + description: + - Pattern/keyword to search for. + required: true + type: str + log_search: + description: + - Enable/disable logging all search phrases. + type: str + choices: + - enable + - disable + safe_search: + description: + - Safe search type. + type: str + choices: + - url + - header + urlfilter_table: + description: + - URL filter table ID. Source webfilter.urlfilter.id. + type: int + whitelist: + description: + - FortiGuard whitelist settings. + type: str + choices: + - exempt-av + - exempt-webcontent + - exempt-activex-java-cookie + - exempt-dlp + - exempt-rangeblock + - extended-log-others + youtube_restrict: + description: + - YouTube EDU filter level. + type: str + choices: + - none + - strict + - moderate + web_content_log: + description: + - Enable/disable logging logging blocked web content. + type: str + choices: + - enable + - disable + web_extended_all_action_log: + description: + - Enable/disable extended any filter action logging for web filtering. + type: str + choices: + - enable + - disable + web_filter_activex_log: + description: + - Enable/disable logging ActiveX. + type: str + choices: + - enable + - disable + web_filter_applet_log: + description: + - Enable/disable logging Java applets. + type: str + choices: + - enable + - disable + web_filter_command_block_log: + description: + - Enable/disable logging blocked commands. + type: str + choices: + - enable + - disable + web_filter_cookie_log: + description: + - Enable/disable logging cookie filtering. + type: str + choices: + - enable + - disable + web_filter_cookie_removal_log: + description: + - Enable/disable logging blocked cookies. + type: str + choices: + - enable + - disable + web_filter_js_log: + description: + - Enable/disable logging Java scripts. + type: str + choices: + - enable + - disable + web_filter_jscript_log: + description: + - Enable/disable logging JScripts. + type: str + choices: + - enable + - disable + web_filter_referer_log: + description: + - Enable/disable logging referrers. + type: str + choices: + - enable + - disable + web_filter_unknown_log: + description: + - Enable/disable logging unknown scripts. + type: str + choices: + - enable + - disable + web_filter_vbs_log: + description: + - Enable/disable logging VBS scripts. + type: str + choices: + - enable + - disable + web_ftgd_err_log: + description: + - Enable/disable logging rating errors. + type: str + choices: + - enable + - disable + web_ftgd_quota_usage: + description: + - Enable/disable logging daily quota usage. + type: str + choices: + - enable + - disable + web_invalid_domain_log: + description: + - Enable/disable logging invalid domain names. + type: str + choices: + - enable + - disable + web_url_log: + description: + - Enable/disable logging URL filtering. + type: str + choices: + - enable + - disable + wisp: + description: + - Enable/disable web proxy WISP. + type: str + choices: + - enable + - disable + wisp_algorithm: + description: + - WISP server selection algorithm. + type: str + choices: + - primary-secondary + - round-robin + - auto-learning + wisp_servers: + description: + - WISP servers. + type: list + suboptions: + name: + description: + - Server name. Source web-proxy.wisp.name. + required: true + type: str + youtube_channel_filter: + description: + - YouTube channel filter. + type: list + suboptions: + channel_id: + description: + - YouTube channel ID to be filtered. + type: str + comment: + description: + - Comment. + type: str + id: + description: + - ID. + required: true + type: int + youtube_channel_status: + description: + - YouTube channel filter status. + type: str + choices: + - disable + - blacklist + - whitelist +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Web filter profiles. + fortios_webfilter_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_profile: + comment: "Optional comments." + extended_log: "enable" + ftgd_wf: + exempt_quota: "" + filters: + - + action: "block" + auth_usr_grp: + - + name: "default_name_10 (source user.group.name)" + category: "11" + id: "12" + log: "enable" + override_replacemsg: "" + warn_duration: "" + warning_duration_type: "session" + warning_prompt: "per-domain" + max_quota_timeout: "18" + options: "error-allow" + ovrd: "" + quota: + - + category: "" + duration: "" + id: "24" + override_replacemsg: "" + type: "time" + unit: "B" + value: "28" + rate_crl_urls: "disable" + rate_css_urls: "disable" + rate_image_urls: "disable" + rate_javascript_urls: "disable" + https_replacemsg: "enable" + inspection_mode: "proxy" + log_all_url: "enable" + name: "default_name_36" + options: "activexfilter" + override: + ovrd_cookie: "allow" + ovrd_dur: "" + ovrd_dur_mode: "constant" + ovrd_scope: "user" + ovrd_user_group: + - + name: "default_name_44 (source user.group.name)" + profile: + - + name: "default_name_46 (source webfilter.profile.name)" + profile_attribute: "User-Name" + profile_type: "list" + ovrd_perm: "bannedword-override" + post_action: "normal" + replacemsg_group: " (source system.replacemsg-group.name)" + web: + blacklist: "enable" + bword_table: "54 (source webfilter.content.id)" + bword_threshold: "55" + content_header_list: "56 (source webfilter.content-header.id)" + keyword_match: + - + pattern: "" + log_search: "enable" + safe_search: "url" + urlfilter_table: "61 (source webfilter.urlfilter.id)" + whitelist: "exempt-av" + youtube_restrict: "none" + web_content_log: "enable" + web_extended_all_action_log: "enable" + web_filter_activex_log: "enable" + web_filter_applet_log: "enable" + web_filter_command_block_log: "enable" + web_filter_cookie_log: "enable" + web_filter_cookie_removal_log: "enable" + web_filter_js_log: "enable" + web_filter_jscript_log: "enable" + web_filter_referer_log: "enable" + web_filter_unknown_log: "enable" + web_filter_vbs_log: "enable" + web_ftgd_err_log: "enable" + web_ftgd_quota_usage: "enable" + web_invalid_domain_log: "enable" + web_url_log: "enable" + wisp: "enable" + wisp_algorithm: "primary-secondary" + wisp_servers: + - + name: "default_name_83 (source web-proxy.wisp.name)" + youtube_channel_filter: + - + channel_id: "" + comment: "Comment." + id: "87" + youtube_channel_status: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_profile_data(json): + option_list = ['comment', 'extended_log', 'ftgd_wf', + 'https_replacemsg', 'inspection_mode', 'log_all_url', + 'name', 'options', 'override', + 'ovrd_perm', 'post_action', 'replacemsg_group', + 'web', 'web_content_log', 'web_extended_all_action_log', + 'web_filter_activex_log', 'web_filter_applet_log', 'web_filter_command_block_log', + 'web_filter_cookie_log', 'web_filter_cookie_removal_log', 'web_filter_js_log', + 'web_filter_jscript_log', 'web_filter_referer_log', 'web_filter_unknown_log', + 'web_filter_vbs_log', 'web_ftgd_err_log', 'web_ftgd_quota_usage', + 'web_invalid_domain_log', 'web_url_log', 'wisp', + 'wisp_algorithm', 'wisp_servers', 'youtube_channel_filter', + 'youtube_channel_status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_profile'] and data['webfilter_profile']['state']: + state = data['webfilter_profile']['state'] + else: + state = True + webfilter_profile_data = data['webfilter_profile'] + filtered_data = underscore_to_hyphen(filter_webfilter_profile_data(webfilter_profile_data)) + + if state == "present": + return fos.set('webfilter', + 'profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_profile']: + resp = webfilter_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "extended_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ftgd_wf": {"required": False, "type": "dict", + "options": { + "exempt_quota": {"required": False, "type": "str"}, + "filters": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["block", + "authenticate", + "monitor", + "warning"]}, + "auth_usr_grp": {"required": False, "type": "str", + "options": { + "name": {"required": True, "type": "str"} + }}, + "category": {"required": False, "type": "int"}, + "id": {"required": True, "type": "int"}, + "log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_replacemsg": {"required": False, "type": "str"}, + "warn_duration": {"required": False, "type": "str"}, + "warning_duration_type": {"required": False, "type": "str", + "choices": ["session", + "timeout"]}, + "warning_prompt": {"required": False, "type": "str", + "choices": ["per-domain", + "per-category"]} + }}, + "max_quota_timeout": {"required": False, "type": "int"}, + "options": {"required": False, "type": "str", + "choices": ["error-allow", + "rate-server-ip", + "connect-request-bypass", + "ftgd-disable"]}, + "ovrd": {"required": False, "type": "str"}, + "quota": {"required": False, "type": "list", + "options": { + "category": {"required": False, "type": "str"}, + "duration": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "override_replacemsg": {"required": False, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["time", + "traffic"]}, + "unit": {"required": False, "type": "str", + "choices": ["B", + "KB", + "MB", + "GB"]}, + "value": {"required": False, "type": "int"} + }}, + "rate_crl_urls": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rate_css_urls": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rate_image_urls": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "rate_javascript_urls": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + }}, + "https_replacemsg": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "inspection_mode": {"required": False, "type": "str", + "choices": ["proxy", + "flow-based"]}, + "log_all_url": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": True, "type": "str"}, + "options": {"required": False, "type": "str", + "choices": ["activexfilter", + "cookiefilter", + "javafilter", + "block-invalid-url", + "jscript", + "js", + "vbs", + "unknown", + "intrinsic", + "wf-referer", + "wf-cookie", + "per-user-bwl"]}, + "override": {"required": False, "type": "dict", + "options": { + "ovrd_cookie": {"required": False, "type": "str", + "choices": ["allow", + "deny"]}, + "ovrd_dur": {"required": False, "type": "str"}, + "ovrd_dur_mode": {"required": False, "type": "str", + "choices": ["constant", + "ask"]}, + "ovrd_scope": {"required": False, "type": "str", + "choices": ["user", + "user-group", + "ip", + "browser", + "ask"]}, + "ovrd_user_group": {"required": False, "type": "str", + "options": { + "name": {"required": True, "type": "str"} + }}, + "profile": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "profile_attribute": {"required": False, "type": "str", + "choices": ["User-Name", + "NAS-IP-Address", + "Framed-IP-Address", + "Framed-IP-Netmask", + "Filter-Id", + "Login-IP-Host", + "Reply-Message", + "Callback-Number", + "Callback-Id", + "Framed-Route", + "Framed-IPX-Network", + "Class", + "Called-Station-Id", + "Calling-Station-Id", + "NAS-Identifier", + "Proxy-State", + "Login-LAT-Service", + "Login-LAT-Node", + "Login-LAT-Group", + "Framed-AppleTalk-Zone", + "Acct-Session-Id", + "Acct-Multi-Session-Id"]}, + "profile_type": {"required": False, "type": "str", + "choices": ["list", + "radius"]} + }}, + "ovrd_perm": {"required": False, "type": "str", + "choices": ["bannedword-override", + "urlfilter-override", + "fortiguard-wf-override", + "contenttype-check-override"]}, + "post_action": {"required": False, "type": "str", + "choices": ["normal", + "block"]}, + "replacemsg_group": {"required": False, "type": "str"}, + "web": {"required": False, "type": "dict", + "options": { + "blacklist": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bword_table": {"required": False, "type": "int"}, + "bword_threshold": {"required": False, "type": "int"}, + "content_header_list": {"required": False, "type": "int"}, + "keyword_match": {"required": False, "type": "str", + "options": { + "pattern": {"required": True, "type": "str"} + }}, + "log_search": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "safe_search": {"required": False, "type": "str", + "choices": ["url", + "header"]}, + "urlfilter_table": {"required": False, "type": "int"}, + "whitelist": {"required": False, "type": "str", + "choices": ["exempt-av", + "exempt-webcontent", + "exempt-activex-java-cookie", + "exempt-dlp", + "exempt-rangeblock", + "extended-log-others"]}, + "youtube_restrict": {"required": False, "type": "str", + "choices": ["none", + "strict", + "moderate"]} + }}, + "web_content_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_extended_all_action_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_activex_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_applet_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_command_block_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_cookie_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_cookie_removal_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_js_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_jscript_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_referer_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_unknown_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_filter_vbs_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_ftgd_err_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_ftgd_quota_usage": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_invalid_domain_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "web_url_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wisp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wisp_algorithm": {"required": False, "type": "str", + "choices": ["primary-secondary", + "round-robin", + "auto-learning"]}, + "wisp_servers": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "youtube_channel_filter": {"required": False, "type": "list", + "options": { + "channel_id": {"required": False, "type": "str"}, + "comment": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "youtube_channel_status": {"required": False, "type": "str", + "choices": ["disable", + "blacklist", + "whitelist"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_search_engine.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_search_engine.py new file mode 100644 index 00000000..d6806e41 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_search_engine.py @@ -0,0 +1,352 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_search_engine +short_description: Configure web filter search engines in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and search_engine category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_search_engine: + description: + - Configure web filter search engines. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + charset: + description: + - Search engine charset. + type: str + choices: + - utf-8 + - gb2312 + hostname: + description: + - Hostname (regular expression). + type: str + name: + description: + - Search engine name. + required: true + type: str + query: + description: + - Code used to prefix a query (must end with an equals character). + type: str + safesearch: + description: + - Safe search method. You can disable safe search, add the safe search string to URLs, or insert a safe search header. + type: str + choices: + - disable + - url + - header + safesearch_str: + description: + - Safe search parameter used in the URL. + type: str + url: + description: + - URL (regular expression). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure web filter search engines. + fortios_webfilter_search_engine: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_search_engine: + charset: "utf-8" + hostname: "myhostname" + name: "default_name_5" + query: "" + safesearch: "disable" + safesearch_str: "" + url: "myurl.com" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_search_engine_data(json): + option_list = ['charset', 'hostname', 'name', + 'query', 'safesearch', 'safesearch_str', + 'url'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_search_engine(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_search_engine'] and data['webfilter_search_engine']['state']: + state = data['webfilter_search_engine']['state'] + else: + state = True + webfilter_search_engine_data = data['webfilter_search_engine'] + filtered_data = underscore_to_hyphen(filter_webfilter_search_engine_data(webfilter_search_engine_data)) + + if state == "present": + return fos.set('webfilter', + 'search-engine', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'search-engine', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_search_engine']: + resp = webfilter_search_engine(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_search_engine')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_search_engine": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "charset": {"required": False, "type": "str", + "choices": ["utf-8", + "gb2312"]}, + "hostname": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "query": {"required": False, "type": "str"}, + "safesearch": {"required": False, "type": "str", + "choices": ["disable", + "url", + "header"]}, + "safesearch_str": {"required": False, "type": "str"}, + "url": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_urlfilter.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_urlfilter.py new file mode 100644 index 00000000..a7730c1a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_webfilter_urlfilter.py @@ -0,0 +1,447 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_webfilter_urlfilter +short_description: Configure URL filter lists in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify webfilter feature and urlfilter category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + webfilter_urlfilter: + description: + - Configure URL filter lists. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + comment: + description: + - Optional comments. + type: str + entries: + description: + - URL filter entries. + type: list + suboptions: + action: + description: + - Action to take for URL filter matches. + type: str + choices: + - exempt + - block + - allow + - monitor + dns_address_family: + description: + - Resolve IPv4 address, IPv6 address, or both from DNS server. + type: str + choices: + - ipv4 + - ipv6 + - both + exempt: + description: + - If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space. + type: str + choices: + - av + - web-content + - activex-java-cookie + - dlp + - fortiguard + - range-block + - pass + - all + id: + description: + - Id. + required: true + type: int + referrer_host: + description: + - Referrer host name. + type: str + status: + description: + - Enable/disable this URL filter. + type: str + choices: + - enable + - disable + type: + description: + - Filter type (simple, regex, or wildcard). + type: str + choices: + - simple + - regex + - wildcard + url: + description: + - URL to be filtered. + type: str + web_proxy_profile: + description: + - Web proxy profile. Source web-proxy.profile.name. + type: str + id: + description: + - ID. + required: true + type: int + ip_addr_block: + description: + - Enable/disable blocking URLs when the hostname appears as an IP address. + type: str + choices: + - enable + - disable + name: + description: + - Name of URL filter list. + type: str + one_arm_ips_urlfilter: + description: + - Enable/disable DNS resolver for one-arm IPS URL filter operation. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure URL filter lists. + fortios_webfilter_urlfilter: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + webfilter_urlfilter: + comment: "Optional comments." + entries: + - + action: "exempt" + dns_address_family: "ipv4" + exempt: "av" + id: "8" + referrer_host: "myhostname" + status: "enable" + type: "simple" + url: "myurl.com" + web_proxy_profile: " (source web-proxy.profile.name)" + id: "14" + ip_addr_block: "enable" + name: "default_name_16" + one_arm_ips_urlfilter: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_webfilter_urlfilter_data(json): + option_list = ['comment', 'entries', 'id', + 'ip_addr_block', 'name', 'one_arm_ips_urlfilter'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def webfilter_urlfilter(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['webfilter_urlfilter'] and data['webfilter_urlfilter']['state']: + state = data['webfilter_urlfilter']['state'] + else: + state = True + webfilter_urlfilter_data = data['webfilter_urlfilter'] + filtered_data = underscore_to_hyphen(filter_webfilter_urlfilter_data(webfilter_urlfilter_data)) + + if state == "present": + return fos.set('webfilter', + 'urlfilter', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('webfilter', + 'urlfilter', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_webfilter(data, fos): + + if data['webfilter_urlfilter']: + resp = webfilter_urlfilter(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('webfilter_urlfilter')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "webfilter_urlfilter": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "comment": {"required": False, "type": "str"}, + "entries": {"required": False, "type": "list", + "options": { + "action": {"required": False, "type": "str", + "choices": ["exempt", + "block", + "allow", + "monitor"]}, + "dns_address_family": {"required": False, "type": "str", + "choices": ["ipv4", + "ipv6", + "both"]}, + "exempt": {"required": False, "type": "str", + "choices": ["av", + "web-content", + "activex-java-cookie", + "dlp", + "fortiguard", + "range-block", + "pass", + "all"]}, + "id": {"required": True, "type": "int"}, + "referrer_host": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "type": {"required": False, "type": "str", + "choices": ["simple", + "regex", + "wildcard"]}, + "url": {"required": False, "type": "str"}, + "web_proxy_profile": {"required": False, "type": "str"} + }}, + "id": {"required": True, "type": "int"}, + "ip_addr_block": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "name": {"required": False, "type": "str"}, + "one_arm_ips_urlfilter": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_webfilter(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ap_status.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ap_status.py new file mode 100644 index 00000000..1e9a04f4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ap_status.py @@ -0,0 +1,307 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_ap_status +short_description: Configure access point status (rogue | accepted | suppressed) in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and ap_status category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_ap_status: + description: + - Configure access point status (rogue | accepted | suppressed). + default: null + type: dict + suboptions: + bssid: + description: + - Access Point"s (AP"s) BSSID. + type: str + id: + description: + - AP ID. + required: true + type: int + ssid: + description: + - Access Point"s (AP"s) SSID. + type: str + status: + description: + - 'Access Point"s (AP"s) status: rogue, accepted, or supressed.' + type: str + choices: + - rogue + - accepted + - suppressed +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure access point status (rogue | accepted | suppressed). + fortios_wireless_controller_ap_status: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_ap_status: + bssid: "" + id: "4" + ssid: "" + status: "rogue" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_ap_status_data(json): + option_list = ['bssid', 'id', 'ssid', + 'status'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_ap_status(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_ap_status_data = data['wireless_controller_ap_status'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_ap_status_data(wireless_controller_ap_status_data)) + + if state == "present": + return fos.set('wireless-controller', + 'ap-status', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'ap-status', + mkey=filtered_data['id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_ap_status']: + resp = wireless_controller_ap_status(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_ap_status')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_ap_status": { + "required": False, "type": "dict", "default": None, + "options": { + "bssid": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"}, + "ssid": {"required": False, "type": "str"}, + "status": {"required": False, "type": "str", + "choices": ["rogue", + "accepted", + "suppressed"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ble_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ble_profile.py new file mode 100644 index 00000000..3404b134 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_ble_profile.py @@ -0,0 +1,396 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_ble_profile +short_description: Configure Bluetooth Low Energy profile in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and ble_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_ble_profile: + description: + - Configure Bluetooth Low Energy profile. + default: null + type: dict + suboptions: + advertising: + description: + - Advertising type. + type: str + choices: + - ibeacon + - eddystone-uid + - eddystone-url + beacon_interval: + description: + - Beacon interval . + type: int + ble_scanning: + description: + - Enable/disable Bluetooth Low Energy (BLE) scanning. + type: str + choices: + - enable + - disable + comment: + description: + - Comment. + type: str + eddystone_instance: + description: + - Eddystone instance ID. + type: str + eddystone_namespace: + description: + - Eddystone namespace ID. + type: str + eddystone_url: + description: + - Eddystone URL. + type: str + eddystone_url_encode_hex: + description: + - Eddystone encoded URL hexadecimal string + type: str + ibeacon_uuid: + description: + - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). + type: str + major_id: + description: + - Major ID. + type: int + minor_id: + description: + - Minor ID. + type: int + name: + description: + - Bluetooth Low Energy profile name. + required: true + type: str + txpower: + description: + - Transmit power level . + type: str + choices: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 + - 10 + - 11 + - 12 +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Bluetooth Low Energy profile. + fortios_wireless_controller_ble_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_ble_profile: + advertising: "ibeacon" + beacon_interval: "4" + ble_scanning: "enable" + comment: "Comment." + eddystone_instance: "" + eddystone_namespace: "" + eddystone_url: "" + eddystone_url_encode_hex: "" + ibeacon_uuid: "" + major_id: "12" + minor_id: "13" + name: "default_name_14" + txpower: "0" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_ble_profile_data(json): + option_list = ['advertising', 'beacon_interval', 'ble_scanning', + 'comment', 'eddystone_instance', 'eddystone_namespace', + 'eddystone_url', 'eddystone_url_encode_hex', 'ibeacon_uuid', + 'major_id', 'minor_id', 'name', + 'txpower'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_ble_profile(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_ble_profile_data = data['wireless_controller_ble_profile'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_ble_profile_data(wireless_controller_ble_profile_data)) + + if state == "present": + return fos.set('wireless-controller', + 'ble-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'ble-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_ble_profile']: + resp = wireless_controller_ble_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_ble_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_ble_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "advertising": {"required": False, "type": "str", + "choices": ["ibeacon", + "eddystone-uid", + "eddystone-url"]}, + "beacon_interval": {"required": False, "type": "int"}, + "ble_scanning": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comment": {"required": False, "type": "str"}, + "eddystone_instance": {"required": False, "type": "str"}, + "eddystone_namespace": {"required": False, "type": "str"}, + "eddystone_url": {"required": False, "type": "str"}, + "eddystone_url_encode_hex": {"required": False, "type": "str"}, + "ibeacon_uuid": {"required": False, "type": "str"}, + "major_id": {"required": False, "type": "int"}, + "minor_id": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "txpower": {"required": False, "type": "str", + "choices": ["0", + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_bonjour_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_bonjour_profile.py new file mode 100644 index 00000000..0b67d665 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_bonjour_profile.py @@ -0,0 +1,355 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_bonjour_profile +short_description: Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect + to networks using Bonjour in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and bonjour_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_bonjour_profile: + description: + - Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to + networks using Bonjour. + default: null + type: dict + suboptions: + comment: + description: + - Comment. + type: str + name: + description: + - Bonjour profile name. + required: true + type: str + policy_list: + description: + - Bonjour policy list. + type: list + suboptions: + description: + description: + - Description. + type: str + from_vlan: + description: + - VLAN ID from which the Bonjour service is advertised (0 - 4094). + type: str + policy_id: + description: + - Policy ID. + type: int + services: + description: + - Bonjour services for the VLAN connecting to the Bonjour network. + type: str + choices: + - all + - airplay + - afp + - bit-torrent + - ftp + - ichat + - itunes + - printers + - samba + - scanners + - ssh + - chromecast + to_vlan: + description: + - VLAN ID to which the Bonjour service is made available (0 - 4094). + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to + networks using Bonjour. + fortios_wireless_controller_bonjour_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_bonjour_profile: + comment: "Comment." + name: "default_name_4" + policy_list: + - + description: "" + from_vlan: "" + policy_id: "8" + services: "all" + to_vlan: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_bonjour_profile_data(json): + option_list = ['comment', 'name', 'policy_list'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_bonjour_profile(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_bonjour_profile_data = data['wireless_controller_bonjour_profile'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_bonjour_profile_data(wireless_controller_bonjour_profile_data)) + + if state == "present": + return fos.set('wireless-controller', + 'bonjour-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'bonjour-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_bonjour_profile']: + resp = wireless_controller_bonjour_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_bonjour_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_bonjour_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "policy_list": {"required": False, "type": "list", + "options": { + "description": {"required": False, "type": "str"}, + "from_vlan": {"required": False, "type": "str"}, + "policy_id": {"required": False, "type": "int"}, + "services": {"required": False, "type": "str", + "choices": ["all", + "airplay", + "afp", + "bit-torrent", + "ftp", + "ichat", + "itunes", + "printers", + "samba", + "scanners", + "ssh", + "chromecast"]}, + "to_vlan": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_global.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_global.py new file mode 100644 index 00000000..0df02302 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_global.py @@ -0,0 +1,399 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_global +short_description: Configure wireless controller global settings in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and global category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wireless_controller_global: + description: + - Configure wireless controller global settings. + default: null + type: dict + suboptions: + ap_log_server: + description: + - Enable/disable configuring APs or FortiAPs to send log messages to a syslog server . + type: str + choices: + - enable + - disable + ap_log_server_ip: + description: + - IP address that APs or FortiAPs send log messages to. + type: str + ap_log_server_port: + description: + - Port that APs or FortiAPs send log messages to. + type: int + control_message_offload: + description: + - Configure CAPWAP control message data channel offload. + type: str + choices: + - ebp-frame + - aeroscout-tag + - ap-list + - sta-list + - sta-cap-list + - stats + - aeroscout-mu + data_ethernet_II: + description: + - Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode . + type: str + choices: + - enable + - disable + discovery_mc_addr: + description: + - Multicast IP address for AP discovery . + type: str + fiapp_eth_type: + description: + - Ethernet type for Fortinet Inter-Access Point Protocol (IAPP), or IEEE 802.11f, packets (0 - 65535). + type: int + image_download: + description: + - Enable/disable WTP image download at join time. + type: str + choices: + - enable + - disable + ipsec_base_ip: + description: + - Base IP address for IPsec VPN tunnels between the access points and the wireless controller . + type: str + link_aggregation: + description: + - Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes . + type: str + choices: + - enable + - disable + location: + description: + - Description of the location of the wireless controller. + type: str + max_clients: + description: + - Maximum number of clients that can connect simultaneously . + type: int + max_retransmit: + description: + - Maximum number of tunnel packet retransmissions (0 - 64). + type: int + mesh_eth_type: + description: + - Mesh Ethernet identifier included in backhaul packets (0 - 65535). + type: int + name: + description: + - Name of the wireless controller. + type: str + rogue_scan_mac_adjacency: + description: + - Maximum numerical difference between an AP"s Ethernet and wireless MAC values to match for rogue detection (0 - 31). + type: int + wtp_share: + description: + - Enable/disable sharing of WTPs between VDOMs. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure wireless controller global settings. + fortios_wireless_controller_global: + vdom: "{{ vdom }}" + wireless_controller_global: + ap_log_server: "enable" + ap_log_server_ip: "" + ap_log_server_port: "5" + control_message_offload: "ebp-frame" + data_ethernet_II: "enable" + discovery_mc_addr: "" + fiapp_eth_type: "9" + image_download: "enable" + ipsec_base_ip: "" + link_aggregation: "enable" + location: "" + max_clients: "14" + max_retransmit: "15" + mesh_eth_type: "16" + name: "default_name_17" + rogue_scan_mac_adjacency: "18" + wtp_share: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_global_data(json): + option_list = ['ap_log_server', 'ap_log_server_ip', 'ap_log_server_port', + 'control_message_offload', 'data_ethernet_II', 'discovery_mc_addr', + 'fiapp_eth_type', 'image_download', 'ipsec_base_ip', + 'link_aggregation', 'location', 'max_clients', + 'max_retransmit', 'mesh_eth_type', 'name', + 'rogue_scan_mac_adjacency', 'wtp_share'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_global(data, fos): + vdom = data['vdom'] + wireless_controller_global_data = data['wireless_controller_global'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_global_data(wireless_controller_global_data)) + + return fos.set('wireless-controller', + 'global', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_global']: + resp = wireless_controller_global(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_global')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wireless_controller_global": { + "required": False, "type": "dict", "default": None, + "options": { + "ap_log_server": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_log_server_ip": {"required": False, "type": "str"}, + "ap_log_server_port": {"required": False, "type": "int"}, + "control_message_offload": {"required": False, "type": "str", + "choices": ["ebp-frame", + "aeroscout-tag", + "ap-list", + "sta-list", + "sta-cap-list", + "stats", + "aeroscout-mu"]}, + "data_ethernet_II": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "discovery_mc_addr": {"required": False, "type": "str"}, + "fiapp_eth_type": {"required": False, "type": "int"}, + "image_download": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ipsec_base_ip": {"required": False, "type": "str"}, + "link_aggregation": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "location": {"required": False, "type": "str"}, + "max_clients": {"required": False, "type": "int"}, + "max_retransmit": {"required": False, "type": "int"}, + "mesh_eth_type": {"required": False, "type": "int"}, + "name": {"required": False, "type": "str"}, + "rogue_scan_mac_adjacency": {"required": False, "type": "int"}, + "wtp_share": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py new file mode 100644 index 00000000..39a61d89 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py @@ -0,0 +1,310 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_anqp_3gpp_cellular +short_description: Configure 3GPP public land mobile network (PLMN) in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and anqp_3gpp_cellular category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_anqp_3gpp_cellular: + description: + - Configure 3GPP public land mobile network (PLMN). + default: null + type: dict + suboptions: + mcc_mnc_list: + description: + - Mobile Country Code and Mobile Network Code configuration. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + mcc: + description: + - Mobile country code. + type: str + mnc: + description: + - Mobile network code. + type: str + name: + description: + - 3GPP PLMN name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure 3GPP public land mobile network (PLMN). + fortios_wireless_controller_hotspot20_anqp_3gpp_cellular: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_3gpp_cellular: + mcc_mnc_list: + - + id: "4" + mcc: "" + mnc: "" + name: "default_name_7" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_anqp_3gpp_cellular_data(json): + option_list = ['mcc_mnc_list', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_anqp_3gpp_cellular(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_anqp_3gpp_cellular_data = data['wireless_controller_hotspot20_anqp_3gpp_cellular'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_3gpp_cellular_data(wireless_controller_hotspot20_anqp_3gpp_cellular_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'anqp-3gpp-cellular', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'anqp-3gpp-cellular', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_anqp_3gpp_cellular']: + resp = wireless_controller_hotspot20_anqp_3gpp_cellular(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_anqp_3gpp_cellular')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_anqp_3gpp_cellular": { + "required": False, "type": "dict", "default": None, + "options": { + "mcc_mnc_list": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "mcc": {"required": False, "type": "str"}, + "mnc": {"required": False, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py new file mode 100644 index 00000000..e30502e0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py @@ -0,0 +1,318 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_anqp_ip_address_type +short_description: Configure IP address type availability in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and anqp_ip_address_type category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_anqp_ip_address_type: + description: + - Configure IP address type availability. + default: null + type: dict + suboptions: + ipv4_address_type: + description: + - IPv4 address type. + type: str + choices: + - not-available + - public + - port-restricted + - single-NATed-private + - double-NATed-private + - port-restricted-and-single-NATed + - port-restricted-and-double-NATed + - not-known + ipv6_address_type: + description: + - IPv6 address type. + type: str + choices: + - not-available + - available + - not-known + name: + description: + - IP type name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure IP address type availability. + fortios_wireless_controller_hotspot20_anqp_ip_address_type: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_ip_address_type: + ipv4_address_type: "not-available" + ipv6_address_type: "not-available" + name: "default_name_5" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_anqp_ip_address_type_data(json): + option_list = ['ipv4_address_type', 'ipv6_address_type', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_anqp_ip_address_type(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_anqp_ip_address_type_data = data['wireless_controller_hotspot20_anqp_ip_address_type'] + filtered_data = \ + underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_ip_address_type_data(wireless_controller_hotspot20_anqp_ip_address_type_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'anqp-ip-address-type', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'anqp-ip-address-type', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_anqp_ip_address_type']: + resp = wireless_controller_hotspot20_anqp_ip_address_type(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_anqp_ip_address_type')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_anqp_ip_address_type": { + "required": False, "type": "dict", "default": None, + "options": { + "ipv4_address_type": {"required": False, "type": "str", + "choices": ["not-available", + "public", + "port-restricted", + "single-NATed-private", + "double-NATed-private", + "port-restricted-and-single-NATed", + "port-restricted-and-double-NATed", + "not-known"]}, + "ipv6_address_type": {"required": False, "type": "str", + "choices": ["not-available", + "available", + "not-known"]}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_nai_realm.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_nai_realm.py new file mode 100644 index 00000000..7e296343 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_nai_realm.py @@ -0,0 +1,454 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_anqp_nai_realm +short_description: Configure network access identifier (NAI) realm in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and anqp_nai_realm category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_anqp_nai_realm: + description: + - Configure network access identifier (NAI) realm. + default: null + type: dict + suboptions: + nai_list: + description: + - NAI list. + type: list + suboptions: + eap_method: + description: + - EAP Methods. + type: list + suboptions: + auth_param: + description: + - EAP auth param. + type: str + suboptions: + id: + description: + - ID of authentication parameter. + type: str + choices: + - non-eap-inner-auth + - inner-auth-eap + - credential + - tunneled-credential + index: + description: + - Param index. + required: true + type: int + val: + description: + - Value of authentication parameter. + type: str + choices: + - eap-identity + - eap-md5 + - eap-tls + - eap-ttls + - eap-peap + - eap-sim + - eap-aka + - eap-aka-prime + - non-eap-pap + - non-eap-chap + - non-eap-mschap + - non-eap-mschapv2 + - cred-sim + - cred-usim + - cred-nfc + - cred-hardware-token + - cred-softoken + - cred-certificate + - cred-user-pwd + - cred-none + - cred-vendor-specific + - tun-cred-sim + - tun-cred-usim + - tun-cred-nfc + - tun-cred-hardware-token + - tun-cred-softoken + - tun-cred-certificate + - tun-cred-user-pwd + - tun-cred-anonymous + - tun-cred-vendor-specific + index: + description: + - EAP method index. + required: true + type: int + method: + description: + - EAP method type. + type: str + choices: + - eap-identity + - eap-md5 + - eap-tls + - eap-ttls + - eap-peap + - eap-sim + - eap-aka + - eap-aka-prime + encoding: + description: + - Enable/disable format in accordance with IETF RFC 4282. + type: str + choices: + - disable + - enable + nai_realm: + description: + - Configure NAI realms (delimited by a semi-colon character). + type: str + name: + description: + - NAI realm name. + required: true + type: str + name: + description: + - NAI realm list name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network access identifier (NAI) realm. + fortios_wireless_controller_hotspot20_anqp_nai_realm: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_nai_realm: + nai_list: + - + eap_method: + - + auth_param: + - + id: "6" + index: "7" + val: "eap-identity" + index: "9" + method: "eap-identity" + encoding: "disable" + nai_realm: "" + name: "default_name_13" + name: "default_name_14" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_anqp_nai_realm_data(json): + option_list = ['nai_list', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_anqp_nai_realm(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_anqp_nai_realm_data = data['wireless_controller_hotspot20_anqp_nai_realm'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_nai_realm_data(wireless_controller_hotspot20_anqp_nai_realm_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'anqp-nai-realm', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'anqp-nai-realm', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_anqp_nai_realm']: + resp = wireless_controller_hotspot20_anqp_nai_realm(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_anqp_nai_realm')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_anqp_nai_realm": { + "required": False, "type": "dict", "default": None, + "options": { + "nai_list": {"required": False, "type": "list", + "options": { + "eap_method": {"required": False, "type": "list", + "options": { + "auth_param": {"required": False, "type": "str", + "options": { + "id": {"required": False, "type": "str", + "choices": ["non-eap-inner-auth", + "inner-auth-eap", + "credential", + "tunneled-credential"]}, + "index": {"required": True, "type": "int"}, + "val": {"required": False, "type": "str", + "choices": ["eap-identity", + "eap-md5", + "eap-tls", + "eap-ttls", + "eap-peap", + "eap-sim", + "eap-aka", + "eap-aka-prime", + "non-eap-pap", + "non-eap-chap", + "non-eap-mschap", + "non-eap-mschapv2", + "cred-sim", + "cred-usim", + "cred-nfc", + "cred-hardware-token", + "cred-softoken", + "cred-certificate", + "cred-user-pwd", + "cred-none", + "cred-vendor-specific", + "tun-cred-sim", + "tun-cred-usim", + "tun-cred-nfc", + "tun-cred-hardware-token", + "tun-cred-softoken", + "tun-cred-certificate", + "tun-cred-user-pwd", + "tun-cred-anonymous", + "tun-cred-vendor-specific"]} + }}, + "index": {"required": True, "type": "int"}, + "method": {"required": False, "type": "str", + "choices": ["eap-identity", + "eap-md5", + "eap-tls", + "eap-ttls", + "eap-peap", + "eap-sim", + "eap-aka", + "eap-aka-prime"]} + }}, + "encoding": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "nai_realm": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py new file mode 100644 index 00000000..58675175 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py @@ -0,0 +1,303 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_anqp_network_auth_type +short_description: Configure network authentication type in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and anqp_network_auth_type category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_anqp_network_auth_type: + description: + - Configure network authentication type. + default: null + type: dict + suboptions: + auth_type: + description: + - Network authentication type. + type: str + choices: + - acceptance-of-terms + - online-enrollment + - http-redirection + - dns-redirection + name: + description: + - Authentication type name. + required: true + type: str + url: + description: + - Redirect URL. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure network authentication type. + fortios_wireless_controller_hotspot20_anqp_network_auth_type: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_network_auth_type: + auth_type: "acceptance-of-terms" + name: "default_name_4" + url: "myurl.com" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_anqp_network_auth_type_data(json): + option_list = ['auth_type', 'name', 'url'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_anqp_network_auth_type(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_anqp_network_auth_type_data = data['wireless_controller_hotspot20_anqp_network_auth_type'] + filtered_data = \ + underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_network_auth_type_data(wireless_controller_hotspot20_anqp_network_auth_type_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'anqp-network-auth-type', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'anqp-network-auth-type', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_anqp_network_auth_type']: + resp = wireless_controller_hotspot20_anqp_network_auth_type(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_anqp_network_auth_type')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_anqp_network_auth_type": { + "required": False, "type": "dict", "default": None, + "options": { + "auth_type": {"required": False, "type": "str", + "choices": ["acceptance-of-terms", + "online-enrollment", + "http-redirection", + "dns-redirection"]}, + "name": {"required": True, "type": "str"}, + "url": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py new file mode 100644 index 00000000..da02a105 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py @@ -0,0 +1,311 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_anqp_roaming_consortium +short_description: Configure roaming consortium in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and anqp_roaming_consortium category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_anqp_roaming_consortium: + description: + - Configure roaming consortium. + default: null + type: dict + suboptions: + name: + description: + - Roaming consortium name. + required: true + type: str + oi_list: + description: + - Organization identifier list. + type: list + suboptions: + comment: + description: + - Comment. + type: str + index: + description: + - OI index. + required: true + type: int + oi: + description: + - Organization identifier. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure roaming consortium. + fortios_wireless_controller_hotspot20_anqp_roaming_consortium: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_roaming_consortium: + name: "default_name_3" + oi_list: + - + comment: "Comment." + index: "6" + oi: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_anqp_roaming_consortium_data(json): + option_list = ['name', 'oi_list'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_anqp_roaming_consortium(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_anqp_roaming_consortium_data = data['wireless_controller_hotspot20_anqp_roaming_consortium'] + filtered_data = \ + underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_roaming_consortium_data(wireless_controller_hotspot20_anqp_roaming_consortium_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'anqp-roaming-consortium', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'anqp-roaming-consortium', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_anqp_roaming_consortium']: + resp = wireless_controller_hotspot20_anqp_roaming_consortium(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_anqp_roaming_consortium')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_anqp_roaming_consortium": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "oi_list": {"required": False, "type": "list", + "options": { + "comment": {"required": False, "type": "str"}, + "index": {"required": True, "type": "int"}, + "oi": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_venue_name.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_venue_name.py new file mode 100644 index 00000000..6b3e803a --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_anqp_venue_name.py @@ -0,0 +1,310 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_anqp_venue_name +short_description: Configure venue name duple in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and anqp_venue_name category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_anqp_venue_name: + description: + - Configure venue name duple. + default: null + type: dict + suboptions: + name: + description: + - Name of venue name duple. + required: true + type: str + value_list: + description: + - Name list. + type: list + suboptions: + index: + description: + - Value index. + required: true + type: int + lang: + description: + - Language code. + type: str + value: + description: + - Venue name value. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure venue name duple. + fortios_wireless_controller_hotspot20_anqp_venue_name: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_anqp_venue_name: + name: "default_name_3" + value_list: + - + index: "5" + lang: "" + value: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_anqp_venue_name_data(json): + option_list = ['name', 'value_list'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_anqp_venue_name(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_anqp_venue_name_data = data['wireless_controller_hotspot20_anqp_venue_name'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_venue_name_data(wireless_controller_hotspot20_anqp_venue_name_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'anqp-venue-name', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'anqp-venue-name', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_anqp_venue_name']: + resp = wireless_controller_hotspot20_anqp_venue_name(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_anqp_venue_name')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_anqp_venue_name": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "value_list": {"required": False, "type": "list", + "options": { + "index": {"required": True, "type": "int"}, + "lang": {"required": False, "type": "str"}, + "value": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py new file mode 100644 index 00000000..0066b668 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py @@ -0,0 +1,428 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_h2qp_conn_capability +short_description: Configure connection capability in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and h2qp_conn_capability category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_h2qp_conn_capability: + description: + - Configure connection capability. + default: null + type: dict + suboptions: + esp_port: + description: + - Set ESP port service (used by IPsec VPNs) status. + type: str + choices: + - closed + - open + - unknown + ftp_port: + description: + - Set FTP port service status. + type: str + choices: + - closed + - open + - unknown + http_port: + description: + - Set HTTP port service status. + type: str + choices: + - closed + - open + - unknown + icmp_port: + description: + - Set ICMP port service status. + type: str + choices: + - closed + - open + - unknown + ikev2_port: + description: + - Set IKEv2 port service for IPsec VPN status. + type: str + choices: + - closed + - open + - unknown + ikev2_xx_port: + description: + - Set UDP port 4500 (which may be used by IKEv2 for IPsec VPN) service status. + type: str + choices: + - closed + - open + - unknown + name: + description: + - Connection capability name. + required: true + type: str + pptp_vpn_port: + description: + - Set Point to Point Tunneling Protocol (PPTP) VPN port service status. + type: str + choices: + - closed + - open + - unknown + ssh_port: + description: + - Set SSH port service status. + type: str + choices: + - closed + - open + - unknown + tls_port: + description: + - Set TLS VPN (HTTPS) port service status. + type: str + choices: + - closed + - open + - unknown + voip_tcp_port: + description: + - Set VoIP TCP port service status. + type: str + choices: + - closed + - open + - unknown + voip_udp_port: + description: + - Set VoIP UDP port service status. + type: str + choices: + - closed + - open + - unknown +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure connection capability. + fortios_wireless_controller_hotspot20_h2qp_conn_capability: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_conn_capability: + esp_port: "closed" + ftp_port: "closed" + http_port: "closed" + icmp_port: "closed" + ikev2_port: "closed" + ikev2_xx_port: "closed" + name: "default_name_9" + pptp_vpn_port: "closed" + ssh_port: "closed" + tls_port: "closed" + voip_tcp_port: "closed" + voip_udp_port: "closed" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_h2qp_conn_capability_data(json): + option_list = ['esp_port', 'ftp_port', 'http_port', + 'icmp_port', 'ikev2_port', 'ikev2_xx_port', + 'name', 'pptp_vpn_port', 'ssh_port', + 'tls_port', 'voip_tcp_port', 'voip_udp_port'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_h2qp_conn_capability(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_h2qp_conn_capability_data = data['wireless_controller_hotspot20_h2qp_conn_capability'] + filtered_data = \ + underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_conn_capability_data(wireless_controller_hotspot20_h2qp_conn_capability_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'h2qp-conn-capability', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'h2qp-conn-capability', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_h2qp_conn_capability']: + resp = wireless_controller_hotspot20_h2qp_conn_capability(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_h2qp_conn_capability')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_h2qp_conn_capability": { + "required": False, "type": "dict", "default": None, + "options": { + "esp_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "ftp_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "http_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "icmp_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "ikev2_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "ikev2_xx_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "name": {"required": True, "type": "str"}, + "pptp_vpn_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "ssh_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "tls_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "voip_tcp_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]}, + "voip_udp_port": {"required": False, "type": "str", + "choices": ["closed", + "open", + "unknown"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_operator_name.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_operator_name.py new file mode 100644 index 00000000..3f28b9de --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_operator_name.py @@ -0,0 +1,310 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_h2qp_operator_name +short_description: Configure operator friendly name in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and h2qp_operator_name category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_h2qp_operator_name: + description: + - Configure operator friendly name. + default: null + type: dict + suboptions: + name: + description: + - Friendly name ID. + required: true + type: str + value_list: + description: + - Name list. + type: list + suboptions: + index: + description: + - Value index. + required: true + type: int + lang: + description: + - Language code. + type: str + value: + description: + - Friendly name value. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure operator friendly name. + fortios_wireless_controller_hotspot20_h2qp_operator_name: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_operator_name: + name: "default_name_3" + value_list: + - + index: "5" + lang: "" + value: "" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_h2qp_operator_name_data(json): + option_list = ['name', 'value_list'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_h2qp_operator_name(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_h2qp_operator_name_data = data['wireless_controller_hotspot20_h2qp_operator_name'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_operator_name_data(wireless_controller_hotspot20_h2qp_operator_name_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'h2qp-operator-name', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'h2qp-operator-name', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_h2qp_operator_name']: + resp = wireless_controller_hotspot20_h2qp_operator_name(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_h2qp_operator_name')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_h2qp_operator_name": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "value_list": {"required": False, "type": "list", + "options": { + "index": {"required": True, "type": "int"}, + "lang": {"required": False, "type": "str"}, + "value": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py new file mode 100644 index 00000000..329fd5d4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py @@ -0,0 +1,371 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_h2qp_osu_provider +short_description: Configure online sign up (OSU) provider list in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and h2qp_osu_provider category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_h2qp_osu_provider: + description: + - Configure online sign up (OSU) provider list. + default: null + type: dict + suboptions: + friendly_name: + description: + - OSU provider friendly name. + type: list + suboptions: + friendly_name: + description: + - OSU provider friendly name. + type: str + index: + description: + - OSU provider friendly name index. + required: true + type: int + lang: + description: + - Language code. + type: str + icon: + description: + - OSU provider icon. Source wireless-controller.hotspot20.icon.name. + type: str + name: + description: + - OSU provider ID. + required: true + type: str + osu_method: + description: + - OSU method list. + type: str + choices: + - oma-dm + - soap-xml-spp + - reserved + osu_nai: + description: + - OSU NAI. + type: str + server_uri: + description: + - Server URI. + type: str + service_description: + description: + - OSU service name. + type: list + suboptions: + lang: + description: + - Language code. + type: str + service_description: + description: + - Service description. + type: str + service_id: + description: + - OSU service ID. + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure online sign up (OSU) provider list. + fortios_wireless_controller_hotspot20_h2qp_osu_provider: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_osu_provider: + friendly_name: + - + friendly_name: "" + index: "5" + lang: "" + icon: " (source wireless-controller.hotspot20.icon.name)" + name: "default_name_8" + osu_method: "oma-dm" + osu_nai: "" + server_uri: "" + service_description: + - + lang: "" + service_description: "" + service_id: "15" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_h2qp_osu_provider_data(json): + option_list = ['friendly_name', 'icon', 'name', + 'osu_method', 'osu_nai', 'server_uri', + 'service_description'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_h2qp_osu_provider(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_h2qp_osu_provider_data = data['wireless_controller_hotspot20_h2qp_osu_provider'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_osu_provider_data(wireless_controller_hotspot20_h2qp_osu_provider_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'h2qp-osu-provider', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'h2qp-osu-provider', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_h2qp_osu_provider']: + resp = wireless_controller_hotspot20_h2qp_osu_provider(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_h2qp_osu_provider')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_h2qp_osu_provider": { + "required": False, "type": "dict", "default": None, + "options": { + "friendly_name": {"required": False, "type": "list", + "options": { + "friendly_name": {"required": False, "type": "str"}, + "index": {"required": True, "type": "int"}, + "lang": {"required": False, "type": "str"} + }}, + "icon": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "osu_method": {"required": False, "type": "str", + "choices": ["oma-dm", + "soap-xml-spp", + "reserved"]}, + "osu_nai": {"required": False, "type": "str"}, + "server_uri": {"required": False, "type": "str"}, + "service_description": {"required": False, "type": "list", + "options": { + "lang": {"required": False, "type": "str"}, + "service_description": {"required": False, "type": "str"}, + "service_id": {"required": False, "type": "int"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py new file mode 100644 index 00000000..4d68da13 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py @@ -0,0 +1,348 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_h2qp_wan_metric +short_description: Configure WAN metrics in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and h2qp_wan_metric category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_h2qp_wan_metric: + description: + - Configure WAN metrics. + default: null + type: dict + suboptions: + downlink_load: + description: + - Downlink load. + type: int + downlink_speed: + description: + - Downlink speed (in kilobits/s). + type: int + link_at_capacity: + description: + - Link at capacity. + type: str + choices: + - enable + - disable + link_status: + description: + - Link status. + type: str + choices: + - up + - down + - in-test + load_measurement_duration: + description: + - Load measurement duration (in tenths of a second). + type: int + name: + description: + - WAN metric name. + required: true + type: str + symmetric_wan_link: + description: + - WAN link symmetry. + type: str + choices: + - symmetric + - asymmetric + uplink_load: + description: + - Uplink load. + type: int + uplink_speed: + description: + - Uplink speed (in kilobits/s). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WAN metrics. + fortios_wireless_controller_hotspot20_h2qp_wan_metric: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_h2qp_wan_metric: + downlink_load: "3" + downlink_speed: "4" + link_at_capacity: "enable" + link_status: "up" + load_measurement_duration: "7" + name: "default_name_8" + symmetric_wan_link: "symmetric" + uplink_load: "10" + uplink_speed: "11" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_h2qp_wan_metric_data(json): + option_list = ['downlink_load', 'downlink_speed', 'link_at_capacity', + 'link_status', 'load_measurement_duration', 'name', + 'symmetric_wan_link', 'uplink_load', 'uplink_speed'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_h2qp_wan_metric(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_h2qp_wan_metric_data = data['wireless_controller_hotspot20_h2qp_wan_metric'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_wan_metric_data(wireless_controller_hotspot20_h2qp_wan_metric_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'h2qp-wan-metric', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'h2qp-wan-metric', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_h2qp_wan_metric']: + resp = wireless_controller_hotspot20_h2qp_wan_metric(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_h2qp_wan_metric')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_h2qp_wan_metric": { + "required": False, "type": "dict", "default": None, + "options": { + "downlink_load": {"required": False, "type": "int"}, + "downlink_speed": {"required": False, "type": "int"}, + "link_at_capacity": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "link_status": {"required": False, "type": "str", + "choices": ["up", + "down", + "in-test"]}, + "load_measurement_duration": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "symmetric_wan_link": {"required": False, "type": "str", + "choices": ["symmetric", + "asymmetric"]}, + "uplink_load": {"required": False, "type": "int"}, + "uplink_speed": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_hs_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_hs_profile.py new file mode 100644 index 00000000..d8bbfed0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_hs_profile.py @@ -0,0 +1,715 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_hs_profile +short_description: Configure hotspot profile in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and hs_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_hs_profile: + description: + - Configure hotspot profile. + default: null + type: dict + suboptions: + plmn_3gpp: + description: + - 3GPP PLMN name. Source wireless-controller.hotspot20.anqp-3gpp-cellular.name. + type: str + access_network_asra: + description: + - Enable/disable additional step required for access (ASRA). + type: str + choices: + - enable + - disable + access_network_esr: + description: + - Enable/disable emergency services reachable (ESR). + type: str + choices: + - enable + - disable + access_network_internet: + description: + - Enable/disable connectivity to the Internet. + type: str + choices: + - enable + - disable + access_network_type: + description: + - Access network type. + type: str + choices: + - private-network + - private-network-with-guest-access + - chargeable-public-network + - free-public-network + - personal-device-network + - emergency-services-only-network + - test-or-experimental + - wildcard + access_network_uesa: + description: + - Enable/disable unauthenticated emergency service accessible (UESA). + type: str + choices: + - enable + - disable + anqp_domain_id: + description: + - ANQP Domain ID (0-65535). + type: int + bss_transition: + description: + - Enable/disable basic service set (BSS) transition Support. + type: str + choices: + - enable + - disable + conn_cap: + description: + - Connection capability name. Source wireless-controller.hotspot20.h2qp-conn-capability.name. + type: str + deauth_request_timeout: + description: + - Deauthentication request timeout (in seconds). + type: int + dgaf: + description: + - Enable/disable downstream group-addressed forwarding (DGAF). + type: str + choices: + - enable + - disable + domain_name: + description: + - Domain name. + type: str + gas_comeback_delay: + description: + - GAS comeback delay (0 or 100 - 4000 milliseconds). + type: int + gas_fragmentation_limit: + description: + - GAS fragmentation limit (512 - 4096). + type: int + hessid: + description: + - Homogeneous extended service set identifier (HESSID). + type: str + ip_addr_type: + description: + - IP address type name. Source wireless-controller.hotspot20.anqp-ip-address-type.name. + type: str + l2tif: + description: + - Enable/disable Layer 2 traffic inspection and filtering. + type: str + choices: + - enable + - disable + nai_realm: + description: + - NAI realm list name. Source wireless-controller.hotspot20.anqp-nai-realm.name. + type: str + name: + description: + - Hotspot profile name. + required: true + type: str + network_auth: + description: + - Network authentication name. Source wireless-controller.hotspot20.anqp-network-auth-type.name. + type: str + oper_friendly_name: + description: + - Operator friendly name. Source wireless-controller.hotspot20.h2qp-operator-name.name. + type: str + osu_provider: + description: + - Manually selected list of OSU provider(s). + type: list + suboptions: + name: + description: + - OSU provider name. Source wireless-controller.hotspot20.h2qp-osu-provider.name. + required: true + type: str + osu_ssid: + description: + - Online sign up (OSU) SSID. + type: str + pame_bi: + description: + - Enable/disable Pre-Association Message Exchange BSSID Independent (PAME-BI). + type: str + choices: + - disable + - enable + proxy_arp: + description: + - Enable/disable Proxy ARP. + type: str + choices: + - enable + - disable + qos_map: + description: + - QoS MAP set ID. Source wireless-controller.hotspot20.qos-map.name. + type: str + roaming_consortium: + description: + - Roaming consortium list name. Source wireless-controller.hotspot20.anqp-roaming-consortium.name. + type: str + venue_group: + description: + - Venue group. + type: str + choices: + - unspecified + - assembly + - business + - educational + - factory + - institutional + - mercantile + - residential + - storage + - utility + - vehicular + - outdoor + venue_name: + description: + - Venue name. Source wireless-controller.hotspot20.anqp-venue-name.name. + type: str + venue_type: + description: + - Venue type. + type: str + choices: + - unspecified + - arena + - stadium + - passenger-terminal + - amphitheater + - amusement-park + - place-of-worship + - convention-center + - library + - museum + - restaurant + - theater + - bar + - coffee-shop + - zoo-or-aquarium + - emergency-center + - doctor-office + - bank + - fire-station + - police-station + - post-office + - professional-office + - research-facility + - attorney-office + - primary-school + - secondary-school + - university-or-college + - factory + - hospital + - long-term-care-facility + - rehab-center + - group-home + - prison-or-jail + - retail-store + - grocery-market + - auto-service-station + - shopping-mall + - gas-station + - private + - hotel-or-motel + - dormitory + - boarding-house + - automobile + - airplane + - bus + - ferry + - ship-or-boat + - train + - motor-bike + - muni-mesh-network + - city-park + - rest-area + - traffic-control + - bus-stop + - kiosk + wan_metrics: + description: + - WAN metric name. Source wireless-controller.hotspot20.h2qp-wan-metric.name. + type: str + wnm_sleep_mode: + description: + - Enable/disable wireless network management (WNM) sleep mode. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure hotspot profile. + fortios_wireless_controller_hotspot20_hs_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_hs_profile: + plmn_3gpp: " (source wireless-controller.hotspot20.anqp-3gpp-cellular.name)" + access_network_asra: "enable" + access_network_esr: "enable" + access_network_internet: "enable" + access_network_type: "private-network" + access_network_uesa: "enable" + anqp_domain_id: "9" + bss_transition: "enable" + conn_cap: " (source wireless-controller.hotspot20.h2qp-conn-capability.name)" + deauth_request_timeout: "12" + dgaf: "enable" + domain_name: "" + gas_comeback_delay: "15" + gas_fragmentation_limit: "16" + hessid: "" + ip_addr_type: " (source wireless-controller.hotspot20.anqp-ip-address-type.name)" + l2tif: "enable" + nai_realm: " (source wireless-controller.hotspot20.anqp-nai-realm.name)" + name: "default_name_21" + network_auth: " (source wireless-controller.hotspot20.anqp-network-auth-type.name)" + oper_friendly_name: " (source wireless-controller.hotspot20.h2qp-operator-name.name)" + osu_provider: + - + name: "default_name_25 (source wireless-controller.hotspot20.h2qp-osu-provider.name)" + osu_ssid: "" + pame_bi: "disable" + proxy_arp: "enable" + qos_map: " (source wireless-controller.hotspot20.qos-map.name)" + roaming_consortium: " (source wireless-controller.hotspot20.anqp-roaming-consortium.name)" + venue_group: "unspecified" + venue_name: " (source wireless-controller.hotspot20.anqp-venue-name.name)" + venue_type: "unspecified" + wan_metrics: " (source wireless-controller.hotspot20.h2qp-wan-metric.name)" + wnm_sleep_mode: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_hs_profile_data(json): + option_list = ['plmn_3gpp', 'access_network_asra', 'access_network_esr', + 'access_network_internet', 'access_network_type', 'access_network_uesa', + 'anqp_domain_id', 'bss_transition', 'conn_cap', + 'deauth_request_timeout', 'dgaf', 'domain_name', + 'gas_comeback_delay', 'gas_fragmentation_limit', 'hessid', + 'ip_addr_type', 'l2tif', 'nai_realm', + 'name', 'network_auth', 'oper_friendly_name', + 'osu_provider', 'osu_ssid', 'pame_bi', + 'proxy_arp', 'qos_map', 'roaming_consortium', + 'venue_group', 'venue_name', 'venue_type', + 'wan_metrics', 'wnm_sleep_mode'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def valid_attr_to_invalid_attr(data): + specillist = {"3gpp_plmn": "plmn_3gpp"} + + for k, v in specillist.items(): + if v == data: + return k + + return data + + +def valid_attr_to_invalid_attrs(data): + if isinstance(data, list): + for elem in data: + elem = valid_attr_to_invalid_attrs(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[valid_attr_to_invalid_attr(k)] = valid_attr_to_invalid_attrs(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_hs_profile(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_hs_profile_data = data['wireless_controller_hotspot20_hs_profile'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_hs_profile_data(wireless_controller_hotspot20_hs_profile_data)) + converted_data = valid_attr_to_invalid_attrs(filtered_data) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'hs-profile', + data=converted_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'hs-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_hs_profile']: + resp = wireless_controller_hotspot20_hs_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_hs_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_hs_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "plmn_3gpp": {"required": False, "type": "str"}, + "access_network_asra": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "access_network_esr": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "access_network_internet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "access_network_type": {"required": False, "type": "str", + "choices": ["private-network", + "private-network-with-guest-access", + "chargeable-public-network", + "free-public-network", + "personal-device-network", + "emergency-services-only-network", + "test-or-experimental", + "wildcard"]}, + "access_network_uesa": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "anqp_domain_id": {"required": False, "type": "int"}, + "bss_transition": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "conn_cap": {"required": False, "type": "str"}, + "deauth_request_timeout": {"required": False, "type": "int"}, + "dgaf": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "domain_name": {"required": False, "type": "str"}, + "gas_comeback_delay": {"required": False, "type": "int"}, + "gas_fragmentation_limit": {"required": False, "type": "int"}, + "hessid": {"required": False, "type": "str"}, + "ip_addr_type": {"required": False, "type": "str"}, + "l2tif": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "nai_realm": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "network_auth": {"required": False, "type": "str"}, + "oper_friendly_name": {"required": False, "type": "str"}, + "osu_provider": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "osu_ssid": {"required": False, "type": "str"}, + "pame_bi": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "proxy_arp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "qos_map": {"required": False, "type": "str"}, + "roaming_consortium": {"required": False, "type": "str"}, + "venue_group": {"required": False, "type": "str", + "choices": ["unspecified", + "assembly", + "business", + "educational", + "factory", + "institutional", + "mercantile", + "residential", + "storage", + "utility", + "vehicular", + "outdoor"]}, + "venue_name": {"required": False, "type": "str"}, + "venue_type": {"required": False, "type": "str", + "choices": ["unspecified", + "arena", + "stadium", + "passenger-terminal", + "amphitheater", + "amusement-park", + "place-of-worship", + "convention-center", + "library", + "museum", + "restaurant", + "theater", + "bar", + "coffee-shop", + "zoo-or-aquarium", + "emergency-center", + "doctor-office", + "bank", + "fire-station", + "police-station", + "post-office", + "professional-office", + "research-facility", + "attorney-office", + "primary-school", + "secondary-school", + "university-or-college", + "factory", + "hospital", + "long-term-care-facility", + "rehab-center", + "group-home", + "prison-or-jail", + "retail-store", + "grocery-market", + "auto-service-station", + "shopping-mall", + "gas-station", + "private", + "hotel-or-motel", + "dormitory", + "boarding-house", + "automobile", + "airplane", + "bus", + "ferry", + "ship-or-boat", + "train", + "motor-bike", + "muni-mesh-network", + "city-park", + "rest-area", + "traffic-control", + "bus-stop", + "kiosk"]}, + "wan_metrics": {"required": False, "type": "str"}, + "wnm_sleep_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_icon.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_icon.py new file mode 100644 index 00000000..9100874b --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_icon.py @@ -0,0 +1,339 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_icon +short_description: Configure OSU provider icon in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and icon category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_icon: + description: + - Configure OSU provider icon. + default: null + type: dict + suboptions: + icon_list: + description: + - Icon list. + type: list + suboptions: + file: + description: + - Icon file. + type: str + height: + description: + - Icon height. + type: int + lang: + description: + - Language code. + type: str + name: + description: + - Icon name. + required: true + type: str + type: + description: + - Icon type. + type: str + choices: + - bmp + - gif + - jpeg + - png + - tiff + width: + description: + - Icon width. + type: int + name: + description: + - Icon list ID. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure OSU provider icon. + fortios_wireless_controller_hotspot20_icon: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_icon: + icon_list: + - + file: "" + height: "5" + lang: "" + name: "default_name_7" + type: "bmp" + width: "9" + name: "default_name_10" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_icon_data(json): + option_list = ['icon_list', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_icon(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_icon_data = data['wireless_controller_hotspot20_icon'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_icon_data(wireless_controller_hotspot20_icon_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'icon', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'icon', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_icon']: + resp = wireless_controller_hotspot20_icon(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_icon')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_icon": { + "required": False, "type": "dict", "default": None, + "options": { + "icon_list": {"required": False, "type": "list", + "options": { + "file": {"required": False, "type": "str"}, + "height": {"required": False, "type": "int"}, + "lang": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "type": {"required": False, "type": "str", + "choices": ["bmp", + "gif", + "jpeg", + "png", + "tiff"]}, + "width": {"required": False, "type": "int"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_qos_map.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_qos_map.py new file mode 100644 index 00000000..25764b2c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_hotspot20_qos_map.py @@ -0,0 +1,345 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_hotspot20_qos_map +short_description: Configure QoS map set in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller_hotspot20 feature and qos_map category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_hotspot20_qos_map: + description: + - Configure QoS map set. + default: null + type: dict + suboptions: + dscp_except: + description: + - Differentiated Services Code Point (DSCP) exceptions. + type: list + suboptions: + dscp: + description: + - DSCP value. + type: int + index: + description: + - DSCP exception index. + required: true + type: int + up: + description: + - User priority. + type: int + dscp_range: + description: + - Differentiated Services Code Point (DSCP) ranges. + type: list + suboptions: + high: + description: + - DSCP high value. + type: int + index: + description: + - DSCP range index. + required: true + type: int + low: + description: + - DSCP low value. + type: int + up: + description: + - User priority. + type: int + name: + description: + - QOS-MAP name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure QoS map set. + fortios_wireless_controller_hotspot20_qos_map: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_hotspot20_qos_map: + dscp_except: + - + dscp: "4" + index: "5" + up: "6" + dscp_range: + - + high: "8" + index: "9" + low: "10" + up: "11" + name: "default_name_12" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_hotspot20_qos_map_data(json): + option_list = ['dscp_except', 'dscp_range', 'name'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_hotspot20_qos_map(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_hotspot20_qos_map_data = data['wireless_controller_hotspot20_qos_map'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_qos_map_data(wireless_controller_hotspot20_qos_map_data)) + + if state == "present": + return fos.set('wireless-controller.hotspot20', + 'qos-map', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller.hotspot20', + 'qos-map', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller_hotspot20(data, fos): + + if data['wireless_controller_hotspot20_qos_map']: + resp = wireless_controller_hotspot20_qos_map(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_hotspot20_qos_map')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_hotspot20_qos_map": { + "required": False, "type": "dict", "default": None, + "options": { + "dscp_except": {"required": False, "type": "list", + "options": { + "dscp": {"required": False, "type": "int"}, + "index": {"required": True, "type": "int"}, + "up": {"required": False, "type": "int"} + }}, + "dscp_range": {"required": False, "type": "list", + "options": { + "high": {"required": False, "type": "int"}, + "index": {"required": True, "type": "int"}, + "low": {"required": False, "type": "int"}, + "up": {"required": False, "type": "int"} + }}, + "name": {"required": True, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_inter_controller.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_inter_controller.py new file mode 100644 index 00000000..ebe3072f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_inter_controller.py @@ -0,0 +1,335 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_inter_controller +short_description: Configure inter wireless controller operation in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and inter_controller category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wireless_controller_inter_controller: + description: + - Configure inter wireless controller operation. + default: null + type: dict + suboptions: + fast_failover_max: + description: + - Maximum number of retransmissions for fast failover HA messages between peer wireless controllers (3 - 64). + type: int + fast_failover_wait: + description: + - Minimum wait time before an AP transitions from secondary controller to primary controller (10 - 86400 sec). + type: int + inter_controller_key: + description: + - Secret key for inter-controller communications. + type: str + inter_controller_mode: + description: + - Configure inter-controller mode (disable, l2-roaming, 1+1). + type: str + choices: + - disable + - l2-roaming + - 1+1 + inter_controller_peer: + description: + - Fast failover peer wireless controller list. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + peer_ip: + description: + - Peer wireless controller"s IP address. + type: str + peer_port: + description: + - Port used by the wireless controller"s for inter-controller communications (1024 - 49150). + type: int + peer_priority: + description: + - Peer wireless controller"s priority (primary or secondary). + type: str + choices: + - primary + - secondary + inter_controller_pri: + description: + - Configure inter-controller"s priority (primary or secondary). + type: str + choices: + - primary + - secondary +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure inter wireless controller operation. + fortios_wireless_controller_inter_controller: + vdom: "{{ vdom }}" + wireless_controller_inter_controller: + fast_failover_max: "3" + fast_failover_wait: "4" + inter_controller_key: "" + inter_controller_mode: "disable" + inter_controller_peer: + - + id: "8" + peer_ip: "" + peer_port: "10" + peer_priority: "primary" + inter_controller_pri: "primary" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_inter_controller_data(json): + option_list = ['fast_failover_max', 'fast_failover_wait', 'inter_controller_key', + 'inter_controller_mode', 'inter_controller_peer', 'inter_controller_pri'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_inter_controller(data, fos): + vdom = data['vdom'] + wireless_controller_inter_controller_data = data['wireless_controller_inter_controller'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_inter_controller_data(wireless_controller_inter_controller_data)) + + return fos.set('wireless-controller', + 'inter-controller', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_inter_controller']: + resp = wireless_controller_inter_controller(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_inter_controller')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wireless_controller_inter_controller": { + "required": False, "type": "dict", "default": None, + "options": { + "fast_failover_max": {"required": False, "type": "int"}, + "fast_failover_wait": {"required": False, "type": "int"}, + "inter_controller_key": {"required": False, "type": "str"}, + "inter_controller_mode": {"required": False, "type": "str", + "choices": ["disable", + "l2-roaming", + "1+1"]}, + "inter_controller_peer": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "peer_ip": {"required": False, "type": "str"}, + "peer_port": {"required": False, "type": "int"}, + "peer_priority": {"required": False, "type": "str", + "choices": ["primary", + "secondary"]} + }}, + "inter_controller_pri": {"required": False, "type": "str", + "choices": ["primary", + "secondary"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_qos_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_qos_profile.py new file mode 100644 index 00000000..1059d9e6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_qos_profile.py @@ -0,0 +1,462 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_qos_profile +short_description: Configure WiFi quality of service (QoS) profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and qos_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_qos_profile: + description: + - Configure WiFi quality of service (QoS) profiles. + default: null + type: dict + suboptions: + bandwidth_admission_control: + description: + - Enable/disable WMM bandwidth admission control. + type: str + choices: + - enable + - disable + bandwidth_capacity: + description: + - Maximum bandwidth capacity allowed (1 - 600000 Kbps). + type: int + burst: + description: + - Enable/disable client rate burst. + type: str + choices: + - enable + - disable + call_admission_control: + description: + - Enable/disable WMM call admission control. + type: str + choices: + - enable + - disable + call_capacity: + description: + - Maximum number of Voice over WLAN (VoWLAN) phones allowed (0 - 60). + type: int + comment: + description: + - Comment. + type: str + downlink: + description: + - Maximum downlink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). + type: int + downlink_sta: + description: + - Maximum downlink bandwidth for clients (0 - 2097152 Kbps). + type: int + dscp_wmm_be: + description: + - DSCP mapping for best effort access . + type: list + suboptions: + id: + description: + - DSCP WMM mapping numbers (0 - 63). + required: true + type: int + dscp_wmm_bk: + description: + - DSCP mapping for background access . + type: list + suboptions: + id: + description: + - DSCP WMM mapping numbers (0 - 63). + required: true + type: int + dscp_wmm_mapping: + description: + - Enable/disable Differentiated Services Code Point (DSCP) mapping. + type: str + choices: + - enable + - disable + dscp_wmm_vi: + description: + - DSCP mapping for video access . + type: list + suboptions: + id: + description: + - DSCP WMM mapping numbers (0 - 63). + required: true + type: int + dscp_wmm_vo: + description: + - DSCP mapping for voice access . + type: list + suboptions: + id: + description: + - DSCP WMM mapping numbers (0 - 63). + required: true + type: int + name: + description: + - WiFi QoS profile name. + required: true + type: str + uplink: + description: + - Maximum uplink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). + type: int + uplink_sta: + description: + - Maximum uplink bandwidth for clients (0 - 2097152 Kbps). + type: int + wmm: + description: + - Enable/disable WiFi multi-media (WMM) control. + type: str + choices: + - enable + - disable + wmm_uapsd: + description: + - Enable/disable WMM Unscheduled Automatic Power Save Delivery (U-APSD) power save mode. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WiFi quality of service (QoS) profiles. + fortios_wireless_controller_qos_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_qos_profile: + bandwidth_admission_control: "enable" + bandwidth_capacity: "4" + burst: "enable" + call_admission_control: "enable" + call_capacity: "7" + comment: "Comment." + downlink: "9" + downlink_sta: "10" + dscp_wmm_be: + - + id: "12" + dscp_wmm_bk: + - + id: "14" + dscp_wmm_mapping: "enable" + dscp_wmm_vi: + - + id: "17" + dscp_wmm_vo: + - + id: "19" + name: "default_name_20" + uplink: "21" + uplink_sta: "22" + wmm: "enable" + wmm_uapsd: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_qos_profile_data(json): + option_list = ['bandwidth_admission_control', 'bandwidth_capacity', 'burst', + 'call_admission_control', 'call_capacity', 'comment', + 'downlink', 'downlink_sta', 'dscp_wmm_be', + 'dscp_wmm_bk', 'dscp_wmm_mapping', 'dscp_wmm_vi', + 'dscp_wmm_vo', 'name', 'uplink', + 'uplink_sta', 'wmm', 'wmm_uapsd'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_qos_profile(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_qos_profile_data = data['wireless_controller_qos_profile'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_qos_profile_data(wireless_controller_qos_profile_data)) + + if state == "present": + return fos.set('wireless-controller', + 'qos-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'qos-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_qos_profile']: + resp = wireless_controller_qos_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_qos_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_qos_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "bandwidth_admission_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bandwidth_capacity": {"required": False, "type": "int"}, + "burst": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "call_admission_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "call_capacity": {"required": False, "type": "int"}, + "comment": {"required": False, "type": "str"}, + "downlink": {"required": False, "type": "int"}, + "downlink_sta": {"required": False, "type": "int"}, + "dscp_wmm_be": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "dscp_wmm_bk": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "dscp_wmm_mapping": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dscp_wmm_vi": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "dscp_wmm_vo": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"} + }}, + "name": {"required": True, "type": "str"}, + "uplink": {"required": False, "type": "int"}, + "uplink_sta": {"required": False, "type": "int"}, + "wmm": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wmm_uapsd": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_setting.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_setting.py new file mode 100644 index 00000000..e3e4f6e3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_setting.py @@ -0,0 +1,544 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_setting +short_description: VDOM wireless controller configuration in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and setting category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wireless_controller_setting: + description: + - VDOM wireless controller configuration. + default: null + type: dict + suboptions: + account_id: + description: + - FortiCloud customer account ID. + type: str + country: + description: + - Country or region in which the FortiGate is located. The country determines the 802.11 bands and channels that are available. + type: str + choices: + - NA + - AL + - DZ + - AO + - AR + - AM + - AU + - AT + - AZ + - BH + - BD + - BB + - BY + - BE + - BZ + - BO + - BA + - BR + - BN + - BG + - KH + - CL + - CN + - CO + - CR + - HR + - CY + - CZ + - DK + - DO + - EC + - EG + - SV + - EE + - FI + - FR + - GE + - DE + - GR + - GL + - GD + - GU + - GT + - HT + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IE + - IL + - IT + - JM + - JO + - KZ + - KE + - KP + - KR + - KW + - LV + - LB + - LI + - LT + - LU + - MO + - MK + - MY + - MT + - MX + - MC + - MA + - MZ + - MM + - NP + - NL + - AN + - AW + - NZ + - NO + - OM + - PK + - PA + - PG + - PY + - PE + - PH + - PL + - PT + - PR + - QA + - RO + - RU + - RW + - SA + - RS + - ME + - SG + - SK + - SI + - ZA + - ES + - LK + - SE + - SD + - CH + - SY + - TW + - TZ + - TH + - TT + - TN + - TR + - AE + - UA + - GB + - US + - PS + - UY + - UZ + - VE + - VN + - YE + - ZB + - ZW + - JP + - CA + duplicate_ssid: + description: + - Enable/disable allowing Virtual Access Points (VAPs) to use the same SSID name in the same VDOM. + type: str + choices: + - enable + - disable + fapc_compatibility: + description: + - Enable/disable FAP-C series compatibility. + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: VDOM wireless controller configuration. + fortios_wireless_controller_setting: + vdom: "{{ vdom }}" + wireless_controller_setting: + account_id: "" + country: "NA" + duplicate_ssid: "enable" + fapc_compatibility: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_setting_data(json): + option_list = ['account_id', 'country', 'duplicate_ssid', + 'fapc_compatibility'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_setting(data, fos): + vdom = data['vdom'] + wireless_controller_setting_data = data['wireless_controller_setting'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_setting_data(wireless_controller_setting_data)) + + return fos.set('wireless-controller', + 'setting', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_setting']: + resp = wireless_controller_setting(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_setting')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wireless_controller_setting": { + "required": False, "type": "dict", "default": None, + "options": { + "account_id": {"required": False, "type": "str"}, + "country": {"required": False, "type": "str", + "choices": ["NA", + "AL", + "DZ", + "AO", + "AR", + "AM", + "AU", + "AT", + "AZ", + "BH", + "BD", + "BB", + "BY", + "BE", + "BZ", + "BO", + "BA", + "BR", + "BN", + "BG", + "KH", + "CL", + "CN", + "CO", + "CR", + "HR", + "CY", + "CZ", + "DK", + "DO", + "EC", + "EG", + "SV", + "EE", + "FI", + "FR", + "GE", + "DE", + "GR", + "GL", + "GD", + "GU", + "GT", + "HT", + "HN", + "HK", + "HU", + "IS", + "IN", + "ID", + "IR", + "IE", + "IL", + "IT", + "JM", + "JO", + "KZ", + "KE", + "KP", + "KR", + "KW", + "LV", + "LB", + "LI", + "LT", + "LU", + "MO", + "MK", + "MY", + "MT", + "MX", + "MC", + "MA", + "MZ", + "MM", + "NP", + "NL", + "AN", + "AW", + "NZ", + "NO", + "OM", + "PK", + "PA", + "PG", + "PY", + "PE", + "PH", + "PL", + "PT", + "PR", + "QA", + "RO", + "RU", + "RW", + "SA", + "RS", + "ME", + "SG", + "SK", + "SI", + "ZA", + "ES", + "LK", + "SE", + "SD", + "CH", + "SY", + "TW", + "TZ", + "TH", + "TT", + "TN", + "TR", + "AE", + "UA", + "GB", + "US", + "PS", + "UY", + "UZ", + "VE", + "VN", + "YE", + "ZB", + "ZW", + "JP", + "CA"]}, + "duplicate_ssid": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fapc_compatibility": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_timers.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_timers.py new file mode 100644 index 00000000..a6735598 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_timers.py @@ -0,0 +1,372 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_timers +short_description: Configure CAPWAP timers in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and timers category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + wireless_controller_timers: + description: + - Configure CAPWAP timers. + default: null + type: dict + suboptions: + ble_scan_report_intv: + description: + - Time between running Bluetooth Low Energy (BLE) reports (10 - 3600 sec). + type: int + client_idle_timeout: + description: + - Time after which a client is considered idle and times out (20 - 3600 sec). + type: int + darrp_day: + description: + - Weekday on which to run DARRP optimization. + type: str + choices: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + darrp_optimize: + description: + - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec). + type: int + darrp_time: + description: + - Time at which DARRP optimizations run (you can add up to 8 times). + type: list + suboptions: + time: + description: + - Time. + required: true + type: str + discovery_interval: + description: + - Time between discovery requests (2 - 180 sec). + type: int + echo_interval: + description: + - Time between echo requests sent by the managed WTP, AP, or FortiAP (1 - 255 sec). + type: int + fake_ap_log: + description: + - Time between recording logs about fake APs if periodic fake AP logging is configured (0 - 1440 min). + type: int + ipsec_intf_cleanup: + description: + - Time period to keep IPsec VPN interfaces up after WTP sessions are disconnected (30 - 3600 sec). + type: int + radio_stats_interval: + description: + - Time between running radio reports (1 - 255 sec). + type: int + rogue_ap_log: + description: + - Time between logging rogue AP messages if periodic rogue AP logging is configured (0 - 1440 min). + type: int + sta_capability_interval: + description: + - Time between running station capability reports (1 - 255 sec). + type: int + sta_locate_timer: + description: + - Time between running client presence flushes to remove clients that are listed but no longer present (0 - 86400 sec). + type: int + sta_stats_interval: + description: + - Time between running client (station) reports (1 - 255 sec). + type: int + vap_stats_interval: + description: + - Time between running Virtual Access Point (VAP) reports (1 - 255 sec). + type: int +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure CAPWAP timers. + fortios_wireless_controller_timers: + vdom: "{{ vdom }}" + wireless_controller_timers: + ble_scan_report_intv: "3" + client_idle_timeout: "4" + darrp_day: "sunday" + darrp_optimize: "6" + darrp_time: + - + time: "" + discovery_interval: "9" + echo_interval: "10" + fake_ap_log: "11" + ipsec_intf_cleanup: "12" + radio_stats_interval: "13" + rogue_ap_log: "14" + sta_capability_interval: "15" + sta_locate_timer: "16" + sta_stats_interval: "17" + vap_stats_interval: "18" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_timers_data(json): + option_list = ['ble_scan_report_intv', 'client_idle_timeout', 'darrp_day', + 'darrp_optimize', 'darrp_time', 'discovery_interval', + 'echo_interval', 'fake_ap_log', 'ipsec_intf_cleanup', + 'radio_stats_interval', 'rogue_ap_log', 'sta_capability_interval', + 'sta_locate_timer', 'sta_stats_interval', 'vap_stats_interval'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_timers(data, fos): + vdom = data['vdom'] + wireless_controller_timers_data = data['wireless_controller_timers'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_timers_data(wireless_controller_timers_data)) + + return fos.set('wireless-controller', + 'timers', + data=filtered_data, + vdom=vdom) + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_timers']: + resp = wireless_controller_timers(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_timers')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = None + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "wireless_controller_timers": { + "required": False, "type": "dict", "default": None, + "options": { + "ble_scan_report_intv": {"required": False, "type": "int"}, + "client_idle_timeout": {"required": False, "type": "int"}, + "darrp_day": {"required": False, "type": "str", + "choices": ["sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday"]}, + "darrp_optimize": {"required": False, "type": "int"}, + "darrp_time": {"required": False, "type": "list", + "options": { + "time": {"required": True, "type": "str"} + }}, + "discovery_interval": {"required": False, "type": "int"}, + "echo_interval": {"required": False, "type": "int"}, + "fake_ap_log": {"required": False, "type": "int"}, + "ipsec_intf_cleanup": {"required": False, "type": "int"}, + "radio_stats_interval": {"required": False, "type": "int"}, + "rogue_ap_log": {"required": False, "type": "int"}, + "sta_capability_interval": {"required": False, "type": "int"}, + "sta_locate_timer": {"required": False, "type": "int"}, + "sta_stats_interval": {"required": False, "type": "int"}, + "vap_stats_interval": {"required": False, "type": "int"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_utm_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_utm_profile.py new file mode 100644 index 00000000..352abec6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_utm_profile.py @@ -0,0 +1,358 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_utm_profile +short_description: Configure UTM (Unified Threat Management) profile in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and utm_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + wireless_controller_utm_profile: + description: + - Configure UTM (Unified Threat Management) profile. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + antivirus_profile: + description: + - AntiVirus profile name. Source antivirus.profile.name. + type: str + application_list: + description: + - Application control list name. Source application.list.name. + type: str + comment: + description: + - Comment. + type: str + ips_sensor: + description: + - IPS sensor name. Source ips.sensor.name. + type: str + name: + description: + - UTM profile name. + required: true + type: str + scan_botnet_connections: + description: + - Block or monitor connections to Botnet servers or disable Botnet scanning. + type: str + choices: + - disable + - block + - monitor + utm_log: + description: + - Enable/disable UTM logging. + type: str + choices: + - enable + - disable + webfilter_profile: + description: + - WebFilter profile name. Source webfilter.profile.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure UTM (Unified Threat Management) profile. + fortios_wireless_controller_utm_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_utm_profile: + antivirus_profile: " (source antivirus.profile.name)" + application_list: " (source application.list.name)" + comment: "Comment." + ips_sensor: " (source ips.sensor.name)" + name: "default_name_7" + scan_botnet_connections: "disable" + utm_log: "enable" + webfilter_profile: " (source webfilter.profile.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_utm_profile_data(json): + option_list = ['antivirus_profile', 'application_list', 'comment', + 'ips_sensor', 'name', 'scan_botnet_connections', + 'utm_log', 'webfilter_profile'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_utm_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['wireless_controller_utm_profile'] and data['wireless_controller_utm_profile']['state']: + state = data['wireless_controller_utm_profile']['state'] + else: + state = True + wireless_controller_utm_profile_data = data['wireless_controller_utm_profile'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_utm_profile_data(wireless_controller_utm_profile_data)) + + if state == "present": + return fos.set('wireless-controller', + 'utm-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'utm-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_utm_profile']: + resp = wireless_controller_utm_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_utm_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_utm_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "antivirus_profile": {"required": False, "type": "str"}, + "application_list": {"required": False, "type": "str"}, + "comment": {"required": False, "type": "str"}, + "ips_sensor": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "scan_botnet_connections": {"required": False, "type": "str", + "choices": ["disable", + "block", + "monitor"]}, + "utm_log": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "webfilter_profile": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap.py new file mode 100644 index 00000000..f1dbff62 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap.py @@ -0,0 +1,1573 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_vap +short_description: Configure Virtual Access Points (VAPs) in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and vap category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + wireless_controller_vap: + description: + - Configure Virtual Access Points (VAPs). + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + acct_interim_interval: + description: + - WiFi RADIUS accounting interim interval (60 - 86400 sec). + type: int + alias: + description: + - Alias. + type: str + auth: + description: + - Authentication protocol. + type: str + choices: + - psk + - radius + - usergroup + broadcast_ssid: + description: + - Enable/disable broadcasting the SSID . + type: str + choices: + - enable + - disable + broadcast_suppression: + description: + - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless + network. + type: str + choices: + - dhcp-up + - dhcp-down + - dhcp-starvation + - arp-known + - arp-unknown + - arp-reply + - arp-poison + - arp-proxy + - netbios-ns + - netbios-ds + - ipv6 + - all-other-mc + - all-other-bc + captive_portal_ac_name: + description: + - Local-bridging captive portal ac-name. + type: str + captive_portal_macauth_radius_secret: + description: + - Secret key to access the macauth RADIUS server. + type: str + captive_portal_macauth_radius_server: + description: + - Captive portal external RADIUS server domain name or IP address. + type: str + captive_portal_radius_secret: + description: + - Secret key to access the RADIUS server. + type: str + captive_portal_radius_server: + description: + - Captive portal RADIUS server domain name or IP address. + type: str + captive_portal_session_timeout_interval: + description: + - Session timeout interval (0 - 864000 sec). + type: int + dhcp_lease_time: + description: + - DHCP lease time in seconds for NAT IP address. + type: int + dhcp_option82_circuit_id_insertion: + description: + - Enable/disable DHCP option 82 circuit-id insert . + type: str + choices: + - style-1 + - style-2 + - disable + dhcp_option82_insertion: + description: + - Enable/disable DHCP option 82 insert . + type: str + choices: + - enable + - disable + dhcp_option82_remote_id_insertion: + description: + - Enable/disable DHCP option 82 remote-id insert . + type: str + choices: + - style-1 + - disable + dynamic_vlan: + description: + - Enable/disable dynamic VLAN assignment. + type: str + choices: + - enable + - disable + eap_reauth: + description: + - Enable/disable EAP re-authentication for WPA-Enterprise security. + type: str + choices: + - enable + - disable + eap_reauth_intv: + description: + - EAP re-authentication interval (1800 - 864000 sec). + type: int + eapol_key_retries: + description: + - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . + type: str + choices: + - disable + - enable + encrypt: + description: + - Encryption protocol to use (only available when security is set to a WPA type). + type: str + choices: + - TKIP + - AES + - TKIP-AES + external_fast_roaming: + description: + - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . + type: str + choices: + - enable + - disable + external_logout: + description: + - URL of external authentication logout server. + type: str + external_web: + description: + - URL of external authentication web server. + type: str + fast_bss_transition: + description: + - Enable/disable 802.11r Fast BSS Transition (FT) . + type: str + choices: + - disable + - enable + fast_roaming: + description: + - Enable/disable fast-roaming, or pre-authentication, where supported by clients . + type: str + choices: + - enable + - disable + ft_mobility_domain: + description: + - Mobility domain identifier in FT (1 - 65535). + type: int + ft_over_ds: + description: + - Enable/disable FT over the Distribution System (DS). + type: str + choices: + - disable + - enable + ft_r0_key_lifetime: + description: + - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. + type: int + gtk_rekey: + description: + - Enable/disable GTK rekey for WPA security. + type: str + choices: + - enable + - disable + gtk_rekey_intv: + description: + - GTK rekey interval interval (1800 - 864000 sec). + type: int + hotspot20_profile: + description: + - Hotspot 2.0 profile name. + type: str + intra_vap_privacy: + description: + - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . + type: str + choices: + - enable + - disable + ip: + description: + - IP address and subnet mask for the local standalone NAT subnet. + type: str + key: + description: + - WEP Key. + type: str + keyindex: + description: + - WEP key index (1 - 4). + type: int + ldpc: + description: + - VAP low-density parity-check (LDPC) coding configuration. + type: str + choices: + - disable + - rx + - tx + - rxtx + local_authentication: + description: + - Enable/disable AP local authentication. + type: str + choices: + - enable + - disable + local_bridging: + description: + - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . + type: str + choices: + - enable + - disable + local_lan: + description: + - Allow/deny traffic destined for a Class A, B, or C private IP address . + type: str + choices: + - allow + - deny + local_standalone: + description: + - Enable/disable AP local standalone . + type: str + choices: + - enable + - disable + local_standalone_nat: + description: + - Enable/disable AP local standalone NAT mode. + type: str + choices: + - enable + - disable + mac_auth_bypass: + description: + - Enable/disable MAC authentication bypass. + type: str + choices: + - enable + - disable + mac_filter: + description: + - Enable/disable MAC filtering to block wireless clients by mac address. + type: str + choices: + - enable + - disable + mac_filter_list: + description: + - Create a list of MAC addresses for MAC address filtering. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + mac: + description: + - MAC address. + type: str + mac_filter_policy: + description: + - Deny or allow the client with this MAC address. + type: str + choices: + - allow + - deny + mac_filter_policy_other: + description: + - Allow or block clients with MAC addresses that are not in the filter list. + type: str + choices: + - allow + - deny + max_clients: + description: + - Maximum number of clients that can connect simultaneously to the VAP . + type: int + max_clients_ap: + description: + - Maximum number of clients that can connect simultaneously to each radio . + type: int + me_disable_thresh: + description: + - Disable multicast enhancement when this many clients are receiving multicast traffic. + type: int + mesh_backhaul: + description: + - Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. + type: str + choices: + - enable + - disable + mpsk: + description: + - Enable/disable multiple pre-shared keys (PSKs.) + type: str + choices: + - enable + - disable + mpsk_concurrent_clients: + description: + - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. + type: int + mpsk_key: + description: + - Pre-shared keys that can be used to connect to this virtual access point. + type: list + suboptions: + comment: + description: + - Comment. + type: str + concurrent_clients: + description: + - Number of clients that can connect using this pre-shared key. + type: str + key_name: + description: + - Pre-shared key name. + type: str + passphrase: + description: + - WPA Pre-shared key. + type: str + multicast_enhance: + description: + - Enable/disable converting multicast to unicast to improve performance . + type: str + choices: + - enable + - disable + multicast_rate: + description: + - Multicast rate (0, 6000, 12000, or 24000 kbps). + type: str + choices: + - 0 + - 6000 + - 12000 + - 24000 + name: + description: + - Virtual AP name. + required: true + type: str + okc: + description: + - Enable/disable Opportunistic Key Caching (OKC) . + type: str + choices: + - disable + - enable + passphrase: + description: + - WPA pre-shard key (PSK) to be used to authenticate WiFi users. + type: str + pmf: + description: + - Protected Management Frames (PMF) support . + type: str + choices: + - disable + - enable + - optional + pmf_assoc_comeback_timeout: + description: + - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). + type: int + pmf_sa_query_retry_timeout: + description: + - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). + type: int + portal_message_override_group: + description: + - Replacement message group for this VAP (only available when security is set to a captive portal type). + type: str + portal_message_overrides: + description: + - Individual message overrides. + type: dict + suboptions: + auth_disclaimer_page: + description: + - Override auth-disclaimer-page message with message from portal-message-overrides group. + type: str + auth_login_failed_page: + description: + - Override auth-login-failed-page message with message from portal-message-overrides group. + type: str + auth_login_page: + description: + - Override auth-login-page message with message from portal-message-overrides group. + type: str + auth_reject_page: + description: + - Override auth-reject-page message with message from portal-message-overrides group. + type: str + portal_type: + description: + - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. + type: str + choices: + - auth + - auth+disclaimer + - disclaimer + - email-collect + - cmcc + - cmcc-macauth + probe_resp_suppression: + description: + - Enable/disable probe response suppression (to ignore weak signals) . + type: str + choices: + - enable + - disable + probe_resp_threshold: + description: + - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). + type: str + ptk_rekey: + description: + - Enable/disable PTK rekey for WPA-Enterprise security. + type: str + choices: + - enable + - disable + ptk_rekey_intv: + description: + - PTK rekey interval interval (1800 - 864000 sec). + type: int + qos_profile: + description: + - Quality of service profile name. + type: str + quarantine: + description: + - Enable/disable station quarantine . + type: str + choices: + - enable + - disable + radius_mac_auth: + description: + - Enable/disable RADIUS-based MAC authentication of clients . + type: str + choices: + - enable + - disable + radius_mac_auth_server: + description: + - RADIUS-based MAC authentication server. + type: str + radius_server: + description: + - RADIUS server to be used to authenticate WiFi users. + type: str + rates_11a: + description: + - Allowed data rates for 802.11a. + type: str + choices: + - 1 + - 1-basic + - 2 + - 2-basic + - 5.5 + - 5.5-basic + - 11 + - 11-basic + - 6 + - 6-basic + - 9 + - 9-basic + - 12 + - 12-basic + - 18 + - 18-basic + - 24 + - 24-basic + - 36 + - 36-basic + - 48 + - 48-basic + - 54 + - 54-basic + rates_11ac_ss12: + description: + - Allowed data rates for 802.11ac with 1 or 2 spatial streams. + type: str + choices: + - mcs0/1 + - mcs1/1 + - mcs2/1 + - mcs3/1 + - mcs4/1 + - mcs5/1 + - mcs6/1 + - mcs7/1 + - mcs8/1 + - mcs9/1 + - mcs10/1 + - mcs11/1 + - mcs0/2 + - mcs1/2 + - mcs2/2 + - mcs3/2 + - mcs4/2 + - mcs5/2 + - mcs6/2 + - mcs7/2 + - mcs8/2 + - mcs9/2 + - mcs10/2 + - mcs11/2 + rates_11ac_ss34: + description: + - Allowed data rates for 802.11ac with 3 or 4 spatial streams. + type: str + choices: + - mcs0/3 + - mcs1/3 + - mcs2/3 + - mcs3/3 + - mcs4/3 + - mcs5/3 + - mcs6/3 + - mcs7/3 + - mcs8/3 + - mcs9/3 + - mcs10/3 + - mcs11/3 + - mcs0/4 + - mcs1/4 + - mcs2/4 + - mcs3/4 + - mcs4/4 + - mcs5/4 + - mcs6/4 + - mcs7/4 + - mcs8/4 + - mcs9/4 + - mcs10/4 + - mcs11/4 + rates_11bg: + description: + - Allowed data rates for 802.11b/g. + type: str + choices: + - 1 + - 1-basic + - 2 + - 2-basic + - 5.5 + - 5.5-basic + - 11 + - 11-basic + - 6 + - 6-basic + - 9 + - 9-basic + - 12 + - 12-basic + - 18 + - 18-basic + - 24 + - 24-basic + - 36 + - 36-basic + - 48 + - 48-basic + - 54 + - 54-basic + rates_11n_ss12: + description: + - Allowed data rates for 802.11n with 1 or 2 spatial streams. + type: str + choices: + - mcs0/1 + - mcs1/1 + - mcs2/1 + - mcs3/1 + - mcs4/1 + - mcs5/1 + - mcs6/1 + - mcs7/1 + - mcs8/2 + - mcs9/2 + - mcs10/2 + - mcs11/2 + - mcs12/2 + - mcs13/2 + - mcs14/2 + - mcs15/2 + rates_11n_ss34: + description: + - Allowed data rates for 802.11n with 3 or 4 spatial streams. + type: str + choices: + - mcs16/3 + - mcs17/3 + - mcs18/3 + - mcs19/3 + - mcs20/3 + - mcs21/3 + - mcs22/3 + - mcs23/3 + - mcs24/4 + - mcs25/4 + - mcs26/4 + - mcs27/4 + - mcs28/4 + - mcs29/4 + - mcs30/4 + - mcs31/4 + schedule: + description: + - VAP schedule name. + type: str + security: + description: + - Security mode for the wireless interface . + type: str + choices: + - open + - captive-portal + - wep64 + - wep128 + - wpa-personal + - wpa-personal+captive-portal + - wpa-enterprise + - wpa-only-personal + - wpa-only-personal+captive-portal + - wpa-only-enterprise + - wpa2-only-personal + - wpa2-only-personal+captive-portal + - wpa2-only-enterprise + - osen + security_exempt_list: + description: + - Optional security exempt list for captive portal authentication. + type: str + security_obsolete_option: + description: + - Enable/disable obsolete security options. + type: str + choices: + - enable + - disable + security_redirect_url: + description: + - Optional URL for redirecting users after they pass captive portal authentication. + type: str + selected_usergroups: + description: + - Selective user groups that are permitted to authenticate. + type: list + suboptions: + name: + description: + - User group name. + required: true + type: str + split_tunneling: + description: + - Enable/disable split tunneling . + type: str + choices: + - enable + - disable + ssid: + description: + - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their + computers to access this SSID name. + type: str + tkip_counter_measure: + description: + - Enable/disable TKIP counter measure. + type: str + choices: + - enable + - disable + usergroup: + description: + - Firewall user group to be used to authenticate WiFi users. + type: list + suboptions: + name: + description: + - User group name. + required: true + type: str + utm_profile: + description: + - UTM profile name. + type: str + vdom: + description: + - Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. + type: str + vlan_auto: + description: + - Enable/disable automatic management of SSID VLAN interface. + type: str + choices: + - enable + - disable + vlan_pool: + description: + - VLAN pool. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + wtp_group: + description: + - WTP group name. + type: str + vlan_pooling: + description: + - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN + pooling occurs with VLAN assignment by wtp-group. + type: str + choices: + - wtp-group + - round-robin + - hash + - disable + vlanid: + description: + - Optional VLAN ID. + type: int + voice_enterprise: + description: + - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . + type: str + choices: + - disable + - enable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Virtual Access Points (VAPs). + fortios_wireless_controller_vap: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_vap: + acct_interim_interval: "3" + alias: "" + auth: "psk" + broadcast_ssid: "enable" + broadcast_suppression: "dhcp-up" + captive_portal_ac_name: "" + captive_portal_macauth_radius_secret: "" + captive_portal_macauth_radius_server: "" + captive_portal_radius_secret: "" + captive_portal_radius_server: "" + captive_portal_session_timeout_interval: "13" + dhcp_lease_time: "14" + dhcp_option82_circuit_id_insertion: "style-1" + dhcp_option82_insertion: "enable" + dhcp_option82_remote_id_insertion: "style-1" + dynamic_vlan: "enable" + eap_reauth: "enable" + eap_reauth_intv: "20" + eapol_key_retries: "disable" + encrypt: "TKIP" + external_fast_roaming: "enable" + external_logout: "" + external_web: "" + fast_bss_transition: "disable" + fast_roaming: "enable" + ft_mobility_domain: "28" + ft_over_ds: "disable" + ft_r0_key_lifetime: "30" + gtk_rekey: "enable" + gtk_rekey_intv: "32" + hotspot20_profile: "" + intra_vap_privacy: "enable" + ip: "" + key: "" + keyindex: "37" + ldpc: "disable" + local_authentication: "enable" + local_bridging: "enable" + local_lan: "allow" + local_standalone: "enable" + local_standalone_nat: "enable" + mac_auth_bypass: "enable" + mac_filter: "enable" + mac_filter_list: + - + id: "47" + mac: "" + mac_filter_policy: "allow" + mac_filter_policy_other: "allow" + max_clients: "51" + max_clients_ap: "52" + me_disable_thresh: "53" + mesh_backhaul: "enable" + mpsk: "enable" + mpsk_concurrent_clients: "56" + mpsk_key: + - + comment: "Comment." + concurrent_clients: "" + key_name: "" + passphrase: "" + multicast_enhance: "enable" + multicast_rate: "0" + name: "default_name_64" + okc: "disable" + passphrase: "" + pmf: "disable" + pmf_assoc_comeback_timeout: "68" + pmf_sa_query_retry_timeout: "69" + portal_message_override_group: "" + portal_message_overrides: + auth_disclaimer_page: "" + auth_login_failed_page: "" + auth_login_page: "" + auth_reject_page: "" + portal_type: "auth" + probe_resp_suppression: "enable" + probe_resp_threshold: "" + ptk_rekey: "enable" + ptk_rekey_intv: "80" + qos_profile: "" + quarantine: "enable" + radius_mac_auth: "enable" + radius_mac_auth_server: "" + radius_server: "" + rates_11a: "1" + rates_11ac_ss12: "mcs0/1" + rates_11ac_ss34: "mcs0/3" + rates_11bg: "1" + rates_11n_ss12: "mcs0/1" + rates_11n_ss34: "mcs16/3" + schedule: "" + security: "open" + security_exempt_list: "" + security_obsolete_option: "enable" + security_redirect_url: "" + selected_usergroups: + - + name: "default_name_98" + split_tunneling: "enable" + ssid: "" + tkip_counter_measure: "enable" + usergroup: + - + name: "default_name_103" + utm_profile: "" + vdom: " (source system.vdom.name)" + vlan_auto: "enable" + vlan_pool: + - + id: "108" + wtp_group: "" + vlan_pooling: "wtp-group" + vlanid: "111" + voice_enterprise: "disable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_vap_data(json): + option_list = ['acct_interim_interval', 'alias', 'auth', + 'broadcast_ssid', 'broadcast_suppression', 'captive_portal_ac_name', + 'captive_portal_macauth_radius_secret', 'captive_portal_macauth_radius_server', 'captive_portal_radius_secret', + 'captive_portal_radius_server', 'captive_portal_session_timeout_interval', 'dhcp_lease_time', + 'dhcp_option82_circuit_id_insertion', 'dhcp_option82_insertion', 'dhcp_option82_remote_id_insertion', + 'dynamic_vlan', 'eap_reauth', 'eap_reauth_intv', + 'eapol_key_retries', 'encrypt', 'external_fast_roaming', + 'external_logout', 'external_web', 'fast_bss_transition', + 'fast_roaming', 'ft_mobility_domain', 'ft_over_ds', + 'ft_r0_key_lifetime', 'gtk_rekey', 'gtk_rekey_intv', + 'hotspot20_profile', 'intra_vap_privacy', 'ip', + 'key', 'keyindex', 'ldpc', + 'local_authentication', 'local_bridging', 'local_lan', + 'local_standalone', 'local_standalone_nat', 'mac_auth_bypass', + 'mac_filter', 'mac_filter_list', 'mac_filter_policy_other', + 'max_clients', 'max_clients_ap', 'me_disable_thresh', + 'mesh_backhaul', 'mpsk', 'mpsk_concurrent_clients', + 'mpsk_key', 'multicast_enhance', 'multicast_rate', + 'name', 'okc', 'passphrase', + 'pmf', 'pmf_assoc_comeback_timeout', 'pmf_sa_query_retry_timeout', + 'portal_message_override_group', 'portal_message_overrides', 'portal_type', + 'probe_resp_suppression', 'probe_resp_threshold', 'ptk_rekey', + 'ptk_rekey_intv', 'qos_profile', 'quarantine', + 'radius_mac_auth', 'radius_mac_auth_server', 'radius_server', + 'rates_11a', 'rates_11ac_ss12', 'rates_11ac_ss34', + 'rates_11bg', 'rates_11n_ss12', 'rates_11n_ss34', + 'schedule', 'security', 'security_exempt_list', + 'security_obsolete_option', 'security_redirect_url', 'selected_usergroups', + 'split_tunneling', 'ssid', 'tkip_counter_measure', + 'usergroup', 'utm_profile', 'vdom', + 'vlan_auto', 'vlan_pool', 'vlan_pooling', + 'vlanid', 'voice_enterprise'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_vap(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['wireless_controller_vap'] and data['wireless_controller_vap']['state']: + state = data['wireless_controller_vap']['state'] + else: + state = True + wireless_controller_vap_data = data['wireless_controller_vap'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_vap_data(wireless_controller_vap_data)) + + if state == "present": + return fos.set('wireless-controller', + 'vap', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'vap', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_vap']: + resp = wireless_controller_vap(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_vap')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_vap": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "acct_interim_interval": {"required": False, "type": "int"}, + "alias": {"required": False, "type": "str"}, + "auth": {"required": False, "type": "str", + "choices": ["psk", + "radius", + "usergroup"]}, + "broadcast_ssid": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "broadcast_suppression": {"required": False, "type": "str", + "choices": ["dhcp-up", + "dhcp-down", + "dhcp-starvation", + "arp-known", + "arp-unknown", + "arp-reply", + "arp-poison", + "arp-proxy", + "netbios-ns", + "netbios-ds", + "ipv6", + "all-other-mc", + "all-other-bc"]}, + "captive_portal_ac_name": {"required": False, "type": "str"}, + "captive_portal_macauth_radius_secret": {"required": False, "type": "str"}, + "captive_portal_macauth_radius_server": {"required": False, "type": "str"}, + "captive_portal_radius_secret": {"required": False, "type": "str"}, + "captive_portal_radius_server": {"required": False, "type": "str"}, + "captive_portal_session_timeout_interval": {"required": False, "type": "int"}, + "dhcp_lease_time": {"required": False, "type": "int"}, + "dhcp_option82_circuit_id_insertion": {"required": False, "type": "str", + "choices": ["style-1", + "style-2", + "disable"]}, + "dhcp_option82_insertion": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dhcp_option82_remote_id_insertion": {"required": False, "type": "str", + "choices": ["style-1", + "disable"]}, + "dynamic_vlan": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eap_reauth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eap_reauth_intv": {"required": False, "type": "int"}, + "eapol_key_retries": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "encrypt": {"required": False, "type": "str", + "choices": ["TKIP", + "AES", + "TKIP-AES"]}, + "external_fast_roaming": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "external_logout": {"required": False, "type": "str"}, + "external_web": {"required": False, "type": "str"}, + "fast_bss_transition": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "fast_roaming": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ft_mobility_domain": {"required": False, "type": "int"}, + "ft_over_ds": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ft_r0_key_lifetime": {"required": False, "type": "int"}, + "gtk_rekey": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "gtk_rekey_intv": {"required": False, "type": "int"}, + "hotspot20_profile": {"required": False, "type": "str"}, + "intra_vap_privacy": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ip": {"required": False, "type": "str"}, + "key": {"required": False, "type": "str"}, + "keyindex": {"required": False, "type": "int"}, + "ldpc": {"required": False, "type": "str", + "choices": ["disable", + "rx", + "tx", + "rxtx"]}, + "local_authentication": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_bridging": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_lan": {"required": False, "type": "str", + "choices": ["allow", + "deny"]}, + "local_standalone": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "local_standalone_nat": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mac_auth_bypass": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mac_filter": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mac_filter_list": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "mac": {"required": False, "type": "str"}, + "mac_filter_policy": {"required": False, "type": "str", + "choices": ["allow", + "deny"]} + }}, + "mac_filter_policy_other": {"required": False, "type": "str", + "choices": ["allow", + "deny"]}, + "max_clients": {"required": False, "type": "int"}, + "max_clients_ap": {"required": False, "type": "int"}, + "me_disable_thresh": {"required": False, "type": "int"}, + "mesh_backhaul": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mpsk": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "mpsk_concurrent_clients": {"required": False, "type": "int"}, + "mpsk_key": {"required": False, "type": "list", + "options": { + "comment": {"required": False, "type": "str"}, + "concurrent_clients": {"required": False, "type": "str"}, + "key_name": {"required": False, "type": "str"}, + "passphrase": {"required": False, "type": "str"} + }}, + "multicast_enhance": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "multicast_rate": {"required": False, "type": "str", + "choices": ["0", + "6000", + "12000", + "24000"]}, + "name": {"required": True, "type": "str"}, + "okc": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "passphrase": {"required": False, "type": "str"}, + "pmf": {"required": False, "type": "str", + "choices": ["disable", + "enable", + "optional"]}, + "pmf_assoc_comeback_timeout": {"required": False, "type": "int"}, + "pmf_sa_query_retry_timeout": {"required": False, "type": "int"}, + "portal_message_override_group": {"required": False, "type": "str"}, + "portal_message_overrides": {"required": False, "type": "dict", + "options": { + "auth_disclaimer_page": {"required": False, "type": "str"}, + "auth_login_failed_page": {"required": False, "type": "str"}, + "auth_login_page": {"required": False, "type": "str"}, + "auth_reject_page": {"required": False, "type": "str"} + }}, + "portal_type": {"required": False, "type": "str", + "choices": ["auth", + "auth+disclaimer", + "disclaimer", + "email-collect", + "cmcc", + "cmcc-macauth"]}, + "probe_resp_suppression": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "probe_resp_threshold": {"required": False, "type": "str"}, + "ptk_rekey": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ptk_rekey_intv": {"required": False, "type": "int"}, + "qos_profile": {"required": False, "type": "str"}, + "quarantine": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "radius_mac_auth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "radius_mac_auth_server": {"required": False, "type": "str"}, + "radius_server": {"required": False, "type": "str"}, + "rates_11a": {"required": False, "type": "str", + "choices": ["1", + "1-basic", + "2", + "2-basic", + "5.5", + "5.5-basic", + "11", + "11-basic", + "6", + "6-basic", + "9", + "9-basic", + "12", + "12-basic", + "18", + "18-basic", + "24", + "24-basic", + "36", + "36-basic", + "48", + "48-basic", + "54", + "54-basic"]}, + "rates_11ac_ss12": {"required": False, "type": "str", + "choices": ["mcs0/1", + "mcs1/1", + "mcs2/1", + "mcs3/1", + "mcs4/1", + "mcs5/1", + "mcs6/1", + "mcs7/1", + "mcs8/1", + "mcs9/1", + "mcs10/1", + "mcs11/1", + "mcs0/2", + "mcs1/2", + "mcs2/2", + "mcs3/2", + "mcs4/2", + "mcs5/2", + "mcs6/2", + "mcs7/2", + "mcs8/2", + "mcs9/2", + "mcs10/2", + "mcs11/2"]}, + "rates_11ac_ss34": {"required": False, "type": "str", + "choices": ["mcs0/3", + "mcs1/3", + "mcs2/3", + "mcs3/3", + "mcs4/3", + "mcs5/3", + "mcs6/3", + "mcs7/3", + "mcs8/3", + "mcs9/3", + "mcs10/3", + "mcs11/3", + "mcs0/4", + "mcs1/4", + "mcs2/4", + "mcs3/4", + "mcs4/4", + "mcs5/4", + "mcs6/4", + "mcs7/4", + "mcs8/4", + "mcs9/4", + "mcs10/4", + "mcs11/4"]}, + "rates_11bg": {"required": False, "type": "str", + "choices": ["1", + "1-basic", + "2", + "2-basic", + "5.5", + "5.5-basic", + "11", + "11-basic", + "6", + "6-basic", + "9", + "9-basic", + "12", + "12-basic", + "18", + "18-basic", + "24", + "24-basic", + "36", + "36-basic", + "48", + "48-basic", + "54", + "54-basic"]}, + "rates_11n_ss12": {"required": False, "type": "str", + "choices": ["mcs0/1", + "mcs1/1", + "mcs2/1", + "mcs3/1", + "mcs4/1", + "mcs5/1", + "mcs6/1", + "mcs7/1", + "mcs8/2", + "mcs9/2", + "mcs10/2", + "mcs11/2", + "mcs12/2", + "mcs13/2", + "mcs14/2", + "mcs15/2"]}, + "rates_11n_ss34": {"required": False, "type": "str", + "choices": ["mcs16/3", + "mcs17/3", + "mcs18/3", + "mcs19/3", + "mcs20/3", + "mcs21/3", + "mcs22/3", + "mcs23/3", + "mcs24/4", + "mcs25/4", + "mcs26/4", + "mcs27/4", + "mcs28/4", + "mcs29/4", + "mcs30/4", + "mcs31/4"]}, + "schedule": {"required": False, "type": "str"}, + "security": {"required": False, "type": "str", + "choices": ["open", + "captive-portal", + "wep64", + "wep128", + "wpa-personal", + "wpa-personal+captive-portal", + "wpa-enterprise", + "wpa-only-personal", + "wpa-only-personal+captive-portal", + "wpa-only-enterprise", + "wpa2-only-personal", + "wpa2-only-personal+captive-portal", + "wpa2-only-enterprise", + "osen"]}, + "security_exempt_list": {"required": False, "type": "str"}, + "security_obsolete_option": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "security_redirect_url": {"required": False, "type": "str"}, + "selected_usergroups": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "split_tunneling": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ssid": {"required": False, "type": "str"}, + "tkip_counter_measure": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "usergroup": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "utm_profile": {"required": False, "type": "str"}, + "vdom": {"required": False, "type": "str"}, + "vlan_auto": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vlan_pool": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "wtp_group": {"required": False, "type": "str"} + }}, + "vlan_pooling": {"required": False, "type": "str", + "choices": ["wtp-group", + "round-robin", + "hash", + "disable"]}, + "vlanid": {"required": False, "type": "int"}, + "voice_enterprise": {"required": False, "type": "str", + "choices": ["disable", + "enable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap_group.py new file mode 100644 index 00000000..c39b3c0c --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_vap_group.py @@ -0,0 +1,304 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_vap_group +short_description: Configure virtual Access Point (VAP) groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and vap_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_vap_group: + description: + - Configure virtual Access Point (VAP) groups. + default: null + type: dict + suboptions: + comment: + description: + - Comment. + type: str + name: + description: + - Group Name + required: true + type: str + vaps: + description: + - List of SSIDs to be included in the VAP group. + type: list + suboptions: + name: + description: + - vap name Source wireless-controller.vap.name. + required: true + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure virtual Access Point (VAP) groups. + fortios_wireless_controller_vap_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_vap_group: + comment: "Comment." + name: "default_name_4" + vaps: + - + name: "default_name_6 (source wireless-controller.vap.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_vap_group_data(json): + option_list = ['comment', 'name', 'vaps'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_vap_group(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_vap_group_data = data['wireless_controller_vap_group'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_vap_group_data(wireless_controller_vap_group_data)) + + if state == "present": + return fos.set('wireless-controller', + 'vap-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'vap-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_vap_group']: + resp = wireless_controller_vap_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_vap_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_vap_group": { + "required": False, "type": "dict", "default": None, + "options": { + "comment": {"required": False, "type": "str"}, + "name": {"required": True, "type": "str"}, + "vaps": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wids_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wids_profile.py new file mode 100644 index 00000000..27c04239 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wids_profile.py @@ -0,0 +1,723 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_wids_profile +short_description: Configure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and wids_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + wireless_controller_wids_profile: + description: + - Configure wireless intrusion detection system (WIDS) profiles. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + ap_auto_suppress: + description: + - Enable/disable on-wire rogue AP auto-suppression . + type: str + choices: + - enable + - disable + ap_bgscan_disable_day: + description: + - Optionally turn off scanning for one or more days of the week. Separate the days with a space. By default, no days are set. + type: str + choices: + - sunday + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + ap_bgscan_disable_end: + description: + - 'End time, using a 24-hour clock in the format of hh:mm, for disabling background scanning .' + type: str + ap_bgscan_disable_start: + description: + - 'Start time, using a 24-hour clock in the format of hh:mm, for disabling background scanning .' + type: str + ap_bgscan_duration: + description: + - Listening time on a scanning channel (10 - 1000 msec). + type: int + ap_bgscan_idle: + description: + - Waiting time for channel inactivity before scanning this channel (0 - 1000 msec). + type: int + ap_bgscan_intv: + description: + - Period of time between scanning two channels (1 - 600 sec). + type: int + ap_bgscan_period: + description: + - Period of time between background scans (60 - 3600 sec). + type: int + ap_bgscan_report_intv: + description: + - Period of time between background scan reports (15 - 600 sec). + type: int + ap_fgscan_report_intv: + description: + - Period of time between foreground scan reports (15 - 600 sec). + type: int + ap_scan: + description: + - Enable/disable rogue AP detection. + type: str + choices: + - disable + - enable + ap_scan_passive: + description: + - Enable/disable passive scanning. Enable means do not send probe request on any channels . + type: str + choices: + - enable + - disable + asleap_attack: + description: + - Enable/disable asleap attack detection . + type: str + choices: + - enable + - disable + assoc_flood_thresh: + description: + - The threshold value for association frame flooding. + type: int + assoc_flood_time: + description: + - Number of seconds after which a station is considered not connected. + type: int + assoc_frame_flood: + description: + - Enable/disable association frame flooding detection . + type: str + choices: + - enable + - disable + auth_flood_thresh: + description: + - The threshold value for authentication frame flooding. + type: int + auth_flood_time: + description: + - Number of seconds after which a station is considered not connected. + type: int + auth_frame_flood: + description: + - Enable/disable authentication frame flooding detection . + type: str + choices: + - enable + - disable + comment: + description: + - Comment. + type: str + deauth_broadcast: + description: + - Enable/disable broadcasting de-authentication detection . + type: str + choices: + - enable + - disable + deauth_unknown_src_thresh: + description: + - 'Threshold value per second to deauth unknown src for DoS attack (0: no limit).' + type: int + eapol_fail_flood: + description: + - Enable/disable EAPOL-Failure flooding (to AP) detection . + type: str + choices: + - enable + - disable + eapol_fail_intv: + description: + - The detection interval for EAPOL-Failure flooding (1 - 3600 sec). + type: int + eapol_fail_thresh: + description: + - The threshold value for EAPOL-Failure flooding in specified interval. + type: int + eapol_logoff_flood: + description: + - Enable/disable EAPOL-Logoff flooding (to AP) detection . + type: str + choices: + - enable + - disable + eapol_logoff_intv: + description: + - The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). + type: int + eapol_logoff_thresh: + description: + - The threshold value for EAPOL-Logoff flooding in specified interval. + type: int + eapol_pre_fail_flood: + description: + - Enable/disable premature EAPOL-Failure flooding (to STA) detection . + type: str + choices: + - enable + - disable + eapol_pre_fail_intv: + description: + - The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). + type: int + eapol_pre_fail_thresh: + description: + - The threshold value for premature EAPOL-Failure flooding in specified interval. + type: int + eapol_pre_succ_flood: + description: + - Enable/disable premature EAPOL-Success flooding (to STA) detection . + type: str + choices: + - enable + - disable + eapol_pre_succ_intv: + description: + - The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). + type: int + eapol_pre_succ_thresh: + description: + - The threshold value for premature EAPOL-Success flooding in specified interval. + type: int + eapol_start_flood: + description: + - Enable/disable EAPOL-Start flooding (to AP) detection . + type: str + choices: + - enable + - disable + eapol_start_intv: + description: + - The detection interval for EAPOL-Start flooding (1 - 3600 sec). + type: int + eapol_start_thresh: + description: + - The threshold value for EAPOL-Start flooding in specified interval. + type: int + eapol_succ_flood: + description: + - Enable/disable EAPOL-Success flooding (to AP) detection . + type: str + choices: + - enable + - disable + eapol_succ_intv: + description: + - The detection interval for EAPOL-Success flooding (1 - 3600 sec). + type: int + eapol_succ_thresh: + description: + - The threshold value for EAPOL-Success flooding in specified interval. + type: int + invalid_mac_oui: + description: + - Enable/disable invalid MAC OUI detection. + type: str + choices: + - enable + - disable + long_duration_attack: + description: + - Enable/disable long duration attack detection based on user configured threshold . + type: str + choices: + - enable + - disable + long_duration_thresh: + description: + - Threshold value for long duration attack detection (1000 - 32767 usec). + type: int + name: + description: + - WIDS profile name. + required: true + type: str + null_ssid_probe_resp: + description: + - Enable/disable null SSID probe response detection . + type: str + choices: + - enable + - disable + sensor_mode: + description: + - Scan WiFi nearby stations . + type: str + choices: + - disable + - foreign + - both + spoofed_deauth: + description: + - Enable/disable spoofed de-authentication attack detection . + type: str + choices: + - enable + - disable + weak_wep_iv: + description: + - Enable/disable weak WEP IV (Initialization Vector) detection . + type: str + choices: + - enable + - disable + wireless_bridge: + description: + - Enable/disable wireless bridge detection . + type: str + choices: + - enable + - disable +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure wireless intrusion detection system (WIDS) profiles. + fortios_wireless_controller_wids_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wids_profile: + ap_auto_suppress: "enable" + ap_bgscan_disable_day: "sunday" + ap_bgscan_disable_end: "" + ap_bgscan_disable_start: "" + ap_bgscan_duration: "7" + ap_bgscan_idle: "8" + ap_bgscan_intv: "9" + ap_bgscan_period: "10" + ap_bgscan_report_intv: "11" + ap_fgscan_report_intv: "12" + ap_scan: "disable" + ap_scan_passive: "enable" + asleap_attack: "enable" + assoc_flood_thresh: "16" + assoc_flood_time: "17" + assoc_frame_flood: "enable" + auth_flood_thresh: "19" + auth_flood_time: "20" + auth_frame_flood: "enable" + comment: "Comment." + deauth_broadcast: "enable" + deauth_unknown_src_thresh: "24" + eapol_fail_flood: "enable" + eapol_fail_intv: "26" + eapol_fail_thresh: "27" + eapol_logoff_flood: "enable" + eapol_logoff_intv: "29" + eapol_logoff_thresh: "30" + eapol_pre_fail_flood: "enable" + eapol_pre_fail_intv: "32" + eapol_pre_fail_thresh: "33" + eapol_pre_succ_flood: "enable" + eapol_pre_succ_intv: "35" + eapol_pre_succ_thresh: "36" + eapol_start_flood: "enable" + eapol_start_intv: "38" + eapol_start_thresh: "39" + eapol_succ_flood: "enable" + eapol_succ_intv: "41" + eapol_succ_thresh: "42" + invalid_mac_oui: "enable" + long_duration_attack: "enable" + long_duration_thresh: "45" + name: "default_name_46" + null_ssid_probe_resp: "enable" + sensor_mode: "disable" + spoofed_deauth: "enable" + weak_wep_iv: "enable" + wireless_bridge: "enable" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_wids_profile_data(json): + option_list = ['ap_auto_suppress', 'ap_bgscan_disable_day', 'ap_bgscan_disable_end', + 'ap_bgscan_disable_start', 'ap_bgscan_duration', 'ap_bgscan_idle', + 'ap_bgscan_intv', 'ap_bgscan_period', 'ap_bgscan_report_intv', + 'ap_fgscan_report_intv', 'ap_scan', 'ap_scan_passive', + 'asleap_attack', 'assoc_flood_thresh', 'assoc_flood_time', + 'assoc_frame_flood', 'auth_flood_thresh', 'auth_flood_time', + 'auth_frame_flood', 'comment', 'deauth_broadcast', + 'deauth_unknown_src_thresh', 'eapol_fail_flood', 'eapol_fail_intv', + 'eapol_fail_thresh', 'eapol_logoff_flood', 'eapol_logoff_intv', + 'eapol_logoff_thresh', 'eapol_pre_fail_flood', 'eapol_pre_fail_intv', + 'eapol_pre_fail_thresh', 'eapol_pre_succ_flood', 'eapol_pre_succ_intv', + 'eapol_pre_succ_thresh', 'eapol_start_flood', 'eapol_start_intv', + 'eapol_start_thresh', 'eapol_succ_flood', 'eapol_succ_intv', + 'eapol_succ_thresh', 'invalid_mac_oui', 'long_duration_attack', + 'long_duration_thresh', 'name', 'null_ssid_probe_resp', + 'sensor_mode', 'spoofed_deauth', 'weak_wep_iv', + 'wireless_bridge'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_wids_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['wireless_controller_wids_profile'] and data['wireless_controller_wids_profile']['state']: + state = data['wireless_controller_wids_profile']['state'] + else: + state = True + wireless_controller_wids_profile_data = data['wireless_controller_wids_profile'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_wids_profile_data(wireless_controller_wids_profile_data)) + + if state == "present": + return fos.set('wireless-controller', + 'wids-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'wids-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_wids_profile']: + resp = wireless_controller_wids_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_wids_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_wids_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "ap_auto_suppress": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_bgscan_disable_day": {"required": False, "type": "str", + "choices": ["sunday", + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday"]}, + "ap_bgscan_disable_end": {"required": False, "type": "str"}, + "ap_bgscan_disable_start": {"required": False, "type": "str"}, + "ap_bgscan_duration": {"required": False, "type": "int"}, + "ap_bgscan_idle": {"required": False, "type": "int"}, + "ap_bgscan_intv": {"required": False, "type": "int"}, + "ap_bgscan_period": {"required": False, "type": "int"}, + "ap_bgscan_report_intv": {"required": False, "type": "int"}, + "ap_fgscan_report_intv": {"required": False, "type": "int"}, + "ap_scan": {"required": False, "type": "str", + "choices": ["disable", + "enable"]}, + "ap_scan_passive": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "asleap_attack": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "assoc_flood_thresh": {"required": False, "type": "int"}, + "assoc_flood_time": {"required": False, "type": "int"}, + "assoc_frame_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auth_flood_thresh": {"required": False, "type": "int"}, + "auth_flood_time": {"required": False, "type": "int"}, + "auth_frame_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "comment": {"required": False, "type": "str"}, + "deauth_broadcast": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "deauth_unknown_src_thresh": {"required": False, "type": "int"}, + "eapol_fail_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eapol_fail_intv": {"required": False, "type": "int"}, + "eapol_fail_thresh": {"required": False, "type": "int"}, + "eapol_logoff_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eapol_logoff_intv": {"required": False, "type": "int"}, + "eapol_logoff_thresh": {"required": False, "type": "int"}, + "eapol_pre_fail_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eapol_pre_fail_intv": {"required": False, "type": "int"}, + "eapol_pre_fail_thresh": {"required": False, "type": "int"}, + "eapol_pre_succ_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eapol_pre_succ_intv": {"required": False, "type": "int"}, + "eapol_pre_succ_thresh": {"required": False, "type": "int"}, + "eapol_start_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eapol_start_intv": {"required": False, "type": "int"}, + "eapol_start_thresh": {"required": False, "type": "int"}, + "eapol_succ_flood": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "eapol_succ_intv": {"required": False, "type": "int"}, + "eapol_succ_thresh": {"required": False, "type": "int"}, + "invalid_mac_oui": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "long_duration_attack": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "long_duration_thresh": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "null_ssid_probe_resp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "sensor_mode": {"required": False, "type": "str", + "choices": ["disable", + "foreign", + "both"]}, + "spoofed_deauth": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "weak_wep_iv": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "wireless_bridge": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp.py new file mode 100644 index 00000000..5a62a5d5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp.py @@ -0,0 +1,1201 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_wtp +short_description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and wtp category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + wireless_controller_wtp: + description: + - Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + admin: + description: + - Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP. + type: str + choices: + - discovered + - disable + - enable + allowaccess: + description: + - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. + type: str + choices: + - telnet + - http + - https + - ssh + bonjour_profile: + description: + - Bonjour profile name. Source wireless-controller.bonjour-profile.name. + type: str + coordinate_enable: + description: + - Enable/disable WTP coordinates (X,Y axis). + type: str + choices: + - enable + - disable + coordinate_latitude: + description: + - WTP latitude coordinate. + type: str + coordinate_longitude: + description: + - WTP longitude coordinate. + type: str + coordinate_x: + description: + - X axis coordinate. + type: str + coordinate_y: + description: + - Y axis coordinate. + type: str + image_download: + description: + - Enable/disable WTP image download. + type: str + choices: + - enable + - disable + index: + description: + - Index (0 - 4294967295). + type: int + ip_fragment_preventing: + description: + - Method by which IP fragmentation is prevented for CAPWAP tunneled control and data packets . + type: str + choices: + - tcp-mss-adjust + - icmp-unreachable + lan: + description: + - WTP LAN port mapping. + type: dict + suboptions: + port_mode: + description: + - LAN port mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port_ssid: + description: + - Bridge LAN port to SSID. Source wireless-controller.vap.name. + type: str + port1_mode: + description: + - LAN port 1 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port1_ssid: + description: + - Bridge LAN port 1 to SSID. Source wireless-controller.vap.name. + type: str + port2_mode: + description: + - LAN port 2 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port2_ssid: + description: + - Bridge LAN port 2 to SSID. Source wireless-controller.vap.name. + type: str + port3_mode: + description: + - LAN port 3 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port3_ssid: + description: + - Bridge LAN port 3 to SSID. Source wireless-controller.vap.name. + type: str + port4_mode: + description: + - LAN port 4 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port4_ssid: + description: + - Bridge LAN port 4 to SSID. Source wireless-controller.vap.name. + type: str + port5_mode: + description: + - LAN port 5 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port5_ssid: + description: + - Bridge LAN port 5 to SSID. Source wireless-controller.vap.name. + type: str + port6_mode: + description: + - LAN port 6 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port6_ssid: + description: + - Bridge LAN port 6 to SSID. Source wireless-controller.vap.name. + type: str + port7_mode: + description: + - LAN port 7 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port7_ssid: + description: + - Bridge LAN port 7 to SSID. Source wireless-controller.vap.name. + type: str + port8_mode: + description: + - LAN port 8 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port8_ssid: + description: + - Bridge LAN port 8 to SSID. Source wireless-controller.vap.name. + type: str + led_state: + description: + - Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting + in low light areas etc. + type: str + choices: + - enable + - disable + location: + description: + - Field for describing the physical location of the WTP, AP or FortiAP. + type: str + login_passwd: + description: + - Set the managed WTP, FortiAP, or AP"s administrator password. + type: str + login_passwd_change: + description: + - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). + type: str + choices: + - yes + - default + - no + mesh_bridge_enable: + description: + - Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP. + type: str + choices: + - default + - enable + - disable + name: + description: + - WTP, AP or FortiAP configuration name. + type: str + override_allowaccess: + description: + - Enable to override the WTP profile management access configuration. + type: str + choices: + - enable + - disable + override_ip_fragment: + description: + - Enable/disable overriding the WTP profile IP fragment prevention setting. + type: str + choices: + - enable + - disable + override_lan: + description: + - Enable to override the WTP profile LAN port setting. + type: str + choices: + - enable + - disable + override_led_state: + description: + - Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off + the FortiAP"s LEDs. + type: str + choices: + - enable + - disable + override_login_passwd_change: + description: + - Enable to override the WTP profile login-password (administrator password) setting. + type: str + choices: + - enable + - disable + override_split_tunnel: + description: + - Enable/disable overriding the WTP profile split tunneling setting. + type: str + choices: + - enable + - disable + override_wan_port_mode: + description: + - Enable/disable overriding the wan-port-mode in the WTP profile. + type: str + choices: + - enable + - disable + radio_1: + description: + - Configuration options for radio 1. + type: dict + suboptions: + auto_power_high: + description: + - Automatic transmission power high limit in decibels (dB) of the measured power referenced to one milliwatt (mW), or dBm (10 - 17 + dBm). + type: int + auto_power_level: + description: + - Enable/disable automatic power-level adjustment to prevent co-channel interference . + type: str + choices: + - enable + - disable + auto_power_low: + description: + - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). + type: int + band: + description: + - WiFi band that Radio 1 operates on. + type: str + choices: + - 802.11a + - 802.11b + - 802.11g + - 802.11n + - 802.11n-5G + - 802.11n,g-only + - 802.11g-only + - 802.11n-only + - 802.11n-5G-only + - 802.11ac + - 802.11ac,n-only + - 802.11ac-only + channel: + description: + - Selected list of wireless radio channels. + type: list + suboptions: + chan: + description: + - Channel number. + required: true + type: str + override_analysis: + description: + - Enable to override the WTP profile spectrum analysis configuration. + type: str + choices: + - enable + - disable + override_band: + description: + - Enable to override the WTP profile band setting. + type: str + choices: + - enable + - disable + override_channel: + description: + - Enable to override WTP profile channel settings. + type: str + choices: + - enable + - disable + override_txpower: + description: + - Enable to override the WTP profile power level configuration. + type: str + choices: + - enable + - disable + override_vaps: + description: + - Enable to override WTP profile Virtual Access Point (VAP) settings. + type: str + choices: + - enable + - disable + power_level: + description: + - Radio power level as a percentage of the maximum transmit power (0 - 100). + type: int + radio_id: + description: + - radio-id + type: int + spectrum_analysis: + description: + - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. + type: str + choices: + - enable + - disable + vap_all: + description: + - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . + type: str + choices: + - enable + - disable + vaps: + description: + - Manually selected list of Virtual Access Points (VAPs). + type: list + suboptions: + name: + description: + - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. + required: true + type: str + radio_2: + description: + - Configuration options for radio 2. + type: dict + suboptions: + auto_power_high: + description: + - Automatic transmission power high limit in decibels (dB) of the measured power referenced to one milliwatt (mW), or dBm (10 - 17 + dBm). + type: int + auto_power_level: + description: + - Enable/disable automatic power-level adjustment to prevent co-channel interference . + type: str + choices: + - enable + - disable + auto_power_low: + description: + - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). + type: int + band: + description: + - WiFi band that Radio 1 operates on. + type: str + choices: + - 802.11a + - 802.11b + - 802.11g + - 802.11n + - 802.11n-5G + - 802.11n,g-only + - 802.11g-only + - 802.11n-only + - 802.11n-5G-only + - 802.11ac + - 802.11ac,n-only + - 802.11ac-only + channel: + description: + - Selected list of wireless radio channels. + type: list + suboptions: + chan: + description: + - Channel number. + required: true + type: str + override_analysis: + description: + - Enable to override the WTP profile spectrum analysis configuration. + type: str + choices: + - enable + - disable + override_band: + description: + - Enable to override the WTP profile band setting. + type: str + choices: + - enable + - disable + override_channel: + description: + - Enable to override WTP profile channel settings. + type: str + choices: + - enable + - disable + override_txpower: + description: + - Enable to override the WTP profile power level configuration. + type: str + choices: + - enable + - disable + override_vaps: + description: + - Enable to override WTP profile Virtual Access Point (VAP) settings. + type: str + choices: + - enable + - disable + power_level: + description: + - Radio power level as a percentage of the maximum transmit power (0 - 100). + type: int + radio_id: + description: + - radio-id + type: int + spectrum_analysis: + description: + - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. + type: str + choices: + - enable + - disable + vap_all: + description: + - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . + type: str + choices: + - enable + - disable + vaps: + description: + - Manually selected list of Virtual Access Points (VAPs). + type: list + suboptions: + name: + description: + - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. + required: true + type: str + split_tunneling_acl: + description: + - Split tunneling ACL filter list. + type: list + suboptions: + dest_ip: + description: + - Destination IP and mask for the split-tunneling subnet. + type: str + id: + description: + - ID. + required: true + type: int + split_tunneling_acl_local_ap_subnet: + description: + - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . + type: str + choices: + - enable + - disable + split_tunneling_acl_path: + description: + - Split tunneling ACL path is local/tunnel. + type: str + choices: + - tunnel + - local + tun_mtu_downlink: + description: + - Downlink tunnel MTU in octets. Set the value to either 0 (by default), 576, or 1500. + type: int + tun_mtu_uplink: + description: + - Uplink tunnel maximum transmission unit (MTU) in octets (eight-bit bytes). Set the value to either 0 (by default), 576, or 1500. + type: int + wan_port_mode: + description: + - Enable/disable using the FortiAP WAN port as a LAN port. + type: str + choices: + - wan-lan + - wan-only + wtp_id: + description: + - WTP ID. + type: str + wtp_mode: + description: + - WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not + remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode. + type: str + choices: + - normal + - remote + wtp_profile: + description: + - WTP profile name to apply to this WTP, AP or FortiAP. Source wireless-controller.wtp-profile.name. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate. + fortios_wireless_controller_wtp: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wtp: + admin: "discovered" + allowaccess: "telnet" + bonjour_profile: " (source wireless-controller.bonjour-profile.name)" + coordinate_enable: "enable" + coordinate_latitude: "" + coordinate_longitude: "" + coordinate_x: "" + coordinate_y: "" + image_download: "enable" + index: "12" + ip_fragment_preventing: "tcp-mss-adjust" + lan: + port_mode: "offline" + port_ssid: " (source wireless-controller.vap.name)" + port1_mode: "offline" + port1_ssid: " (source wireless-controller.vap.name)" + port2_mode: "offline" + port2_ssid: " (source wireless-controller.vap.name)" + port3_mode: "offline" + port3_ssid: " (source wireless-controller.vap.name)" + port4_mode: "offline" + port4_ssid: " (source wireless-controller.vap.name)" + port5_mode: "offline" + port5_ssid: " (source wireless-controller.vap.name)" + port6_mode: "offline" + port6_ssid: " (source wireless-controller.vap.name)" + port7_mode: "offline" + port7_ssid: " (source wireless-controller.vap.name)" + port8_mode: "offline" + port8_ssid: " (source wireless-controller.vap.name)" + led_state: "enable" + location: "" + login_passwd: "" + login_passwd_change: "yes" + mesh_bridge_enable: "default" + name: "default_name_38" + override_allowaccess: "enable" + override_ip_fragment: "enable" + override_lan: "enable" + override_led_state: "enable" + override_login_passwd_change: "enable" + override_split_tunnel: "enable" + override_wan_port_mode: "enable" + radio_1: + auto_power_high: "47" + auto_power_level: "enable" + auto_power_low: "49" + band: "802.11a" + channel: + - + chan: "" + override_analysis: "enable" + override_band: "enable" + override_channel: "enable" + override_txpower: "enable" + override_vaps: "enable" + power_level: "58" + radio_id: "59" + spectrum_analysis: "enable" + vap_all: "enable" + vaps: + - + name: "default_name_63 (source wireless-controller.vap-group.name wireless-controller.vap.name)" + radio_2: + auto_power_high: "65" + auto_power_level: "enable" + auto_power_low: "67" + band: "802.11a" + channel: + - + chan: "" + override_analysis: "enable" + override_band: "enable" + override_channel: "enable" + override_txpower: "enable" + override_vaps: "enable" + power_level: "76" + radio_id: "77" + spectrum_analysis: "enable" + vap_all: "enable" + vaps: + - + name: "default_name_81 (source wireless-controller.vap-group.name wireless-controller.vap.name)" + split_tunneling_acl: + - + dest_ip: "" + id: "84" + split_tunneling_acl_local_ap_subnet: "enable" + split_tunneling_acl_path: "tunnel" + tun_mtu_downlink: "87" + tun_mtu_uplink: "88" + wan_port_mode: "wan-lan" + wtp_id: "" + wtp_mode: "normal" + wtp_profile: " (source wireless-controller.wtp-profile.name)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_wtp_data(json): + option_list = ['admin', 'allowaccess', 'bonjour_profile', + 'coordinate_enable', 'coordinate_latitude', 'coordinate_longitude', + 'coordinate_x', 'coordinate_y', 'image_download', + 'index', 'ip_fragment_preventing', 'lan', + 'led_state', 'location', 'login_passwd', + 'login_passwd_change', 'mesh_bridge_enable', 'name', + 'override_allowaccess', 'override_ip_fragment', 'override_lan', + 'override_led_state', 'override_login_passwd_change', 'override_split_tunnel', + 'override_wan_port_mode', 'radio_1', 'radio_2', + 'split_tunneling_acl', 'split_tunneling_acl_local_ap_subnet', 'split_tunneling_acl_path', + 'tun_mtu_downlink', 'tun_mtu_uplink', 'wan_port_mode', + 'wtp_id', 'wtp_mode', 'wtp_profile'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_wtp(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['wireless_controller_wtp'] and data['wireless_controller_wtp']['state']: + state = data['wireless_controller_wtp']['state'] + else: + state = True + wireless_controller_wtp_data = data['wireless_controller_wtp'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_wtp_data(wireless_controller_wtp_data)) + + if state == "present": + return fos.set('wireless-controller', + 'wtp', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'wtp', + mkey=filtered_data['wtp-id'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_wtp']: + resp = wireless_controller_wtp(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_wtp')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'wtp-id' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_wtp": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "admin": {"required": False, "type": "str", + "choices": ["discovered", + "disable", + "enable"]}, + "allowaccess": {"required": False, "type": "str", + "choices": ["telnet", + "http", + "https", + "ssh"]}, + "bonjour_profile": {"required": False, "type": "str"}, + "coordinate_enable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "coordinate_latitude": {"required": False, "type": "str"}, + "coordinate_longitude": {"required": False, "type": "str"}, + "coordinate_x": {"required": False, "type": "str"}, + "coordinate_y": {"required": False, "type": "str"}, + "image_download": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "index": {"required": False, "type": "int"}, + "ip_fragment_preventing": {"required": False, "type": "str", + "choices": ["tcp-mss-adjust", + "icmp-unreachable"]}, + "lan": {"required": False, "type": "dict", + "options": { + "port_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port_ssid": {"required": False, "type": "str"}, + "port1_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port1_ssid": {"required": False, "type": "str"}, + "port2_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port2_ssid": {"required": False, "type": "str"}, + "port3_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port3_ssid": {"required": False, "type": "str"}, + "port4_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port4_ssid": {"required": False, "type": "str"}, + "port5_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port5_ssid": {"required": False, "type": "str"}, + "port6_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port6_ssid": {"required": False, "type": "str"}, + "port7_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port7_ssid": {"required": False, "type": "str"}, + "port8_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port8_ssid": {"required": False, "type": "str"} + }}, + "led_state": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "location": {"required": False, "type": "str"}, + "login_passwd": {"required": False, "type": "str"}, + "login_passwd_change": {"required": False, "type": "str", + "choices": ["yes", + "default", + "no"]}, + "mesh_bridge_enable": {"required": False, "type": "str", + "choices": ["default", + "enable", + "disable"]}, + "name": {"required": False, "type": "str"}, + "override_allowaccess": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_ip_fragment": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_lan": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_led_state": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_login_passwd_change": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_split_tunnel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_wan_port_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "radio_1": {"required": False, "type": "dict", + "options": { + "auto_power_high": {"required": False, "type": "int"}, + "auto_power_level": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_power_low": {"required": False, "type": "int"}, + "band": {"required": False, "type": "str", + "choices": ["802.11a", + "802.11b", + "802.11g", + "802.11n", + "802.11n-5G", + "802.11n,g-only", + "802.11g-only", + "802.11n-only", + "802.11n-5G-only", + "802.11ac", + "802.11ac,n-only", + "802.11ac-only"]}, + "channel": {"required": False, "type": "list", + "options": { + "chan": {"required": True, "type": "str"} + }}, + "override_analysis": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_band": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_channel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_txpower": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_vaps": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "power_level": {"required": False, "type": "int"}, + "radio_id": {"required": False, "type": "int"}, + "spectrum_analysis": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vap_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vaps": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "radio_2": {"required": False, "type": "dict", + "options": { + "auto_power_high": {"required": False, "type": "int"}, + "auto_power_level": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_power_low": {"required": False, "type": "int"}, + "band": {"required": False, "type": "str", + "choices": ["802.11a", + "802.11b", + "802.11g", + "802.11n", + "802.11n-5G", + "802.11n,g-only", + "802.11g-only", + "802.11n-only", + "802.11n-5G-only", + "802.11ac", + "802.11ac,n-only", + "802.11ac-only"]}, + "channel": {"required": False, "type": "list", + "options": { + "chan": {"required": True, "type": "str"} + }}, + "override_analysis": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_band": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_channel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_txpower": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "override_vaps": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "power_level": {"required": False, "type": "int"}, + "radio_id": {"required": False, "type": "int"}, + "spectrum_analysis": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vap_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vaps": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }} + }}, + "split_tunneling_acl": {"required": False, "type": "list", + "options": { + "dest_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "split_tunneling_acl_local_ap_subnet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "split_tunneling_acl_path": {"required": False, "type": "str", + "choices": ["tunnel", + "local"]}, + "tun_mtu_downlink": {"required": False, "type": "int"}, + "tun_mtu_uplink": {"required": False, "type": "int"}, + "wan_port_mode": {"required": False, "type": "str", + "choices": ["wan-lan", + "wan-only"]}, + "wtp_id": {"required": False, "type": "str"}, + "wtp_mode": {"required": False, "type": "str", + "choices": ["normal", + "remote"]}, + "wtp_profile": {"required": False, "type": "str"} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_group.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_group.py new file mode 100644 index 00000000..c2a97e7f --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_group.py @@ -0,0 +1,408 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_wtp_group +short_description: Configure WTP groups in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and wtp_group category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.9" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + type: str + required: true + choices: + - present + - absent + wireless_controller_wtp_group: + description: + - Configure WTP groups. + default: null + type: dict + suboptions: + name: + description: + - WTP group name. + required: true + type: str + platform_type: + description: + - FortiAP models to define the WTP group platform type. + type: str + choices: + - AP-11N + - 220B + - 210B + - 222B + - 112B + - 320B + - 11C + - 14C + - 223B + - 28C + - 320C + - 221C + - 25D + - 222C + - 224D + - 214B + - 21D + - 24D + - 112D + - 223C + - 321C + - C220C + - C225C + - C23JD + - C24JE + - S321C + - S322C + - S323C + - S311C + - S313C + - S321CR + - S322CR + - S323CR + - S421E + - S422E + - S423E + - 421E + - 423E + - 221E + - 222E + - 223E + - 224E + - S221E + - S223E + - U421E + - U422EV + - U423E + - U221EV + - U223EV + - U24JEV + - U321EV + - U323EV + wtps: + description: + - WTP list. + type: list + suboptions: + wtp_id: + description: + - WTP ID. Source wireless-controller.wtp.wtp-id. + type: str +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WTP groups. + fortios_wireless_controller_wtp_group: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wtp_group: + name: "default_name_3" + platform_type: "AP-11N" + wtps: + - + wtp_id: " (source wireless-controller.wtp.wtp-id)" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_wtp_group_data(json): + option_list = ['name', 'platform_type', 'wtps'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_wtp_group(data, fos): + vdom = data['vdom'] + state = data['state'] + wireless_controller_wtp_group_data = data['wireless_controller_wtp_group'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_wtp_group_data(wireless_controller_wtp_group_data)) + + if state == "present": + return fos.set('wireless-controller', + 'wtp-group', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'wtp-group', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_wtp_group']: + resp = wireless_controller_wtp_group(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_wtp_group')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": True, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_wtp_group": { + "required": False, "type": "dict", "default": None, + "options": { + "name": {"required": True, "type": "str"}, + "platform_type": {"required": False, "type": "str", + "choices": ["AP-11N", + "220B", + "210B", + "222B", + "112B", + "320B", + "11C", + "14C", + "223B", + "28C", + "320C", + "221C", + "25D", + "222C", + "224D", + "214B", + "21D", + "24D", + "112D", + "223C", + "321C", + "C220C", + "C225C", + "C23JD", + "C24JE", + "S321C", + "S322C", + "S323C", + "S311C", + "S313C", + "S321CR", + "S322CR", + "S323CR", + "S421E", + "S422E", + "S423E", + "421E", + "423E", + "221E", + "222E", + "223E", + "224E", + "S221E", + "S223E", + "U421E", + "U422EV", + "U423E", + "U221EV", + "U223EV", + "U24JEV", + "U321EV", + "U323EV"]}, + "wtps": {"required": False, "type": "list", + "options": { + "wtp_id": {"required": False, "type": "str"} + }} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_profile.py b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_profile.py new file mode 100644 index 00000000..0e589b7d --- /dev/null +++ b/collections-debian-merged/ansible_collections/fortinet/fortios/plugins/modules/fortios_wireless_controller_wtp_profile.py @@ -0,0 +1,2251 @@ +#!/usr/bin/python +from __future__ import (absolute_import, division, print_function) +# Copyright 2019-2020 Fortinet, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'metadata_version': '1.1'} + +DOCUMENTATION = ''' +--- +module: fortios_wireless_controller_wtp_profile +short_description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet's FortiOS and FortiGate. +description: + - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the + user to set and modify wireless_controller feature and wtp_profile category. + Examples include all parameters and values need to be adjusted to datasources before usage. + Tested with FOS v6.0.0 +version_added: "2.8" +author: + - Link Zheng (@chillancezen) + - Jie Xue (@JieX19) + - Hongbin Lu (@fgtdev-hblu) + - Frank Shen (@frankshen01) + - Miguel Angel Munoz (@mamunozgonzalez) + - Nicolas Thomas (@thomnico) +notes: + - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks + +requirements: + - ansible>=2.9.0 +options: + access_token: + description: + - Token-based authentication. + Generated from GUI of Fortigate. + type: str + required: false + vdom: + description: + - Virtual domain, among those defined previously. A vdom is a + virtual instance of the FortiGate that can be configured and + used as a different unit. + type: str + default: root + + state: + description: + - Indicates whether to create or remove the object. + This attribute was present already in previous version in a deeper level. + It has been moved out to this outer level. + type: str + required: false + choices: + - present + - absent + version_added: 2.9 + wireless_controller_wtp_profile: + description: + - Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. + default: null + type: dict + suboptions: + state: + description: + - B(Deprecated) + - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. + - HORIZONTALLINE + - Indicates whether to create or remove the object. + type: str + required: false + choices: + - present + - absent + allowaccess: + description: + - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. + type: str + choices: + - telnet + - http + - https + - ssh + ap_country: + description: + - Country in which this WTP, FortiAP or AP will operate . + type: str + choices: + - NA + - AL + - DZ + - AO + - AR + - AM + - AU + - AT + - AZ + - BH + - BD + - BB + - BY + - BE + - BZ + - BO + - BA + - BR + - BN + - BG + - KH + - CL + - CN + - CO + - CR + - HR + - CY + - CZ + - DK + - DO + - EC + - EG + - SV + - EE + - FI + - FR + - GE + - DE + - GR + - GL + - GD + - GU + - GT + - HT + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IE + - IL + - IT + - JM + - JO + - KZ + - KE + - KP + - KR + - KW + - LV + - LB + - LI + - LT + - LU + - MO + - MK + - MY + - MT + - MX + - MC + - MA + - MZ + - MM + - NP + - NL + - AN + - AW + - NZ + - NO + - OM + - PK + - PA + - PG + - PY + - PE + - PH + - PL + - PT + - PR + - QA + - RO + - RU + - RW + - SA + - RS + - ME + - SG + - SK + - SI + - ZA + - ES + - LK + - SE + - SD + - CH + - SY + - TW + - TZ + - TH + - TT + - TN + - TR + - AE + - UA + - GB + - US + - PS + - UY + - UZ + - VE + - VN + - YE + - ZB + - ZW + - JP + - CA + ble_profile: + description: + - Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name. + type: str + comment: + description: + - Comment. + type: str + control_message_offload: + description: + - Enable/disable CAPWAP control message data channel offload. + type: str + choices: + - ebp-frame + - aeroscout-tag + - ap-list + - sta-list + - sta-cap-list + - stats + - aeroscout-mu + deny_mac_list: + description: + - List of MAC addresses that are denied access to this WTP, FortiAP, or AP. + type: list + suboptions: + id: + description: + - ID. + required: true + type: int + mac: + description: + - A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. + type: str + dtls_in_kernel: + description: + - Enable/disable data channel DTLS in kernel. + type: str + choices: + - enable + - disable + dtls_policy: + description: + - WTP data channel DTLS policy . + type: str + choices: + - clear-text + - dtls-enabled + - ipsec-vpn + energy_efficient_ethernet: + description: + - Enable/disable use of energy efficient Ethernet on WTP. + type: str + choices: + - enable + - disable + ext_info_enable: + description: + - Enable/disable station/VAP/radio extension information. + type: str + choices: + - enable + - disable + handoff_roaming: + description: + - Enable/disable client load balancing during roaming to avoid roaming delay . + type: str + choices: + - enable + - disable + handoff_rssi: + description: + - Minimum received signal strength indicator (RSSI) value for handoff (20 - 30). + type: int + handoff_sta_thresh: + description: + - Threshold value for AP handoff (5 - 35). + type: int + ip_fragment_preventing: + description: + - Select how to prevent IP fragmentation for CAPWAP tunneled control and data packets . + type: str + choices: + - tcp-mss-adjust + - icmp-unreachable + lan: + description: + - WTP LAN port mapping. + type: dict + suboptions: + port_mode: + description: + - LAN port mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port_ssid: + description: + - Bridge LAN port to SSID. Source wireless-controller.vap.name. + type: str + port1_mode: + description: + - LAN port 1 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port1_ssid: + description: + - Bridge LAN port 1 to SSID. Source wireless-controller.vap.name. + type: str + port2_mode: + description: + - LAN port 2 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port2_ssid: + description: + - Bridge LAN port 2 to SSID. Source wireless-controller.vap.name. + type: str + port3_mode: + description: + - LAN port 3 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port3_ssid: + description: + - Bridge LAN port 3 to SSID. Source wireless-controller.vap.name. + type: str + port4_mode: + description: + - LAN port 4 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port4_ssid: + description: + - Bridge LAN port 4 to SSID. Source wireless-controller.vap.name. + type: str + port5_mode: + description: + - LAN port 5 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port5_ssid: + description: + - Bridge LAN port 5 to SSID. Source wireless-controller.vap.name. + type: str + port6_mode: + description: + - LAN port 6 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port6_ssid: + description: + - Bridge LAN port 6 to SSID. Source wireless-controller.vap.name. + type: str + port7_mode: + description: + - LAN port 7 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port7_ssid: + description: + - Bridge LAN port 7 to SSID. Source wireless-controller.vap.name. + type: str + port8_mode: + description: + - LAN port 8 mode. + type: str + choices: + - offline + - nat-to-wan + - bridge-to-wan + - bridge-to-ssid + port8_ssid: + description: + - Bridge LAN port 8 to SSID. Source wireless-controller.vap.name. + type: str + lbs: + description: + - Set various location based service (LBS) options. + type: dict + suboptions: + aeroscout: + description: + - Enable/disable AeroScout Real Time Location Service (RTLS) support. + type: str + choices: + - enable + - disable + aeroscout_ap_mac: + description: + - Use BSSID or board MAC address as AP MAC address in the Aeroscout AP message. + type: str + choices: + - bssid + - board-mac + aeroscout_mmu_report: + description: + - Enable/disable MU compounded report. + type: str + choices: + - enable + - disable + aeroscout_mu: + description: + - Enable/disable AeroScout support. + type: str + choices: + - enable + - disable + aeroscout_mu_factor: + description: + - AeroScout Mobile Unit (MU) mode dilution factor . + type: int + aeroscout_mu_timeout: + description: + - AeroScout MU mode timeout (0 - 65535 sec). + type: int + aeroscout_server_ip: + description: + - IP address of AeroScout server. + type: str + aeroscout_server_port: + description: + - AeroScout server UDP listening port. + type: int + ekahau_blink_mode: + description: + - Enable/disable Ekahua blink mode (also called AiRISTA Flow Blink Mode) to find the location of devices connected to a wireless + LAN . + type: str + choices: + - enable + - disable + ekahau_tag: + description: + - WiFi frame MAC address or WiFi Tag. + type: str + erc_server_ip: + description: + - IP address of Ekahua RTLS Controller (ERC). + type: str + erc_server_port: + description: + - Ekahua RTLS Controller (ERC) UDP listening port. + type: int + fortipresence: + description: + - Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don"t connect to this WiFi + network . + type: str + choices: + - foreign + - both + - disable + fortipresence_frequency: + description: + - FortiPresence report transmit frequency (5 - 65535 sec). + type: int + fortipresence_port: + description: + - FortiPresence server UDP listening port . + type: int + fortipresence_project: + description: + - FortiPresence project name (max. 16 characters). + type: str + fortipresence_rogue: + description: + - Enable/disable FortiPresence finding and reporting rogue APs. + type: str + choices: + - enable + - disable + fortipresence_secret: + description: + - FortiPresence secret password (max. 16 characters). + type: str + fortipresence_server: + description: + - FortiPresence server IP address. + type: str + fortipresence_unassoc: + description: + - Enable/disable FortiPresence finding and reporting unassociated stations. + type: str + choices: + - enable + - disable + station_locate: + description: + - Enable/disable client station locating services for all clients, whether associated or not . + type: str + choices: + - enable + - disable + led_schedules: + description: + - Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of + the schedules is valid. Separate multiple schedule names with a space. + type: list + suboptions: + name: + description: + - LED schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name. + required: true + type: str + led_state: + description: + - Enable/disable use of LEDs on WTP . + type: str + choices: + - enable + - disable + lldp: + description: + - Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP . + type: str + choices: + - enable + - disable + login_passwd: + description: + - Set the managed WTP, FortiAP, or AP"s administrator password. + type: str + login_passwd_change: + description: + - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). + type: str + choices: + - yes + - default + - no + max_clients: + description: + - Maximum number of stations (STAs) supported by the WTP . + type: int + name: + description: + - WTP (or FortiAP or AP) profile name. + required: true + type: str + platform: + description: + - WTP, FortiAP, or AP platform. + type: dict + suboptions: + type: + description: + - WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in + profile and customize it or create a new profile. + type: str + choices: + - AP-11N + - 220B + - 210B + - 222B + - 112B + - 320B + - 11C + - 14C + - 223B + - 28C + - 320C + - 221C + - 25D + - 222C + - 224D + - 214B + - 21D + - 24D + - 112D + - 223C + - 321C + - C220C + - C225C + - C23JD + - C24JE + - S321C + - S322C + - S323C + - S311C + - S313C + - S321CR + - S322CR + - S323CR + - S421E + - S422E + - S423E + - 421E + - 423E + - 221E + - 222E + - 223E + - 224E + - S221E + - S223E + - U421E + - U422EV + - U423E + - U221EV + - U223EV + - U24JEV + - U321EV + - U323EV + poe_mode: + description: + - Set the WTP, FortiAP, or AP"s PoE mode. + type: str + choices: + - auto + - 8023af + - 8023at + - power-adapter + radio_1: + description: + - Configuration options for radio 1. + type: dict + suboptions: + amsdu: + description: + - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . + type: str + choices: + - enable + - disable + ap_handoff: + description: + - Enable/disable AP handoff of clients to other APs . + type: str + choices: + - enable + - disable + ap_sniffer_addr: + description: + - MAC address to monitor. + type: str + ap_sniffer_bufsize: + description: + - Sniffer buffer size (1 - 32 MB). + type: int + ap_sniffer_chan: + description: + - Channel on which to operate the sniffer . + type: int + ap_sniffer_ctl: + description: + - Enable/disable sniffer on WiFi control frame . + type: str + choices: + - enable + - disable + ap_sniffer_data: + description: + - Enable/disable sniffer on WiFi data frame . + type: str + choices: + - enable + - disable + ap_sniffer_mgmt_beacon: + description: + - Enable/disable sniffer on WiFi management Beacon frames . + type: str + choices: + - enable + - disable + ap_sniffer_mgmt_other: + description: + - Enable/disable sniffer on WiFi management other frames . + type: str + choices: + - enable + - disable + ap_sniffer_mgmt_probe: + description: + - Enable/disable sniffer on WiFi management probe frames . + type: str + choices: + - enable + - disable + auto_power_high: + description: + - Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). + type: int + auto_power_level: + description: + - Enable/disable automatic power-level adjustment to prevent co-channel interference . + type: str + choices: + - enable + - disable + auto_power_low: + description: + - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). + type: int + band: + description: + - WiFi band that Radio 1 operates on. + type: str + choices: + - 802.11a + - 802.11b + - 802.11g + - 802.11n + - 802.11n-5G + - 802.11ac + - 802.11n,g-only + - 802.11g-only + - 802.11n-only + - 802.11n-5G-only + - 802.11ac,n-only + - 802.11ac-only + bandwidth_admission_control: + description: + - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless + network is only allowed if the access point has enough bandwidth to support it. + type: str + choices: + - enable + - disable + bandwidth_capacity: + description: + - Maximum bandwidth capacity allowed (1 - 600000 Kbps). + type: int + beacon_interval: + description: + - Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). + type: int + call_admission_control: + description: + - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are + only accepted if there is enough bandwidth available to support them. + type: str + choices: + - enable + - disable + call_capacity: + description: + - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). + type: int + channel: + description: + - Selected list of wireless radio channels. + type: list + suboptions: + chan: + description: + - Channel number. + required: true + type: str + channel_bonding: + description: + - 'Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.' + type: str + choices: + - 80MHz + - 40MHz + - 20MHz + channel_utilization: + description: + - Enable/disable measuring channel utilization. + type: str + choices: + - enable + - disable + coexistence: + description: + - Enable/disable allowing both HT20 and HT40 on the same radio . + type: str + choices: + - enable + - disable + darrp: + description: + - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal + channel . + type: str + choices: + - enable + - disable + dtim: + description: + - DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to + save client battery life. + type: int + frag_threshold: + description: + - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). + type: int + frequency_handoff: + description: + - Enable/disable frequency handoff of clients to other channels . + type: str + choices: + - enable + - disable + max_clients: + description: + - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. + type: int + max_distance: + description: + - Maximum expected distance between the AP and clients (0 - 54000 m). + type: int + mode: + description: + - Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. + type: str + choices: + - disabled + - ap + - monitor + - sniffer + power_level: + description: + - Radio power level as a percentage of the maximum transmit power (0 - 100). + type: int + powersave_optimize: + description: + - Enable client power-saving features such as TIM, AC VO, and OBSS etc. + type: str + choices: + - tim + - ac-vo + - no-obss-scan + - no-11b-rate + - client-rate-follow + protection_mode: + description: + - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). + type: str + choices: + - rtscts + - ctsonly + - disable + radio_id: + description: + - radio-id + type: int + rts_threshold: + description: + - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). + type: int + short_guard_interval: + description: + - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. + type: str + choices: + - enable + - disable + spectrum_analysis: + description: + - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. + type: str + choices: + - enable + - disable + transmit_optimize: + description: + - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by + default. + type: str + choices: + - disable + - power-save + - aggr-limit + - retry-limit + - send-bar + vap_all: + description: + - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . + type: str + choices: + - enable + - disable + vaps: + description: + - Manually selected list of Virtual Access Points (VAPs). + type: list + suboptions: + name: + description: + - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. + required: true + type: str + wids_profile: + description: + - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. + type: str + radio_2: + description: + - Configuration options for radio 2. + type: dict + suboptions: + amsdu: + description: + - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . + type: str + choices: + - enable + - disable + ap_handoff: + description: + - Enable/disable AP handoff of clients to other APs . + type: str + choices: + - enable + - disable + ap_sniffer_addr: + description: + - MAC address to monitor. + type: str + ap_sniffer_bufsize: + description: + - Sniffer buffer size (1 - 32 MB). + type: int + ap_sniffer_chan: + description: + - Channel on which to operate the sniffer . + type: int + ap_sniffer_ctl: + description: + - Enable/disable sniffer on WiFi control frame . + type: str + choices: + - enable + - disable + ap_sniffer_data: + description: + - Enable/disable sniffer on WiFi data frame . + type: str + choices: + - enable + - disable + ap_sniffer_mgmt_beacon: + description: + - Enable/disable sniffer on WiFi management Beacon frames . + type: str + choices: + - enable + - disable + ap_sniffer_mgmt_other: + description: + - Enable/disable sniffer on WiFi management other frames . + type: str + choices: + - enable + - disable + ap_sniffer_mgmt_probe: + description: + - Enable/disable sniffer on WiFi management probe frames . + type: str + choices: + - enable + - disable + auto_power_high: + description: + - Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). + type: int + auto_power_level: + description: + - Enable/disable automatic power-level adjustment to prevent co-channel interference . + type: str + choices: + - enable + - disable + auto_power_low: + description: + - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). + type: int + band: + description: + - WiFi band that Radio 2 operates on. + type: str + choices: + - 802.11a + - 802.11b + - 802.11g + - 802.11n + - 802.11n-5G + - 802.11ac + - 802.11n,g-only + - 802.11g-only + - 802.11n-only + - 802.11n-5G-only + - 802.11ac,n-only + - 802.11ac-only + bandwidth_admission_control: + description: + - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless + network is only allowed if the access point has enough bandwidth to support it. + type: str + choices: + - enable + - disable + bandwidth_capacity: + description: + - Maximum bandwidth capacity allowed (1 - 600000 Kbps). + type: int + beacon_interval: + description: + - Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). + type: int + call_admission_control: + description: + - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are + only accepted if there is enough bandwidth available to support them. + type: str + choices: + - enable + - disable + call_capacity: + description: + - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). + type: int + channel: + description: + - Selected list of wireless radio channels. + type: list + suboptions: + chan: + description: + - Channel number. + required: true + type: str + channel_bonding: + description: + - 'Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.' + type: str + choices: + - 80MHz + - 40MHz + - 20MHz + channel_utilization: + description: + - Enable/disable measuring channel utilization. + type: str + choices: + - enable + - disable + coexistence: + description: + - Enable/disable allowing both HT20 and HT40 on the same radio . + type: str + choices: + - enable + - disable + darrp: + description: + - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal + channel . + type: str + choices: + - enable + - disable + dtim: + description: + - DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to + save client battery life. + type: int + frag_threshold: + description: + - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). + type: int + frequency_handoff: + description: + - Enable/disable frequency handoff of clients to other channels . + type: str + choices: + - enable + - disable + max_clients: + description: + - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. + type: int + max_distance: + description: + - Maximum expected distance between the AP and clients (0 - 54000 m). + type: int + mode: + description: + - Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. + type: str + choices: + - disabled + - ap + - monitor + - sniffer + power_level: + description: + - Radio power level as a percentage of the maximum transmit power (0 - 100). + type: int + powersave_optimize: + description: + - Enable client power-saving features such as TIM, AC VO, and OBSS etc. + type: str + choices: + - tim + - ac-vo + - no-obss-scan + - no-11b-rate + - client-rate-follow + protection_mode: + description: + - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). + type: str + choices: + - rtscts + - ctsonly + - disable + radio_id: + description: + - radio-id + type: int + rts_threshold: + description: + - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). + type: int + short_guard_interval: + description: + - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. + type: str + choices: + - enable + - disable + spectrum_analysis: + description: + - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. + type: str + choices: + - enable + - disable + transmit_optimize: + description: + - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by + default. + type: str + choices: + - disable + - power-save + - aggr-limit + - retry-limit + - send-bar + vap_all: + description: + - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . + type: str + choices: + - enable + - disable + vaps: + description: + - Manually selected list of Virtual Access Points (VAPs). + type: list + suboptions: + name: + description: + - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. + required: true + type: str + wids_profile: + description: + - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. + type: str + split_tunneling_acl: + description: + - Split tunneling ACL filter list. + type: list + suboptions: + dest_ip: + description: + - Destination IP and mask for the split-tunneling subnet. + type: str + id: + description: + - ID. + required: true + type: int + split_tunneling_acl_local_ap_subnet: + description: + - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . + type: str + choices: + - enable + - disable + split_tunneling_acl_path: + description: + - Split tunneling ACL path is local/tunnel. + type: str + choices: + - tunnel + - local + tun_mtu_downlink: + description: + - Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes). + type: int + tun_mtu_uplink: + description: + - Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes). + type: int + wan_port_mode: + description: + - Enable/disable using a WAN port as a LAN port. + type: str + choices: + - wan-lan + - wan-only +''' + +EXAMPLES = ''' +- hosts: fortigates + collections: + - fortinet.fortios + connection: httpapi + vars: + vdom: "root" + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + ansible_httpapi_port: 443 + tasks: + - name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. + fortios_wireless_controller_wtp_profile: + vdom: "{{ vdom }}" + state: "present" + access_token: "" + wireless_controller_wtp_profile: + allowaccess: "telnet" + ap_country: "NA" + ble_profile: " (source wireless-controller.ble-profile.name)" + comment: "Comment." + control_message_offload: "ebp-frame" + deny_mac_list: + - + id: "9" + mac: "" + dtls_in_kernel: "enable" + dtls_policy: "clear-text" + energy_efficient_ethernet: "enable" + ext_info_enable: "enable" + handoff_roaming: "enable" + handoff_rssi: "16" + handoff_sta_thresh: "17" + ip_fragment_preventing: "tcp-mss-adjust" + lan: + port_mode: "offline" + port_ssid: " (source wireless-controller.vap.name)" + port1_mode: "offline" + port1_ssid: " (source wireless-controller.vap.name)" + port2_mode: "offline" + port2_ssid: " (source wireless-controller.vap.name)" + port3_mode: "offline" + port3_ssid: " (source wireless-controller.vap.name)" + port4_mode: "offline" + port4_ssid: " (source wireless-controller.vap.name)" + port5_mode: "offline" + port5_ssid: " (source wireless-controller.vap.name)" + port6_mode: "offline" + port6_ssid: " (source wireless-controller.vap.name)" + port7_mode: "offline" + port7_ssid: " (source wireless-controller.vap.name)" + port8_mode: "offline" + port8_ssid: " (source wireless-controller.vap.name)" + lbs: + aeroscout: "enable" + aeroscout_ap_mac: "bssid" + aeroscout_mmu_report: "enable" + aeroscout_mu: "enable" + aeroscout_mu_factor: "43" + aeroscout_mu_timeout: "44" + aeroscout_server_ip: "" + aeroscout_server_port: "46" + ekahau_blink_mode: "enable" + ekahau_tag: "" + erc_server_ip: "" + erc_server_port: "50" + fortipresence: "foreign" + fortipresence_frequency: "52" + fortipresence_port: "53" + fortipresence_project: "" + fortipresence_rogue: "enable" + fortipresence_secret: "" + fortipresence_server: "" + fortipresence_unassoc: "enable" + station_locate: "enable" + led_schedules: + - + name: "default_name_61 (source firewall.schedule.group.name firewall.schedule.recurring.name)" + led_state: "enable" + lldp: "enable" + login_passwd: "" + login_passwd_change: "yes" + max_clients: "66" + name: "default_name_67" + platform: + type: "AP-11N" + poe_mode: "auto" + radio_1: + amsdu: "enable" + ap_handoff: "enable" + ap_sniffer_addr: "" + ap_sniffer_bufsize: "75" + ap_sniffer_chan: "76" + ap_sniffer_ctl: "enable" + ap_sniffer_data: "enable" + ap_sniffer_mgmt_beacon: "enable" + ap_sniffer_mgmt_other: "enable" + ap_sniffer_mgmt_probe: "enable" + auto_power_high: "82" + auto_power_level: "enable" + auto_power_low: "84" + band: "802.11a" + bandwidth_admission_control: "enable" + bandwidth_capacity: "87" + beacon_interval: "88" + call_admission_control: "enable" + call_capacity: "90" + channel: + - + chan: "" + channel_bonding: "80MHz" + channel_utilization: "enable" + coexistence: "enable" + darrp: "enable" + dtim: "97" + frag_threshold: "98" + frequency_handoff: "enable" + max_clients: "100" + max_distance: "101" + mode: "disabled" + power_level: "103" + powersave_optimize: "tim" + protection_mode: "rtscts" + radio_id: "106" + rts_threshold: "107" + short_guard_interval: "enable" + spectrum_analysis: "enable" + transmit_optimize: "disable" + vap_all: "enable" + vaps: + - + name: "default_name_113 (source wireless-controller.vap-group.name wireless-controller.vap.name)" + wids_profile: " (source wireless-controller.wids-profile.name)" + radio_2: + amsdu: "enable" + ap_handoff: "enable" + ap_sniffer_addr: "" + ap_sniffer_bufsize: "119" + ap_sniffer_chan: "120" + ap_sniffer_ctl: "enable" + ap_sniffer_data: "enable" + ap_sniffer_mgmt_beacon: "enable" + ap_sniffer_mgmt_other: "enable" + ap_sniffer_mgmt_probe: "enable" + auto_power_high: "126" + auto_power_level: "enable" + auto_power_low: "128" + band: "802.11a" + bandwidth_admission_control: "enable" + bandwidth_capacity: "131" + beacon_interval: "132" + call_admission_control: "enable" + call_capacity: "134" + channel: + - + chan: "" + channel_bonding: "80MHz" + channel_utilization: "enable" + coexistence: "enable" + darrp: "enable" + dtim: "141" + frag_threshold: "142" + frequency_handoff: "enable" + max_clients: "144" + max_distance: "145" + mode: "disabled" + power_level: "147" + powersave_optimize: "tim" + protection_mode: "rtscts" + radio_id: "150" + rts_threshold: "151" + short_guard_interval: "enable" + spectrum_analysis: "enable" + transmit_optimize: "disable" + vap_all: "enable" + vaps: + - + name: "default_name_157 (source wireless-controller.vap-group.name wireless-controller.vap.name)" + wids_profile: " (source wireless-controller.wids-profile.name)" + split_tunneling_acl: + - + dest_ip: "" + id: "161" + split_tunneling_acl_local_ap_subnet: "enable" + split_tunneling_acl_path: "tunnel" + tun_mtu_downlink: "164" + tun_mtu_uplink: "165" + wan_port_mode: "wan-lan" + +''' + +RETURN = ''' +build: + description: Build number of the fortigate image + returned: always + type: str + sample: '1547' +http_method: + description: Last method used to provision the content into FortiGate + returned: always + type: str + sample: 'PUT' +http_status: + description: Last result given by FortiGate on last operation applied + returned: always + type: str + sample: "200" +mkey: + description: Master key (id) used in the last call to FortiGate + returned: success + type: str + sample: "id" +name: + description: Name of the table used to fulfill the request + returned: always + type: str + sample: "urlfilter" +path: + description: Path of the table used to fulfill the request + returned: always + type: str + sample: "webfilter" +revision: + description: Internal revision number + returned: always + type: str + sample: "17.0.2.10658" +serial: + description: Serial number of the unit + returned: always + type: str + sample: "FGVMEVYYQT3AB5352" +status: + description: Indication of the operation's result + returned: always + type: str + sample: "success" +vdom: + description: Virtual domain used + returned: always + type: str + sample: "root" +version: + description: Version of the FortiGate + returned: always + type: str + sample: "v5.6.3" + +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler +from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi +from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG + + +def filter_wireless_controller_wtp_profile_data(json): + option_list = ['allowaccess', 'ap_country', 'ble_profile', + 'comment', 'control_message_offload', 'deny_mac_list', + 'dtls_in_kernel', 'dtls_policy', 'energy_efficient_ethernet', + 'ext_info_enable', 'handoff_roaming', 'handoff_rssi', + 'handoff_sta_thresh', 'ip_fragment_preventing', 'lan', + 'lbs', 'led_schedules', 'led_state', + 'lldp', 'login_passwd', 'login_passwd_change', + 'max_clients', 'name', 'platform', + 'poe_mode', 'radio_1', 'radio_2', + 'split_tunneling_acl', 'split_tunneling_acl_local_ap_subnet', 'split_tunneling_acl_path', + 'tun_mtu_downlink', 'tun_mtu_uplink', 'wan_port_mode'] + dictionary = {} + + for attribute in option_list: + if attribute in json and json[attribute] is not None: + dictionary[attribute] = json[attribute] + + return dictionary + + +def underscore_to_hyphen(data): + if isinstance(data, list): + for i, elem in enumerate(data): + data[i] = underscore_to_hyphen(elem) + elif isinstance(data, dict): + new_data = {} + for k, v in data.items(): + new_data[k.replace('_', '-')] = underscore_to_hyphen(v) + data = new_data + + return data + + +def wireless_controller_wtp_profile(data, fos): + vdom = data['vdom'] + if 'state' in data and data['state']: + state = data['state'] + elif 'state' in data['wireless_controller_wtp_profile'] and data['wireless_controller_wtp_profile']['state']: + state = data['wireless_controller_wtp_profile']['state'] + else: + state = True + wireless_controller_wtp_profile_data = data['wireless_controller_wtp_profile'] + filtered_data = underscore_to_hyphen(filter_wireless_controller_wtp_profile_data(wireless_controller_wtp_profile_data)) + + if state == "present": + return fos.set('wireless-controller', + 'wtp-profile', + data=filtered_data, + vdom=vdom) + + elif state == "absent": + return fos.delete('wireless-controller', + 'wtp-profile', + mkey=filtered_data['name'], + vdom=vdom) + else: + fos._module.fail_json(msg='state must be present or absent!') + + +def is_successful_status(status): + return status['status'] == "success" or \ + status['http_method'] == "DELETE" and status['http_status'] == 404 + + +def fortios_wireless_controller(data, fos): + + if data['wireless_controller_wtp_profile']: + resp = wireless_controller_wtp_profile(data, fos) + else: + fos._module.fail_json(msg='missing task body: %s' % ('wireless_controller_wtp_profile')) + + return not is_successful_status(resp), \ + resp['status'] == "success" and \ + (resp['revision_changed'] if 'revision_changed' in resp else True), \ + resp + + +def main(): + mkeyname = 'name' + fields = { + "access_token": {"required": False, "type": "str", "no_log": True}, + "vdom": {"required": False, "type": "str", "default": "root"}, + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "wireless_controller_wtp_profile": { + "required": False, "type": "dict", "default": None, + "options": { + "state": {"required": False, "type": "str", + "choices": ["present", "absent"]}, + "allowaccess": {"required": False, "type": "str", + "choices": ["telnet", + "http", + "https", + "ssh"]}, + "ap_country": {"required": False, "type": "str", + "choices": ["NA", + "AL", + "DZ", + "AO", + "AR", + "AM", + "AU", + "AT", + "AZ", + "BH", + "BD", + "BB", + "BY", + "BE", + "BZ", + "BO", + "BA", + "BR", + "BN", + "BG", + "KH", + "CL", + "CN", + "CO", + "CR", + "HR", + "CY", + "CZ", + "DK", + "DO", + "EC", + "EG", + "SV", + "EE", + "FI", + "FR", + "GE", + "DE", + "GR", + "GL", + "GD", + "GU", + "GT", + "HT", + "HN", + "HK", + "HU", + "IS", + "IN", + "ID", + "IR", + "IE", + "IL", + "IT", + "JM", + "JO", + "KZ", + "KE", + "KP", + "KR", + "KW", + "LV", + "LB", + "LI", + "LT", + "LU", + "MO", + "MK", + "MY", + "MT", + "MX", + "MC", + "MA", + "MZ", + "MM", + "NP", + "NL", + "AN", + "AW", + "NZ", + "NO", + "OM", + "PK", + "PA", + "PG", + "PY", + "PE", + "PH", + "PL", + "PT", + "PR", + "QA", + "RO", + "RU", + "RW", + "SA", + "RS", + "ME", + "SG", + "SK", + "SI", + "ZA", + "ES", + "LK", + "SE", + "SD", + "CH", + "SY", + "TW", + "TZ", + "TH", + "TT", + "TN", + "TR", + "AE", + "UA", + "GB", + "US", + "PS", + "UY", + "UZ", + "VE", + "VN", + "YE", + "ZB", + "ZW", + "JP", + "CA"]}, + "ble_profile": {"required": False, "type": "str"}, + "comment": {"required": False, "type": "str"}, + "control_message_offload": {"required": False, "type": "str", + "choices": ["ebp-frame", + "aeroscout-tag", + "ap-list", + "sta-list", + "sta-cap-list", + "stats", + "aeroscout-mu"]}, + "deny_mac_list": {"required": False, "type": "list", + "options": { + "id": {"required": True, "type": "int"}, + "mac": {"required": False, "type": "str"} + }}, + "dtls_in_kernel": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dtls_policy": {"required": False, "type": "str", + "choices": ["clear-text", + "dtls-enabled", + "ipsec-vpn"]}, + "energy_efficient_ethernet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ext_info_enable": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "handoff_roaming": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "handoff_rssi": {"required": False, "type": "int"}, + "handoff_sta_thresh": {"required": False, "type": "int"}, + "ip_fragment_preventing": {"required": False, "type": "str", + "choices": ["tcp-mss-adjust", + "icmp-unreachable"]}, + "lan": {"required": False, "type": "dict", + "options": { + "port_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port_ssid": {"required": False, "type": "str"}, + "port1_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port1_ssid": {"required": False, "type": "str"}, + "port2_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port2_ssid": {"required": False, "type": "str"}, + "port3_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port3_ssid": {"required": False, "type": "str"}, + "port4_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port4_ssid": {"required": False, "type": "str"}, + "port5_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port5_ssid": {"required": False, "type": "str"}, + "port6_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port6_ssid": {"required": False, "type": "str"}, + "port7_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port7_ssid": {"required": False, "type": "str"}, + "port8_mode": {"required": False, "type": "str", + "choices": ["offline", + "nat-to-wan", + "bridge-to-wan", + "bridge-to-ssid"]}, + "port8_ssid": {"required": False, "type": "str"} + }}, + "lbs": {"required": False, "type": "dict", + "options": { + "aeroscout": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "aeroscout_ap_mac": {"required": False, "type": "str", + "choices": ["bssid", + "board-mac"]}, + "aeroscout_mmu_report": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "aeroscout_mu": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "aeroscout_mu_factor": {"required": False, "type": "int"}, + "aeroscout_mu_timeout": {"required": False, "type": "int"}, + "aeroscout_server_ip": {"required": False, "type": "str"}, + "aeroscout_server_port": {"required": False, "type": "int"}, + "ekahau_blink_mode": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ekahau_tag": {"required": False, "type": "str"}, + "erc_server_ip": {"required": False, "type": "str"}, + "erc_server_port": {"required": False, "type": "int"}, + "fortipresence": {"required": False, "type": "str", + "choices": ["foreign", + "both", + "disable"]}, + "fortipresence_frequency": {"required": False, "type": "int"}, + "fortipresence_port": {"required": False, "type": "int"}, + "fortipresence_project": {"required": False, "type": "str"}, + "fortipresence_rogue": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "fortipresence_secret": {"required": False, "type": "str"}, + "fortipresence_server": {"required": False, "type": "str"}, + "fortipresence_unassoc": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "station_locate": {"required": False, "type": "str", + "choices": ["enable", + "disable"]} + }}, + "led_schedules": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "led_state": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "lldp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "login_passwd": {"required": False, "type": "str"}, + "login_passwd_change": {"required": False, "type": "str", + "choices": ["yes", + "default", + "no"]}, + "max_clients": {"required": False, "type": "int"}, + "name": {"required": True, "type": "str"}, + "platform": {"required": False, "type": "dict", + "options": { + "type": {"required": False, "type": "str", + "choices": ["AP-11N", + "220B", + "210B", + "222B", + "112B", + "320B", + "11C", + "14C", + "223B", + "28C", + "320C", + "221C", + "25D", + "222C", + "224D", + "214B", + "21D", + "24D", + "112D", + "223C", + "321C", + "C220C", + "C225C", + "C23JD", + "C24JE", + "S321C", + "S322C", + "S323C", + "S311C", + "S313C", + "S321CR", + "S322CR", + "S323CR", + "S421E", + "S422E", + "S423E", + "421E", + "423E", + "221E", + "222E", + "223E", + "224E", + "S221E", + "S223E", + "U421E", + "U422EV", + "U423E", + "U221EV", + "U223EV", + "U24JEV", + "U321EV", + "U323EV"]} + }}, + "poe_mode": {"required": False, "type": "str", + "choices": ["auto", + "8023af", + "8023at", + "power-adapter"]}, + "radio_1": {"required": False, "type": "dict", + "options": { + "amsdu": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_handoff": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_addr": {"required": False, "type": "str"}, + "ap_sniffer_bufsize": {"required": False, "type": "int"}, + "ap_sniffer_chan": {"required": False, "type": "int"}, + "ap_sniffer_ctl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_data": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_mgmt_beacon": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_mgmt_other": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_mgmt_probe": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_power_high": {"required": False, "type": "int"}, + "auto_power_level": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_power_low": {"required": False, "type": "int"}, + "band": {"required": False, "type": "str", + "choices": ["802.11a", + "802.11b", + "802.11g", + "802.11n", + "802.11n-5G", + "802.11ac", + "802.11n,g-only", + "802.11g-only", + "802.11n-only", + "802.11n-5G-only", + "802.11ac,n-only", + "802.11ac-only"]}, + "bandwidth_admission_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bandwidth_capacity": {"required": False, "type": "int"}, + "beacon_interval": {"required": False, "type": "int"}, + "call_admission_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "call_capacity": {"required": False, "type": "int"}, + "channel": {"required": False, "type": "list", + "options": { + "chan": {"required": True, "type": "str"} + }}, + "channel_bonding": {"required": False, "type": "str", + "choices": ["80MHz", + "40MHz", + "20MHz"]}, + "channel_utilization": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "coexistence": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "darrp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dtim": {"required": False, "type": "int"}, + "frag_threshold": {"required": False, "type": "int"}, + "frequency_handoff": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_clients": {"required": False, "type": "int"}, + "max_distance": {"required": False, "type": "int"}, + "mode": {"required": False, "type": "str", + "choices": ["disabled", + "ap", + "monitor", + "sniffer"]}, + "power_level": {"required": False, "type": "int"}, + "powersave_optimize": {"required": False, "type": "str", + "choices": ["tim", + "ac-vo", + "no-obss-scan", + "no-11b-rate", + "client-rate-follow"]}, + "protection_mode": {"required": False, "type": "str", + "choices": ["rtscts", + "ctsonly", + "disable"]}, + "radio_id": {"required": False, "type": "int"}, + "rts_threshold": {"required": False, "type": "int"}, + "short_guard_interval": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "spectrum_analysis": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "transmit_optimize": {"required": False, "type": "str", + "choices": ["disable", + "power-save", + "aggr-limit", + "retry-limit", + "send-bar"]}, + "vap_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vaps": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "wids_profile": {"required": False, "type": "str"} + }}, + "radio_2": {"required": False, "type": "dict", + "options": { + "amsdu": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_handoff": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_addr": {"required": False, "type": "str"}, + "ap_sniffer_bufsize": {"required": False, "type": "int"}, + "ap_sniffer_chan": {"required": False, "type": "int"}, + "ap_sniffer_ctl": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_data": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_mgmt_beacon": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_mgmt_other": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "ap_sniffer_mgmt_probe": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_power_high": {"required": False, "type": "int"}, + "auto_power_level": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "auto_power_low": {"required": False, "type": "int"}, + "band": {"required": False, "type": "str", + "choices": ["802.11a", + "802.11b", + "802.11g", + "802.11n", + "802.11n-5G", + "802.11ac", + "802.11n,g-only", + "802.11g-only", + "802.11n-only", + "802.11n-5G-only", + "802.11ac,n-only", + "802.11ac-only"]}, + "bandwidth_admission_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "bandwidth_capacity": {"required": False, "type": "int"}, + "beacon_interval": {"required": False, "type": "int"}, + "call_admission_control": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "call_capacity": {"required": False, "type": "int"}, + "channel": {"required": False, "type": "list", + "options": { + "chan": {"required": True, "type": "str"} + }}, + "channel_bonding": {"required": False, "type": "str", + "choices": ["80MHz", + "40MHz", + "20MHz"]}, + "channel_utilization": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "coexistence": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "darrp": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "dtim": {"required": False, "type": "int"}, + "frag_threshold": {"required": False, "type": "int"}, + "frequency_handoff": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "max_clients": {"required": False, "type": "int"}, + "max_distance": {"required": False, "type": "int"}, + "mode": {"required": False, "type": "str", + "choices": ["disabled", + "ap", + "monitor", + "sniffer"]}, + "power_level": {"required": False, "type": "int"}, + "powersave_optimize": {"required": False, "type": "str", + "choices": ["tim", + "ac-vo", + "no-obss-scan", + "no-11b-rate", + "client-rate-follow"]}, + "protection_mode": {"required": False, "type": "str", + "choices": ["rtscts", + "ctsonly", + "disable"]}, + "radio_id": {"required": False, "type": "int"}, + "rts_threshold": {"required": False, "type": "int"}, + "short_guard_interval": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "spectrum_analysis": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "transmit_optimize": {"required": False, "type": "str", + "choices": ["disable", + "power-save", + "aggr-limit", + "retry-limit", + "send-bar"]}, + "vap_all": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "vaps": {"required": False, "type": "list", + "options": { + "name": {"required": True, "type": "str"} + }}, + "wids_profile": {"required": False, "type": "str"} + }}, + "split_tunneling_acl": {"required": False, "type": "list", + "options": { + "dest_ip": {"required": False, "type": "str"}, + "id": {"required": True, "type": "int"} + }}, + "split_tunneling_acl_local_ap_subnet": {"required": False, "type": "str", + "choices": ["enable", + "disable"]}, + "split_tunneling_acl_path": {"required": False, "type": "str", + "choices": ["tunnel", + "local"]}, + "tun_mtu_downlink": {"required": False, "type": "int"}, + "tun_mtu_uplink": {"required": False, "type": "int"}, + "wan_port_mode": {"required": False, "type": "str", + "choices": ["wan-lan", + "wan-only"]} + + } + } + } + + check_legacy_fortiosapi() + module = AnsibleModule(argument_spec=fields, + supports_check_mode=False) + + versions_check_result = None + if module._socket_path: + connection = Connection(module._socket_path) + if 'access_token' in module.params: + connection.set_option('access_token', module.params['access_token']) + + fos = FortiOSHandler(connection, module, mkeyname) + + is_error, has_changed, result = fortios_wireless_controller(module.params, fos) + versions_check_result = connection.get_system_version() + else: + module.fail_json(**FAIL_SOCKET_MSG) + + if versions_check_result and versions_check_result['matched'] is False: + module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv") + + if not is_error: + if versions_check_result and versions_check_result['matched'] is False: + module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) + else: + module.exit_json(changed=has_changed, meta=result) + else: + if versions_check_result and versions_check_result['matched'] is False: + module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) + else: + module.fail_json(msg="Error in repo", meta=result) + + +if __name__ == '__main__': + main() -- cgit v1.2.3