archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FortiManager Plugin Module Conversion: fmgr_fwpol_ipv4 (#52785)

Browse Source 
* Auto Commit for: fmgr_fwpol_ipv4

* Auto Commit for: fmgr_fwpol_ipv4
pull/53054/head
ftntcorecse 6 years ago committed by Nilashish Chakraborty
parent 0c874a022b
commit 2efacfcdad
3 changed files with 703 additions and 1371 deletions
Show Stats Download Patch File Download Diff File

271
lib/ansible/modules/network/fortimanager/fmgr_fwpol_ipv4.py
Unescape Escape View File

@ -28,6 +28,8 @@ DOCUMENTATION = '''
---
module: fmgr_fwpol_ipv4
version_added: "2.8"
notes:
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
author:
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
@ -43,21 +45,6 @@ options:
required: false
default: root
host:
description:
- The FortiManager's address.
required: true
username:
description:
- The username associated with the account.
required: true
password:
description:
- The password associated with the username account.
required: true
mode:
description:
- Sets one of three modes for managing the object.
@ -913,9 +900,6 @@ options:
EXAMPLES = '''
- name: ADD VERY BASIC IPV4 POLICY WITH NO NAT (WIDE OPEN)
fmgr_fwpol_ipv4:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
mode: "set"
adom: "ansible"
package_name: "default"
@ -932,9 +916,6 @@ EXAMPLES = '''
- name: ADD VERY BASIC IPV4 POLICY WITH NAT AND MULTIPLE ENTRIES
fmgr_fwpol_ipv4:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
mode: "set"
adom: "ansible"
package_name: "default"
@ -953,9 +934,6 @@ EXAMPLES = '''
- name: ADD VERY BASIC IPV4 POLICY WITH NAT AND MULTIPLE ENTRIES AND SEC PROFILES
fmgr_fwpol_ipv4:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
mode: "set"
adom: "ansible"
package_name: "default"
@ -983,45 +961,47 @@ api_result:
type: str
"""
from ansible.module_utils.basic import AnsibleModule, env_fallback
from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager
# check for pyFMG lib
try:
from pyFMG.fortimgr import FortiManager
HAS_PYFMGR = True
except ImportError:
HAS_PYFMGR = False
###############
# START METHODS
###############
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
from ansible.module_utils.network.fortimanager.common import FMGBaseException
from ansible.module_utils.network.fortimanager.common import FMGRCommon
from ansible.module_utils.network.fortimanager.common import FMGRMethods
from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
from ansible.module_utils.network.fortimanager.common import prepare_dict
from ansible.module_utils.network.fortimanager.common import scrub_dict
def fmgr_firewall_policy_addsetdelete(fmg, paramgram):
def fmgr_firewall_policy_modify(fmgr, paramgram):
"""
fmgr_firewall_policy -- Add/Set/Deletes Firewall Policy Objects defined in the "paramgram"
:param fmgr: The fmgr object instance from fmgr_utils.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
mode = paramgram["mode"]
adom = paramgram["adom"]
# INIT A BASIC OBJECTS
response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"})
response = DEFAULT_RESULT_OBJ
url = ""
datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/pkg/{pkg}/firewall/policy'.format(adom=adom, pkg=paramgram["package_name"])
datagram = fmgr_del_none(fmgr_prepare_dict(paramgram))
datagram = scrub_dict((prepare_dict(paramgram)))
del datagram["package_name"]
datagram = fmgr_split_comma_strings_into_lists(datagram)
datagram = fmgr._tools.split_comma_strings_into_lists(datagram)
# EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete":
# WE NEED TO GET THE POLICY ID FROM THE NAME OF THE POLICY
url = '/pm/config/adom/{adom}/pkg/{pkg}/firewall' \
'/policy/{policyid}'.format(adom=paramgram["adom"],
pkg=paramgram["package_name"],
@ -1030,127 +1010,10 @@ def fmgr_firewall_policy_addsetdelete(fmg, paramgram):
"policyid": paramgram["policyid"]
}
# IF MODE = SET -- USE THE 'SET' API CALL MODE
if mode == "set":
response = fmg.set(url, datagram)
# IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
elif mode == "update":
response = fmg.update(url, datagram)
# IF MODE = ADD -- USE THE 'ADD' API CALL MODE
elif mode == "add":
response = fmg.add(url, datagram)
# IF MODE = DELETE -- USE THE DELETE URL AND API CALL MODE
elif mode == "delete":
response = fmg.delete(url, datagram)
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
# ADDITIONAL COMMON FUNCTIONS
# FUNCTION/METHOD FOR LOGGING OUT AND ANALYZING ERROR CODES
def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
"""
THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
"""
# VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
if msg != "NULL" and len(results) == 0:
try:
fmg.logout()
except Exception:
pass
module.fail_json(msg=msg)
# SUBMISSION ERROR
if len(results) > 0:
if msg == "NULL":
try:
msg = results[1]['status']['message']
except Exception:
msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
if results[0] not in good_codes:
if logout_on_fail:
fmg.logout()
module.fail_json(msg=msg, **results[1])
else:
if logout_on_success:
fmg.logout()
module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
**results[1])
return msg
# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
def fmgr_cidr_to_netmask(cidr):
cidr = int(cidr)
mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
return (str((0xff000000 & mask) >> 24) + '.' +
str((0x00ff0000 & mask) >> 16) + '.' +
str((0x0000ff00 & mask) >> 8) + '.' +
str((0x000000ff & mask)))
# utility function: removing keys wih value of None, nothing in playbook for that key
def fmgr_del_none(obj):
if isinstance(obj, dict):
return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
else:
return obj
# utility function: remove keys that are need for the logic but the FMG API won't accept them
def fmgr_prepare_dict(obj):
list_of_elems = ["mode", "adom", "host", "username", "password"]
if isinstance(obj, dict):
obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
return obj
def fmgr_is_empty_dict(obj):
return_val = False
if isinstance(obj, dict):
if len(obj) > 0:
for k, v in obj.items():
if isinstance(v, dict):
if len(v) == 0:
return_val = True
elif len(v) > 0:
for k1, v1 in v.items():
if v1 is None:
return_val = True
elif v1 is not None:
return_val = False
return return_val
elif v is None:
return_val = True
elif v is not None:
return_val = False
return return_val
elif len(obj) == 0:
return_val = True
return return_val
def fmgr_split_comma_strings_into_lists(obj):
if isinstance(obj, dict):
if len(obj) > 0:
for k, v in obj.items():
if isinstance(v, str):
new_list = list()
if "," in v:
new_items = v.split(",")
for item in new_items:
new_list.append(item.strip())
obj[k] = new_list
return obj
#############
# END METHODS
#############
@ -1159,9 +1022,6 @@ def fmgr_split_comma_strings_into_lists(obj):
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
package_name=dict(type="str", required=False, default="default"),
@ -1298,8 +1158,7 @@ def main():
)
module = AnsibleModule(argument_spec, supports_check_mode=False)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
@ -1438,34 +1297,22 @@ def main():
"subnet": module.params["vpn_src_node_subnet"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['vpn_dst_node', 'vpn_src_node']
for list_variable in list_overrides:
override_data = list()
try:
override_data = module.params[list_variable]
except Exception:
pass
try:
if override_data:
del paramgram[list_variable]
paramgram[list_variable] = override_data
except Exception:
pass
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None or password is None:
module.fail_json(msg="Host and username and password are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["mode"] == "delete":
# WE NEED TO GET THE POLICY ID FROM THE NAME OF THE POLICY TO DELETE IT
url = '/pm/config/adom/{adom}/pkg/{pkg}/firewall' \
@ -1474,34 +1321,26 @@ def main():
datagram = {
"filter": ["name", "==", paramgram["name"]]
}
response = fmg.get(url, datagram)
response = fmgr.process_request(url, datagram, FMGRMethods.GET)
try:
if response[1][0]["policyid"]:
policy_id = response[1][0]["policyid"]
paramgram["policyid"] = policy_id
except Exception:
fmgr_logout(fmg, module, results=response, msg="Couldn't get Policy ID from name, delete failed")
results = fmgr_firewall_policy_addsetdelete(fmg, paramgram)
if results[0] == -10131:
fmgr_logout(fmg, module, results=results, good_codes=[0, -9998, ],
msg=str(results[0]) + " - Object Dependency Failed. Do the objects named in parameters exist?!")
elif results[0] == -3:
fmgr_logout(fmg, module, results=results, good_codes=[0, -3],
msg="Couldn't Delete - Policy Doesn't Exist")
elif results[0] == 0:
fmgr_logout(fmg, module, results=results, good_codes=[0, -9998],
msg="Successfully Set FW Policy")
elif results[0] not in [0, -9998]:
fmgr_logout(fmg, module, results=results, good_codes=[0, -9998],
msg=str(results[0]) + "Could not set FW policy.")
fmg.logout()
if results is not None:
except BaseException:
fmgr.return_response(module=module, results=response, good_codes=[0, ], stop_on_success=True,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram),
msg="Couldn't find policy ID number for policy name specified.")
except Exception as err:
raise FMGBaseException(err)
try:
results = fmgr_firewall_policy_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results, good_codes=[0, -9998],
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
else:
return module.exit_json(msg="No results were returned from the API call.")
if __name__ == "__main__":

343
test/units/modules/network/fortimanager/fixtures/test_fmgr_fwpol_ipv4.json
Unescape Escape View File

@ -1,5 +1,5 @@
{
"fmgr_firewall_policy_addsetdelete": [
"fmgr_firewall_policy_modify": [
{
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy",
"paramgram_used": {
@ -139,15 +139,43 @@
"radius-mac-auth-bypass": null,
"vpntunnel": null
},
"datagram_sent": {
"name": "Basic_IPv4_Policy",
"service": "ALL",
"schedule": "always",
"comments": "Created by Ansible",
"srcaddr": "all",
"dstintf": "any",
"srcintf": "any",
"action": "accept",
"dstaddr": "all",
"logtraffic": "utm"
},
"raw_response": {
"policyid": 25
"policyid": 36
},
"post_method": "set"
},
{
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy",
"raw_response": {
"policyid": 26
"policyid": 37
},
"datagram_sent": {
"name": "Basic_IPv4_Policy_2",
"service": [
"HTTP",
"HTTPS"
],
"schedule": "always",
"comments": "Created by Ansible",
"srcaddr": "all",
"dstintf": "any",
"srcintf": "any",
"nat": "enable",
"action": "accept",
"dstaddr": "google-play",
"logtraffic": "utm"
},
"paramgram_used": {
"package_name": "default",
@ -288,297 +316,6 @@
},
"post_method": "set"
},
{
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy",
"paramgram_used": {
"wanopt-passive-opt": null,
"package_name": "default",
"wanopt-detection": null,
"scan-botnet-connections": null,
"profile-group": null,
"wanopt-peer": null,
"dscp-match": null,
"replacemsg-override-group": null,
"internet-service-negate": null,
"np-acceleration": null,
"learning-mode": null,
"session-ttl": null,
"ntlm-guest": null,
"ips-sensor": "default",
"diffservcode-rev": null,
"match-vip": null,
"natip": null,
"dlp-sensor": null,
"traffic-shaper": null,
"groups": null,
"schedule-timeout": null,
"name": "Basic_IPv4_Policy_3",
"tcp-session-without-syn": null,
"ntlm": null,
"permit-stun-host": null,
"diffservcode-forward": null,
"internet-service-src-custom": null,
"mode": "set",
"disclaimer": null,
"rtp-nat": null,
"auth-cert": null,
"timeout-send-rst": null,
"auth-redirect-addr": null,
"ssl-mirror-intf": null,
"identity-based-route": null,
"natoutbound": null,
"wanopt-profile": null,
"per-ip-shaper": null,
"profile-protocol-options": null,
"diffserv-forward": null,
"poolname": null,
"comments": "Created by Ansible",
"label": null,
"global-label": null,
"firewall-session-dirty": null,
"wanopt": null,
"schedule": "always",
"internet-service-id": null,
"auth-path": null,
"vlan-cos-fwd": null,
"custom-log-fields": null,
"dstintf": "zone_wan1, zone_wan2",
"srcintf": "zone_int1",
"block-notification": null,
"internet-service-src-id": null,
"redirect-url": null,
"waf-profile": null,
"ntlm-enabled-browsers": null,
"dscp-negate": null,
"action": "accept",
"fsso-agent-for-ntlm": null,
"logtraffic": "utm",
"vlan-filter": null,
"policyid": null,
"logtraffic-start": null,
"webcache-https": null,
"webfilter-profile": null,
"internet-service-src": null,
"webcache": null,
"utm-status": null,
"vpn_src_node": {
"subnet": null,
"host": null,
"seq": null
},
"ippool": null,
"service": "HTTP, HTTPS",
"wccp": null,
"auto-asic-offload": null,
"dscp-value": null,
"url-category": null,
"capture-packet": null,
"adom": "ansible",
"inbound": null,
"internet-service": null,
"profile-type": null,
"ssl-mirror": null,
"srcaddr-negate": null,
"gtp-profile": null,
"mms-profile": null,
"send-deny-packet": null,
"devices": null,
"permit-any-host": null,
"av-profile": "sniffer-profile",
"internet-service-src-negate": null,
"service-negate": null,
"rsso": null,
"app-group": null,
"tcp-mss-sender": null,
"natinbound": null,
"fixedport": null,
"ssl-ssh-profile": null,
"outbound": null,
"spamfilter-profile": null,
"application-list": null,
"application": null,
"dnsfilter-profile": null,
"nat": "enable",
"fsso": null,
"vlan-cos-rev": null,
"status": null,
"dsri": null,
"users": null,
"voip-profile": null,
"dstaddr-negate": null,
"traffic-shaper-reverse": null,
"internet-service-custom": null,
"diffserv-reverse": null,
"srcaddr": "corp_internal",
"ssh-filter-profile": null,
"delay-tcp-npu-session": null,
"icap-profile": null,
"captive-portal-exempt": null,
"vpn_dst_node": {
"subnet": null,
"host": null,
"seq": null
},
"app-category": null,
"rtp-addr": null,
"wsso": null,
"tcp-mss-receiver": null,
"dstaddr": "google-play, autoupdate.opera.com",
"radius-mac-auth-bypass": null,
"vpntunnel": null
},
"raw_response": {
"policyid": 27
},
"post_method": "set"
},
{
"raw_response": {
"status": {
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy/25"
},
"paramgram_used": {
"package_name": "default",
"wanopt-detection": null,
"scan-botnet-connections": null,
"profile-group": null,
"dlp-sensor": null,
"dscp-match": null,
"replacemsg-override-group": null,
"internet-service-negate": null,
"np-acceleration": null,
"learning-mode": null,
"session-ttl": null,
"ntlm-guest": null,
"ips-sensor": null,
"diffservcode-rev": null,
"match-vip": null,
"natip": null,
"wanopt-peer": null,
"traffic-shaper": null,
"groups": null,
"schedule-timeout": null,
"name": "Basic_IPv4_Policy",
"tcp-session-without-syn": null,
"rtp-nat": null,
"permit-stun-host": null,
"natoutbound": null,
"internet-service-src-custom": null,
"mode": "delete",
"logtraffic": null,
"ntlm": null,
"auth-cert": null,
"timeout-send-rst": null,
"auth-redirect-addr": null,
"ssl-mirror-intf": null,
"identity-based-route": null,
"diffservcode-forward": null,
"wanopt-profile": null,
"per-ip-shaper": null,
"users": null,
"diffserv-forward": null,
"poolname": null,
"comments": null,
"label": null,
"global-label": null,
"firewall-session-dirty": null,
"wanopt": null,
"schedule": null,
"internet-service-id": null,
"auth-path": null,
"vlan-cos-fwd": null,
"custom-log-fields": null,
"dstintf": null,
"srcintf": null,
"block-notification": null,
"internet-service-src-id": null,
"redirect-url": null,
"waf-profile": null,
"ntlm-enabled-browsers": null,
"dscp-negate": null,
"action": null,
"fsso-agent-for-ntlm": null,
"disclaimer": null,
"vlan-filter": null,
"dstaddr-negate": null,
"logtraffic-start": null,
"webcache-https": null,
"webfilter-profile": null,
"internet-service-src": null,
"webcache": null,
"utm-status": null,
"vpn_src_node": {
"subnet": null,
"host": null,
"seq": null
},
"ippool": null,
"service": null,
"wccp": null,
"auto-asic-offload": null,
"dscp-value": null,
"url-category": null,
"capture-packet": null,
"adom": "ansible",
"inbound": null,
"internet-service": null,
"profile-type": null,
"ssl-mirror": null,
"srcaddr-negate": null,
"gtp-profile": null,
"mms-profile": null,
"send-deny-packet": null,
"devices": null,
"permit-any-host": null,
"av-profile": null,
"internet-service-src-negate": null,
"service-negate": null,
"rsso": null,
"application-list": null,
"app-group": null,
"tcp-mss-sender": null,
"natinbound": null,
"fixedport": null,
"ssl-ssh-profile": null,
"outbound": null,
"spamfilter-profile": null,
"wanopt-passive-opt": null,
"application": null,
"dnsfilter-profile": null,
"nat": null,
"fsso": null,
"vlan-cos-rev": null,
"status": null,
"dsri": null,
"profile-protocol-options": null,
"voip-profile": null,
"policyid": 25,
"traffic-shaper-reverse": null,
"internet-service-custom": null,
"diffserv-reverse": null,
"srcaddr": null,
"dstaddr": null,
"delay-tcp-npu-session": null,
"icap-profile": null,
"captive-portal-exempt": null,
"vpn_dst_node": {
"subnet": null,
"host": null,
"seq": null
},
"app-category": null,
"rtp-addr": null,
"wsso": null,
"tcp-mss-receiver": null,
"ssh-filter-profile": null,
"radius-mac-auth-bypass": null,
"vpntunnel": null
},
"post_method": "delete"
},
{
"paramgram_used": {
"wanopt-passive-opt": null,
@ -602,7 +339,7 @@
"traffic-shaper": null,
"groups": null,
"schedule-timeout": null,
"name": "Basic_IPv4_Policy_2",
"name": "Basic_IPv4_Policy",
"tcp-session-without-syn": null,
"ntlm": null,
"permit-stun-host": null,
@ -644,7 +381,7 @@
"fsso-agent-for-ntlm": null,
"logtraffic": null,
"vlan-filter": null,
"policyid": 26,
"policyid": 36,
"logtraffic-start": null,
"webcache-https": null,
"webfilter-profile": null,
@ -717,12 +454,15 @@
"radius-mac-auth-bypass": null,
"vpntunnel": null
},
"datagram_sent": {
"policyid": 36
},
"raw_response": {
"status": {
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy/26"
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy/36"
},
"post_method": "delete"
},
@ -732,7 +472,10 @@
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy/27"
"url": "/pm/config/adom/ansible/pkg/default/firewall/policy/37"
},
"datagram_sent": {
"policyid": 37
},
"paramgram_used": {
"package_name": "default",
@ -755,7 +498,7 @@
"traffic-shaper": null,
"groups": null,
"schedule-timeout": null,
"name": "Basic_IPv4_Policy_3",
"name": "Basic_IPv4_Policy_2",
"tcp-session-without-syn": null,
"rtp-nat": null,
"permit-stun-host": null,
@ -849,7 +592,7 @@
"dsri": null,
"profile-protocol-options": null,
"voip-profile": null,
"policyid": 27,
"policyid": 37,
"traffic-shaper-reverse": null,
"internet-service-custom": null,
"diffserv-reverse": null,

306
test/units/modules/network/fortimanager/test_fmgr_fwpol_ipv4.py
Unescape Escape View File

@ -19,7 +19,7 @@ __metaclass__ = type
import os
import json
from pyFMG.fortimgr import FortiManager
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
import pytest
try:
@ -27,8 +27,6 @@ try:
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
fmg_instance = FortiManager("1.1.1.1", "admin", "")
def load_fixtures():
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') + "/{filename}.json".format(
@ -41,14 +39,30 @@ def load_fixtures():
return [fixture_data]
@pytest.fixture(autouse=True)
def module_mock(mocker):
connection_class_mock = mocker.patch('ansible.module_utils.basic.AnsibleModule')
return connection_class_mock
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortimanager.fmgr_fwpol_ipv4.Connection')
return connection_class_mock
@pytest.fixture(scope="function", params=load_fixtures())
def fixture_data(request):
func_name = request.function.__name__.replace("test_", "")
return request.param.get(func_name, None)
def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
fmg_instance = FortiManagerHandler(connection_mock, module_mock)
def test_fmgr_firewall_policy_modify(fixture_data, mocker):
mocker.patch("ansible.module_utils.network.fortimanager.fortimanager.FortiManagerHandler.process_request",
side_effect=fixture_data)
# Fixture sets used:###########################
##################################################
@ -323,264 +337,6 @@ def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
# learning-mode: None
# session-ttl: None
# ntlm-guest: None
# ips-sensor: default
# diffservcode-rev: None
# match-vip: None
# natip: None
# dlp-sensor: None
# traffic-shaper: None
# groups: None
# schedule-timeout: None
# name: Basic_IPv4_Policy_3
# tcp-session-without-syn: None
# ntlm: None
# permit-stun-host: None
# diffservcode-forward: None
# internet-service-src-custom: None
# mode: set
# disclaimer: None
# rtp-nat: None
# auth-cert: None
# timeout-send-rst: None
# auth-redirect-addr: None
# ssl-mirror-intf: None
# identity-based-route: None
# natoutbound: None
# wanopt-profile: None
# per-ip-shaper: None
# profile-protocol-options: None
# diffserv-forward: None
# poolname: None
# comments: Created by Ansible
# label: None
# global-label: None
# firewall-session-dirty: None
# wanopt: None
# schedule: always
# internet-service-id: None
# auth-path: None
# vlan-cos-fwd: None
# custom-log-fields: None
# dstintf: zone_wan1, zone_wan2
# srcintf: zone_int1
# block-notification: None
# internet-service-src-id: None
# redirect-url: None
# waf-profile: None
# ntlm-enabled-browsers: None
# dscp-negate: None
# action: accept
# fsso-agent-for-ntlm: None
# logtraffic: utm
# vlan-filter: None
# policyid: None
# logtraffic-start: None
# webcache-https: None
# webfilter-profile: None
# internet-service-src: None
# webcache: None
# utm-status: None
# vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
# ippool: None
# service: HTTP, HTTPS
# wccp: None
# auto-asic-offload: None
# dscp-value: None
# url-category: None
# capture-packet: None
# adom: ansible
# inbound: None
# internet-service: None
# profile-type: None
# ssl-mirror: None
# srcaddr-negate: None
# gtp-profile: None
# mms-profile: None
# send-deny-packet: None
# devices: None
# permit-any-host: None
# av-profile: sniffer-profile
# internet-service-src-negate: None
# service-negate: None
# rsso: None
# app-group: None
# tcp-mss-sender: None
# natinbound: None
# fixedport: None
# ssl-ssh-profile: None
# outbound: None
# spamfilter-profile: None
# application-list: None
# application: None
# dnsfilter-profile: None
# nat: enable
# fsso: None
# vlan-cos-rev: None
# status: None
# dsri: None
# users: None
# voip-profile: None
# dstaddr-negate: None
# traffic-shaper-reverse: None
# internet-service-custom: None
# diffserv-reverse: None
# srcaddr: corp_internal
# ssh-filter-profile: None
# delay-tcp-npu-session: None
# icap-profile: None
# captive-portal-exempt: None
# vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
# app-category: None
# rtp-addr: None
# wsso: None
# tcp-mss-receiver: None
# dstaddr: google-play, autoupdate.opera.com
# radius-mac-auth-bypass: None
# vpntunnel: None
##################################################
##################################################
# package_name: default
# wanopt-detection: None
# scan-botnet-connections: None
# profile-group: None
# dlp-sensor: None
# dscp-match: None
# replacemsg-override-group: None
# internet-service-negate: None
# np-acceleration: None
# learning-mode: None
# session-ttl: None
# ntlm-guest: None
# ips-sensor: None
# diffservcode-rev: None
# match-vip: None
# natip: None
# wanopt-peer: None
# traffic-shaper: None
# groups: None
# schedule-timeout: None
# name: Basic_IPv4_Policy
# tcp-session-without-syn: None
# rtp-nat: None
# permit-stun-host: None
# natoutbound: None
# internet-service-src-custom: None
# mode: delete
# logtraffic: None
# ntlm: None
# auth-cert: None
# timeout-send-rst: None
# auth-redirect-addr: None
# ssl-mirror-intf: None
# identity-based-route: None
# diffservcode-forward: None
# wanopt-profile: None
# per-ip-shaper: None
# users: None
# diffserv-forward: None
# poolname: None
# comments: None
# label: None
# global-label: None
# firewall-session-dirty: None
# wanopt: None
# schedule: None
# internet-service-id: None
# auth-path: None
# vlan-cos-fwd: None
# custom-log-fields: None
# dstintf: None
# srcintf: None
# block-notification: None
# internet-service-src-id: None
# redirect-url: None
# waf-profile: None
# ntlm-enabled-browsers: None
# dscp-negate: None
# action: None
# fsso-agent-for-ntlm: None
# disclaimer: None
# vlan-filter: None
# dstaddr-negate: None
# logtraffic-start: None
# webcache-https: None
# webfilter-profile: None
# internet-service-src: None
# webcache: None
# utm-status: None
# vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
# ippool: None
# service: None
# wccp: None
# auto-asic-offload: None
# dscp-value: None
# url-category: None
# capture-packet: None
# adom: ansible
# inbound: None
# internet-service: None
# profile-type: None
# ssl-mirror: None
# srcaddr-negate: None
# gtp-profile: None
# mms-profile: None
# send-deny-packet: None
# devices: None
# permit-any-host: None
# av-profile: None
# internet-service-src-negate: None
# service-negate: None
# rsso: None
# application-list: None
# app-group: None
# tcp-mss-sender: None
# natinbound: None
# fixedport: None
# ssl-ssh-profile: None
# outbound: None
# spamfilter-profile: None
# wanopt-passive-opt: None
# application: None
# dnsfilter-profile: None
# nat: None
# fsso: None
# vlan-cos-rev: None
# status: None
# dsri: None
# profile-protocol-options: None
# voip-profile: None
# policyid: 25
# traffic-shaper-reverse: None
# internet-service-custom: None
# diffserv-reverse: None
# srcaddr: None
# dstaddr: None
# delay-tcp-npu-session: None
# icap-profile: None
# captive-portal-exempt: None
# vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
# app-category: None
# rtp-addr: None
# wsso: None
# tcp-mss-receiver: None
# ssh-filter-profile: None
# radius-mac-auth-bypass: None
# vpntunnel: None
##################################################
##################################################
# wanopt-passive-opt: None
# package_name: default
# wanopt-detection: None
# scan-botnet-connections: None
# profile-group: None
# wanopt-peer: None
# dscp-match: None
# replacemsg-override-group: None
# internet-service-negate: None
# np-acceleration: None
# learning-mode: None
# session-ttl: None
# ntlm-guest: None
# ips-sensor: None
# diffservcode-rev: None
# match-vip: None
@ -589,7 +345,7 @@ def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
# traffic-shaper: None
# groups: None
# schedule-timeout: None
# name: Basic_IPv4_Policy_2
# name: Basic_IPv4_Policy
# tcp-session-without-syn: None
# ntlm: None
# permit-stun-host: None
@ -631,7 +387,7 @@ def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
# fsso-agent-for-ntlm: None
# logtraffic: None
# vlan-filter: None
# policyid: 26
# policyid: 36
# logtraffic-start: None
# webcache-https: None
# webfilter-profile: None
@ -717,7 +473,7 @@ def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
# traffic-shaper: None
# groups: None
# schedule-timeout: None
# name: Basic_IPv4_Policy_3
# name: Basic_IPv4_Policy_2
# tcp-session-without-syn: None
# rtp-nat: None
# permit-stun-host: None
@ -807,7 +563,7 @@ def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
# dsri: None
# profile-protocol-options: None
# voip-profile: None
# policyid: 27
# policyid: 37
# traffic-shaper-reverse: None
# internet-service-custom: None
# diffserv-reverse: None
@ -827,20 +583,14 @@ def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
##################################################
# Test using fixture 1 #
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[0]['paramgram_used'])
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_modify(fmg_instance, fixture_data[0]['paramgram_used'])
assert isinstance(output['raw_response'], dict) is True
# Test using fixture 2 #
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[1]['paramgram_used'])
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_modify(fmg_instance, fixture_data[1]['paramgram_used'])
assert isinstance(output['raw_response'], dict) is True
# Test using fixture 3 #
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[2]['paramgram_used'])
assert isinstance(output['raw_response'], dict) is True
# Test using fixture 4 #
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[3]['paramgram_used'])
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_modify(fmg_instance, fixture_data[2]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 5 #
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[4]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 6 #
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[5]['paramgram_used'])
# Test using fixture 4 #
output = fmgr_fwpol_ipv4.fmgr_firewall_policy_modify(fmg_instance, fixture_data[3]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0

Write Preview
Loading…
Cancel
Save