From 743b6eb5b03c8100d252b45734d0641eb55e8858 Mon Sep 17 00:00:00 2001 From: "Jie (Link) Zheng" Date: Wed, 13 Nov 2019 18:57:20 +0800 Subject: [PATCH] Fortinet's new module for fortios_vpn_ipsec_phase2_interface (#64767) --- .../fortios_vpn_ipsec_phase2_interface.py | 90 +++++++- ...test_fortios_vpn_ipsec_phase2_interface.py | 210 +++++++++--------- 2 files changed, 187 insertions(+), 113 deletions(-) diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py index 643252e4d5d..b2562aaddd8 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py @@ -269,7 +269,7 @@ options: proposal: description: - Phase2 proposal. - type: str + type: list choices: - null-md5 - null-sha1 @@ -282,6 +282,57 @@ options: - des-sha256 - des-sha384 - des-sha512 + - 3des-null + - 3des-md5 + - 3des-sha1 + - 3des-sha256 + - 3des-sha384 + - 3des-sha512 + - aes128-null + - aes128-md5 + - aes128-sha1 + - aes128-sha256 + - aes128-sha384 + - aes128-sha512 + - aes128gcm + - aes192-null + - aes192-md5 + - aes192-sha1 + - aes192-sha256 + - aes192-sha384 + - aes192-sha512 + - aes256-null + - aes256-md5 + - aes256-sha1 + - aes256-sha256 + - aes256-sha384 + - aes256-sha512 + - aes256gcm + - chacha20poly1305 + - aria128-null + - aria128-md5 + - aria128-sha1 + - aria128-sha256 + - aria128-sha384 + - aria128-sha512 + - aria192-null + - aria192-md5 + - aria192-sha1 + - aria192-sha256 + - aria192-sha384 + - aria192-sha512 + - aria256-null + - aria256-md5 + - aria256-sha1 + - aria256-sha256 + - aria256-sha384 + - aria256-sha512 + - seed-null + - seed-md5 + - seed-sha1 + - seed-sha256 + - seed-sha384 + - seed-sha512 protocol: description: - Quick mode protocol selector (1 - 255 or 0 for all). @@ -524,6 +575,21 @@ def filter_vpn_ipsec_phase2_interface_data(json): return dictionary +def flatten_multilists_attributes(data): + multilist_attrs = [[u'proposal']] + + for attr in multilist_attrs: + try: + path = "data['" + "']['".join(elem for elem in attr) + "']" + current_val = eval(path) + flattened_val = ' '.join(elem for elem in current_val) + exec(path + '= flattened_val') + except BaseException: + pass + + return data + + def underscore_to_hyphen(data): if isinstance(data, list): for elem in data: @@ -546,6 +612,7 @@ def vpn_ipsec_phase2_interface(data, fos): else: state = True vpn_ipsec_phase2_interface_data = data['vpn_ipsec_phase2_interface'] + vpn_ipsec_phase2_interface_data = flatten_multilists_attributes(vpn_ipsec_phase2_interface_data) filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase2_interface_data(vpn_ipsec_phase2_interface_data)) if state == "present": @@ -636,11 +703,28 @@ def main(): "pfs": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "phase1name": {"required": False, "type": "str"}, - "proposal": {"required": False, "type": "str", + "proposal": {"required": False, "type": "list", "choices": ["null-md5", "null-sha1", "null-sha256", "null-sha384", "null-sha512", "des-null", "des-md5", "des-sha1", "des-sha256", - "des-sha384", "des-sha512"]}, + "des-sha384", "des-sha512", "3des-null", + "3des-md5", "3des-sha1", "3des-sha256", + "3des-sha384", "3des-sha512", "aes128-null", + "aes128-md5", "aes128-sha1", "aes128-sha256", + "aes128-sha384", "aes128-sha512", "aes128gcm", + "aes192-null", "aes192-md5", "aes192-sha1", + "aes192-sha256", "aes192-sha384", "aes192-sha512", + "aes256-null", "aes256-md5", "aes256-sha1", + "aes256-sha256", "aes256-sha384", "aes256-sha512", + "aes256gcm", "chacha20poly1305", "aria128-null", + "aria128-md5", "aria128-sha1", "aria128-sha256", + "aria128-sha384", "aria128-sha512", "aria192-null", + "aria192-md5", "aria192-sha1", "aria192-sha256", + "aria192-sha384", "aria192-sha512", "aria256-null", + "aria256-md5", "aria256-sha1", "aria256-sha256", + "aria256-sha384", "aria256-sha512", "seed-null", + "seed-md5", "seed-sha1", "seed-sha256", + "seed-sha384", "seed-sha512"]}, "protocol": {"required": False, "type": "int"}, "replay": {"required": False, "type": "str", "choices": ["enable", "disable"]}, diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py index a931a4dba5e..ea6130447bf 100644 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py +++ b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py @@ -74,21 +74,20 @@ def test_vpn_ipsec_phase2_interface_creation(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route_overlap': 'use-old', 'single_source': 'enable', 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_35', - 'src_end_ip6': 'test_value_36', - 'src_name': 'test_value_37', - 'src_name6': 'test_value_38', - 'src_port': '39', - 'src_start_ip': 'test_value_40', - 'src_start_ip6': 'test_value_41', - 'src_subnet': 'test_value_42', - 'src_subnet6': 'test_value_43' + 'src_end_ip': 'test_value_34', + 'src_end_ip6': 'test_value_35', + 'src_name': 'test_value_36', + 'src_name6': 'test_value_37', + 'src_port': '38', + 'src_start_ip': 'test_value_39', + 'src_start_ip6': 'test_value_40', + 'src_subnet': 'test_value_41', + 'src_subnet6': 'test_value_42' }, 'vdom': 'root'} @@ -121,21 +120,20 @@ def test_vpn_ipsec_phase2_interface_creation(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route-overlap': 'use-old', 'single-source': 'enable', 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_35', - 'src-end-ip6': 'test_value_36', - 'src-name': 'test_value_37', - 'src-name6': 'test_value_38', - 'src-port': '39', - 'src-start-ip': 'test_value_40', - 'src-start-ip6': 'test_value_41', - 'src-subnet': 'test_value_42', - 'src-subnet6': 'test_value_43' + 'src-end-ip': 'test_value_34', + 'src-end-ip6': 'test_value_35', + 'src-name': 'test_value_36', + 'src-name6': 'test_value_37', + 'src-port': '38', + 'src-start-ip': 'test_value_39', + 'src-start-ip6': 'test_value_40', + 'src-subnet': 'test_value_41', + 'src-subnet6': 'test_value_42' } set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root') @@ -182,21 +180,20 @@ def test_vpn_ipsec_phase2_interface_creation_fails(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route_overlap': 'use-old', 'single_source': 'enable', 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_35', - 'src_end_ip6': 'test_value_36', - 'src_name': 'test_value_37', - 'src_name6': 'test_value_38', - 'src_port': '39', - 'src_start_ip': 'test_value_40', - 'src_start_ip6': 'test_value_41', - 'src_subnet': 'test_value_42', - 'src_subnet6': 'test_value_43' + 'src_end_ip': 'test_value_34', + 'src_end_ip6': 'test_value_35', + 'src_name': 'test_value_36', + 'src_name6': 'test_value_37', + 'src_port': '38', + 'src_start_ip': 'test_value_39', + 'src_start_ip6': 'test_value_40', + 'src_subnet': 'test_value_41', + 'src_subnet6': 'test_value_42' }, 'vdom': 'root'} @@ -229,21 +226,20 @@ def test_vpn_ipsec_phase2_interface_creation_fails(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route-overlap': 'use-old', 'single-source': 'enable', 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_35', - 'src-end-ip6': 'test_value_36', - 'src-name': 'test_value_37', - 'src-name6': 'test_value_38', - 'src-port': '39', - 'src-start-ip': 'test_value_40', - 'src-start-ip6': 'test_value_41', - 'src-subnet': 'test_value_42', - 'src-subnet6': 'test_value_43' + 'src-end-ip': 'test_value_34', + 'src-end-ip6': 'test_value_35', + 'src-name': 'test_value_36', + 'src-name6': 'test_value_37', + 'src-port': '38', + 'src-start-ip': 'test_value_39', + 'src-start-ip6': 'test_value_40', + 'src-subnet': 'test_value_41', + 'src-subnet6': 'test_value_42' } set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root') @@ -290,21 +286,20 @@ def test_vpn_ipsec_phase2_interface_removal(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route_overlap': 'use-old', 'single_source': 'enable', 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_35', - 'src_end_ip6': 'test_value_36', - 'src_name': 'test_value_37', - 'src_name6': 'test_value_38', - 'src_port': '39', - 'src_start_ip': 'test_value_40', - 'src_start_ip6': 'test_value_41', - 'src_subnet': 'test_value_42', - 'src_subnet6': 'test_value_43' + 'src_end_ip': 'test_value_34', + 'src_end_ip6': 'test_value_35', + 'src_name': 'test_value_36', + 'src_name6': 'test_value_37', + 'src_port': '38', + 'src_start_ip': 'test_value_39', + 'src_start_ip6': 'test_value_40', + 'src_subnet': 'test_value_41', + 'src_subnet6': 'test_value_42' }, 'vdom': 'root'} @@ -354,21 +349,20 @@ def test_vpn_ipsec_phase2_interface_deletion_fails(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route_overlap': 'use-old', 'single_source': 'enable', 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_35', - 'src_end_ip6': 'test_value_36', - 'src_name': 'test_value_37', - 'src_name6': 'test_value_38', - 'src_port': '39', - 'src_start_ip': 'test_value_40', - 'src_start_ip6': 'test_value_41', - 'src_subnet': 'test_value_42', - 'src_subnet6': 'test_value_43' + 'src_end_ip': 'test_value_34', + 'src_end_ip6': 'test_value_35', + 'src_name': 'test_value_36', + 'src_name6': 'test_value_37', + 'src_port': '38', + 'src_start_ip': 'test_value_39', + 'src_start_ip6': 'test_value_40', + 'src_subnet': 'test_value_41', + 'src_subnet6': 'test_value_42' }, 'vdom': 'root'} @@ -418,21 +412,20 @@ def test_vpn_ipsec_phase2_interface_idempotent(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route_overlap': 'use-old', 'single_source': 'enable', 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_35', - 'src_end_ip6': 'test_value_36', - 'src_name': 'test_value_37', - 'src_name6': 'test_value_38', - 'src_port': '39', - 'src_start_ip': 'test_value_40', - 'src_start_ip6': 'test_value_41', - 'src_subnet': 'test_value_42', - 'src_subnet6': 'test_value_43' + 'src_end_ip': 'test_value_34', + 'src_end_ip6': 'test_value_35', + 'src_name': 'test_value_36', + 'src_name6': 'test_value_37', + 'src_port': '38', + 'src_start_ip': 'test_value_39', + 'src_start_ip6': 'test_value_40', + 'src_subnet': 'test_value_41', + 'src_subnet6': 'test_value_42' }, 'vdom': 'root'} @@ -465,21 +458,20 @@ def test_vpn_ipsec_phase2_interface_idempotent(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route-overlap': 'use-old', 'single-source': 'enable', 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_35', - 'src-end-ip6': 'test_value_36', - 'src-name': 'test_value_37', - 'src-name6': 'test_value_38', - 'src-port': '39', - 'src-start-ip': 'test_value_40', - 'src-start-ip6': 'test_value_41', - 'src-subnet': 'test_value_42', - 'src-subnet6': 'test_value_43' + 'src-end-ip': 'test_value_34', + 'src-end-ip6': 'test_value_35', + 'src-name': 'test_value_36', + 'src-name6': 'test_value_37', + 'src-port': '38', + 'src-start-ip': 'test_value_39', + 'src-start-ip6': 'test_value_40', + 'src-subnet': 'test_value_41', + 'src-subnet6': 'test_value_42' } set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root') @@ -527,21 +519,20 @@ def test_vpn_ipsec_phase2_interface_filter_foreign_attributes(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route_overlap': 'use-old', 'single_source': 'enable', 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_35', - 'src_end_ip6': 'test_value_36', - 'src_name': 'test_value_37', - 'src_name6': 'test_value_38', - 'src_port': '39', - 'src_start_ip': 'test_value_40', - 'src_start_ip6': 'test_value_41', - 'src_subnet': 'test_value_42', - 'src_subnet6': 'test_value_43' + 'src_end_ip': 'test_value_34', + 'src_end_ip6': 'test_value_35', + 'src_name': 'test_value_36', + 'src_name6': 'test_value_37', + 'src_port': '38', + 'src_start_ip': 'test_value_39', + 'src_start_ip6': 'test_value_40', + 'src_subnet': 'test_value_41', + 'src_subnet6': 'test_value_42' }, 'vdom': 'root'} @@ -574,21 +565,20 @@ def test_vpn_ipsec_phase2_interface_filter_foreign_attributes(mocker): 'name': 'default_name_26', 'pfs': 'enable', 'phase1name': 'test_value_28', - 'proposal': 'null-md5', - 'protocol': '30', + 'protocol': '29', 'replay': 'enable', 'route-overlap': 'use-old', 'single-source': 'enable', 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_35', - 'src-end-ip6': 'test_value_36', - 'src-name': 'test_value_37', - 'src-name6': 'test_value_38', - 'src-port': '39', - 'src-start-ip': 'test_value_40', - 'src-start-ip6': 'test_value_41', - 'src-subnet': 'test_value_42', - 'src-subnet6': 'test_value_43' + 'src-end-ip': 'test_value_34', + 'src-end-ip6': 'test_value_35', + 'src-name': 'test_value_36', + 'src-name6': 'test_value_37', + 'src-port': '38', + 'src-start-ip': 'test_value_39', + 'src-start-ip6': 'test_value_40', + 'src-subnet': 'test_value_41', + 'src-subnet6': 'test_value_42' } set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root')