diff --git a/lib/ansible/module_utils/network/fortimanager/__init__.py b/lib/ansible/module_utils/network/fortimanager/__init__.py
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/lib/ansible/module_utils/network/fortimanager/common.py b/lib/ansible/module_utils/network/fortimanager/common.py
deleted file mode 100644
index 6da07d4bca5..00000000000
--- a/lib/ansible/module_utils/network/fortimanager/common.py
+++ /dev/null
@@ -1,288 +0,0 @@
-# This code is part of Ansible, but is an independent component.
-# This particular file snippet, and this file snippet only, is BSD licensed.
-# Modules you write using this snippet, which is embedded dynamically by Ansible
-# still belong to the author of the module, and may assign their own license
-# to the complete work.
-#
-# (c) 2017 Fortinet, Inc
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation
-# and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
-# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-# BEGIN STATIC DATA / MESSAGES
-class FMGRMethods:
- GET = "get"
- SET = "set"
- EXEC = "exec"
- EXECUTE = "exec"
- UPDATE = "update"
- ADD = "add"
- DELETE = "delete"
- REPLACE = "replace"
- CLONE = "clone"
- MOVE = "move"
-
-
-BASE_HEADERS = {
- 'Content-Type': 'application/json',
- 'Accept': 'application/json'
-}
-
-
-# FMGR RETURN CODES
-FMGR_RC = {
- "fmgr_return_codes": {
- 0: {
- "msg": "OK",
- "changed": True,
- "stop_on_success": True
- },
- -100000: {
- "msg": "Module returned without actually running anything. "
- "Check parameters, and please contact the authors if needed.",
- "failed": True
- },
- -2: {
- "msg": "Object already exists.",
- "skipped": True,
- "changed": False,
- "good_codes": [0, -2]
- },
- -6: {
- "msg": "Invalid Url. Sometimes this can happen because the path is mapped to a hostname or object that"
- " doesn't exist. Double check your input object parameters."
- },
- -3: {
- "msg": "Object doesn't exist.",
- "skipped": True,
- "changed": False,
- "good_codes": [0, -3]
- },
- -10131: {
- "msg": "Object dependency failed. Do all named objects in parameters exist?",
- "changed": False,
- "skipped": True
- },
- -9998: {
- "msg": "Duplicate object. Try using mode='set', if using add. STOPPING. Use 'ignore_errors=yes' in playbook"
- "to override and mark successful.",
- },
- -20042: {
- "msg": "Device Unreachable.",
- "skipped": True
- },
- -10033: {
- "msg": "Duplicate object. Try using mode='set', if using add.",
- "changed": False,
- "skipped": True
- },
- -10000: {
- "msg": "Duplicate object. Try using mode='set', if using add.",
- "changed": False,
- "skipped": True
- },
- -20010: {
- "msg": "Device already added to FortiManager. Serial number already in use.",
- "good_codes": [0, -20010],
- "changed": False,
- "stop_on_success": True
- },
- -20002: {
- "msg": "Invalid Argument -- Does this Device exist on FortiManager?",
- "changed": False,
- "skipped": True,
- }
- }
-}
-
-DEFAULT_RESULT_OBJ = (-100000, {"msg": "Nothing Happened. Check that handle_response is being called!"})
-FAIL_SOCKET_MSG = {"msg": "Socket Path Empty! The persistent connection manager is messed up. "
- "Try again in a few moments."}
-
-
-# BEGIN ERROR EXCEPTIONS
-class FMGBaseException(Exception):
- """Wrapper to catch the unexpected"""
-
- def __init__(self, msg=None, *args, **kwargs):
- if msg is None:
- msg = "An exception occurred within the fortimanager.py httpapi connection plugin."
- super(FMGBaseException, self).__init__(msg, *args)
-
-# END ERROR CLASSES
-
-
-# BEGIN CLASSES
-class FMGRCommon(object):
-
- @staticmethod
- def format_request(method, url, *args, **kwargs):
- """
- Formats the payload from the module, into a payload the API handler can use.
-
- :param url: Connection URL to access
- :type url: string
- :param method: The preferred API Request method (GET, ADD, POST, etc....)
- :type method: basestring
- :param kwargs: The payload dictionary from the module to be converted.
-
- :return: Properly formatted dictionary payload for API Request via Connection Plugin.
- :rtype: dict
- """
-
- params = [{"url": url}]
- if args:
- for arg in args:
- params[0].update(arg)
- if kwargs:
- keylist = list(kwargs)
- for k in keylist:
- kwargs[k.replace("__", "-")] = kwargs.pop(k)
- if method == "get" or method == "clone":
- params[0].update(kwargs)
- else:
- if kwargs.get("data", False):
- params[0]["data"] = kwargs["data"]
- else:
- params[0]["data"] = kwargs
- return params
-
- @staticmethod
- def split_comma_strings_into_lists(obj):
- """
- Splits a CSV String into a list. Also takes a dictionary, and converts any CSV strings in any key, to a list.
-
- :param obj: object in CSV format to be parsed.
- :type obj: str or dict
-
- :return: A list containing the CSV items.
- :rtype: list
- """
- return_obj = ()
- if isinstance(obj, dict):
- if len(obj) > 0:
- for k, v in obj.items():
- if isinstance(v, str):
- new_list = list()
- if "," in v:
- new_items = v.split(",")
- for item in new_items:
- new_list.append(item.strip())
- obj[k] = new_list
- return_obj = obj
- elif isinstance(obj, str):
- return_obj = obj.replace(" ", "").split(",")
-
- return return_obj
-
- @staticmethod
- def cidr_to_netmask(cidr):
- """
- Converts a CIDR Network string to full blown IP/Subnet format in decimal format.
- Decided not use IP Address module to keep includes to a minimum.
-
- :param cidr: String object in CIDR format to be processed
- :type cidr: str
-
- :return: A string object that looks like this "x.x.x.x/y.y.y.y"
- :rtype: str
- """
- if isinstance(cidr, str):
- cidr = int(cidr)
- mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
- return (str((0xff000000 & mask) >> 24) + '.'
- + str((0x00ff0000 & mask) >> 16) + '.'
- + str((0x0000ff00 & mask) >> 8) + '.'
- + str((0x000000ff & mask)))
-
- @staticmethod
- def paramgram_child_list_override(list_overrides, paramgram, module):
- """
- If a list of items was provided to a "parent" paramgram attribute, the paramgram needs to be rewritten.
- The child keys of the desired attribute need to be deleted, and then that "parent" keys' contents is replaced
- With the list of items that was provided.
-
- :param list_overrides: Contains the response from the FortiManager.
- :type list_overrides: list
- :param paramgram: Contains the paramgram passed to the modules' local modify function.
- :type paramgram: dict
- :param module: Contains the Ansible Module Object being used by the module.
- :type module: classObject
-
- :return: A new "paramgram" refactored to allow for multiple entries being added.
- :rtype: dict
- """
- if len(list_overrides) > 0:
- for list_variable in list_overrides:
- try:
- list_variable = list_variable.replace("-", "_")
- override_data = module.params[list_variable]
- if override_data:
- del paramgram[list_variable]
- paramgram[list_variable] = override_data
- except BaseException as e:
- raise FMGBaseException("Error occurred merging custom lists for the paramgram parent: " + str(e))
- return paramgram
-
- @staticmethod
- def syslog(module, msg):
- try:
- module.log(msg=msg)
- except BaseException:
- pass
-
-
-# RECURSIVE FUNCTIONS START
-def prepare_dict(obj):
- """
- Removes any keys from a dictionary that are only specific to our use in the module. FortiManager will reject
- requests with these empty/None keys in it.
-
- :param obj: Dictionary object to be processed.
- :type obj: dict
-
- :return: Processed dictionary.
- :rtype: dict
- """
-
- list_of_elems = ["mode", "adom", "host", "username", "password"]
-
- if isinstance(obj, dict):
- obj = dict((key, prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
- return obj
-
-
-def scrub_dict(obj):
- """
- Removes any keys from a dictionary that are EMPTY -- this includes parent keys. FortiManager doesn't
- like empty keys in dictionaries
-
- :param obj: Dictionary object to be processed.
- :type obj: dict
-
- :return: Processed dictionary.
- :rtype: dict
- """
-
- if isinstance(obj, dict):
- return dict((k, scrub_dict(v)) for k, v in obj.items() if v and scrub_dict(v))
- else:
- return obj
diff --git a/lib/ansible/module_utils/network/fortimanager/fortimanager.py b/lib/ansible/module_utils/network/fortimanager/fortimanager.py
deleted file mode 100644
index 5a3875c2365..00000000000
--- a/lib/ansible/module_utils/network/fortimanager/fortimanager.py
+++ /dev/null
@@ -1,466 +0,0 @@
-# This code is part of Ansible, but is an independent component.
-# This particular file snippet, and this file snippet only, is BSD licensed.
-# Modules you write using this snippet, which is embedded dynamically by Ansible
-# still belong to the author of the module, and may assign their own license
-# to the complete work.
-#
-# (c) 2017 Fortinet, Inc
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation
-# and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
-# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-from ansible.module_utils.network.fortimanager.common import FMGR_RC
-from ansible.module_utils.network.fortimanager.common import FMGBaseException
-from ansible.module_utils.network.fortimanager.common import FMGRCommon
-from ansible.module_utils.network.fortimanager.common import scrub_dict
-
-# check for pyFMG lib - DEPRECATING
-try:
- from pyFMG.fortimgr import FortiManager
- HAS_PYFMGR = True
-except ImportError:
- HAS_PYFMGR = False
-
-# ACTIVE BUG WITH OUR DEBUG IMPORT CALL -- BECAUSE IT'S UNDER MODULE_UTILITIES
-# WHEN module_common.recursive_finder() runs under the module loader, it looks for this namespace debug import
-# and because it's not there, it always fails, regardless of it being under a try/catch here.
-# we're going to move it to a different namespace.
-# # check for debug lib
-# try:
-# from ansible.module_utils.network.fortimanager.fortimanager_debug import debug_dump
-# HAS_FMGR_DEBUG = True
-# except:
-# HAS_FMGR_DEBUG = False
-
-
-# BEGIN HANDLER CLASSES
-class FortiManagerHandler(object):
- def __init__(self, conn, module):
- self._conn = conn
- self._module = module
- self._tools = FMGRCommon
-
- def process_request(self, url, datagram, method):
- """
- Formats and Runs the API Request via Connection Plugin. Streamlined for use FROM Modules.
-
- :param url: Connection URL to access
- :type url: string
- :param datagram: The prepared payload for the API Request in dictionary format
- :type datagram: dict
- :param method: The preferred API Request method (GET, ADD, POST, etc....)
- :type method: basestring
-
- :return: Dictionary containing results of the API Request via Connection Plugin
- :rtype: dict
- """
- data = self._tools.format_request(method, url, **datagram)
- response = self._conn.send_request(method, data)
-
- # if HAS_FMGR_DEBUG:
- # try:
- # debug_dump(response, datagram, self._module.paramgram, url, method)
- # except BaseException:
- # pass
-
- return response
-
- def govern_response(self, module, results, msg=None, good_codes=None,
- stop_on_fail=None, stop_on_success=None, skipped=None,
- changed=None, unreachable=None, failed=None, success=None, changed_if_success=None,
- ansible_facts=None):
- """
- This function will attempt to apply default values to canned responses from FortiManager we know of.
- This saves time, and turns the response in the module into a "one-liner", while still giving us...
- the flexibility to directly use return_response in modules if we have too. This function saves repeated code.
-
- :param module: The Ansible Module CLASS object, used to run fail/exit json
- :type module: object
- :param msg: An overridable custom message from the module that called this.
- :type msg: string
- :param results: A dictionary object containing an API call results
- :type results: dict
- :param good_codes: A list of exit codes considered successful from FortiManager
- :type good_codes: list
- :param stop_on_fail: If true, stops playbook run when return code is NOT IN good codes (default: true)
- :type stop_on_fail: boolean
- :param stop_on_success: If true, stops playbook run when return code is IN good codes (default: false)
- :type stop_on_success: boolean
- :param changed: If True, tells Ansible that object was changed (default: false)
- :type skipped: boolean
- :param skipped: If True, tells Ansible that object was skipped (default: false)
- :type skipped: boolean
- :param unreachable: If True, tells Ansible that object was unreachable (default: false)
- :type unreachable: boolean
- :param failed: If True, tells Ansible that execution was a failure. Overrides good_codes. (default: false)
- :type unreachable: boolean
- :param success: If True, tells Ansible that execution was a success. Overrides good_codes. (default: false)
- :type unreachable: boolean
- :param changed_if_success: If True, defaults to changed if successful if you specify or not"
- :type changed_if_success: boolean
- :param ansible_facts: A prepared dictionary of ansible facts from the execution.
- :type ansible_facts: dict
- """
- if module is None and results is None:
- raise FMGBaseException("govern_response() was called without a module and/or results tuple! Fix!")
- # Get the Return code from results
- try:
- rc = results[0]
- except BaseException:
- raise FMGBaseException("govern_response() was called without the return code at results[0]")
-
- # init a few items
- rc_data = None
-
- # Get the default values for the said return code.
- try:
- rc_codes = FMGR_RC.get('fmgr_return_codes')
- rc_data = rc_codes.get(rc)
- except BaseException:
- pass
-
- if not rc_data:
- rc_data = {}
- # ONLY add to overrides if not none -- This is very important that the keys aren't added at this stage
- # if they are empty. And there aren't that many, so let's just do a few if then statements.
- if good_codes is not None:
- rc_data["good_codes"] = good_codes
- if stop_on_fail is not None:
- rc_data["stop_on_fail"] = stop_on_fail
- if stop_on_success is not None:
- rc_data["stop_on_success"] = stop_on_success
- if skipped is not None:
- rc_data["skipped"] = skipped
- if changed is not None:
- rc_data["changed"] = changed
- if unreachable is not None:
- rc_data["unreachable"] = unreachable
- if failed is not None:
- rc_data["failed"] = failed
- if success is not None:
- rc_data["success"] = success
- if changed_if_success is not None:
- rc_data["changed_if_success"] = changed_if_success
- if results is not None:
- rc_data["results"] = results
- if msg is not None:
- rc_data["msg"] = msg
- if ansible_facts is None:
- rc_data["ansible_facts"] = {}
- else:
- rc_data["ansible_facts"] = ansible_facts
-
- return self.return_response(module=module,
- results=results,
- msg=rc_data.get("msg", "NULL"),
- good_codes=rc_data.get("good_codes", (0,)),
- stop_on_fail=rc_data.get("stop_on_fail", True),
- stop_on_success=rc_data.get("stop_on_success", False),
- skipped=rc_data.get("skipped", False),
- changed=rc_data.get("changed", False),
- changed_if_success=rc_data.get("changed_if_success", False),
- unreachable=rc_data.get("unreachable", False),
- failed=rc_data.get("failed", False),
- success=rc_data.get("success", False),
- ansible_facts=rc_data.get("ansible_facts", dict()))
-
- @staticmethod
- def return_response(module, results, msg="NULL", good_codes=(0,),
- stop_on_fail=True, stop_on_success=False, skipped=False,
- changed=False, unreachable=False, failed=False, success=False, changed_if_success=True,
- ansible_facts=()):
- """
- This function controls the logout and error reporting after an method or function runs. The exit_json for
- ansible comes from logic within this function. If this function returns just the msg, it means to continue
- execution on the playbook. It is called from the ansible module, or from the self.govern_response function.
-
- :param module: The Ansible Module CLASS object, used to run fail/exit json
- :type module: object
- :param msg: An overridable custom message from the module that called this.
- :type msg: string
- :param results: A dictionary object containing an API call results
- :type results: dict
- :param good_codes: A list of exit codes considered successful from FortiManager
- :type good_codes: list
- :param stop_on_fail: If true, stops playbook run when return code is NOT IN good codes (default: true)
- :type stop_on_fail: boolean
- :param stop_on_success: If true, stops playbook run when return code is IN good codes (default: false)
- :type stop_on_success: boolean
- :param changed: If True, tells Ansible that object was changed (default: false)
- :type skipped: boolean
- :param skipped: If True, tells Ansible that object was skipped (default: false)
- :type skipped: boolean
- :param unreachable: If True, tells Ansible that object was unreachable (default: false)
- :type unreachable: boolean
- :param failed: If True, tells Ansible that execution was a failure. Overrides good_codes. (default: false)
- :type unreachable: boolean
- :param success: If True, tells Ansible that execution was a success. Overrides good_codes. (default: false)
- :type unreachable: boolean
- :param changed_if_success: If True, defaults to changed if successful if you specify or not"
- :type changed_if_success: boolean
- :param ansible_facts: A prepared dictionary of ansible facts from the execution.
- :type ansible_facts: dict
-
- :return: A string object that contains an error message
- :rtype: str
- """
-
- # VALIDATION ERROR
- if (len(results) == 0) or (failed and success) or (changed and unreachable):
- module.exit_json(msg="Handle_response was called with no results, or conflicting failed/success or "
- "changed/unreachable parameters. Fix the exit code on module. "
- "Generic Failure", failed=True)
-
- # IDENTIFY SUCCESS/FAIL IF NOT DEFINED
- if not failed and not success:
- if len(results) > 0:
- if results[0] not in good_codes:
- failed = True
- elif results[0] in good_codes:
- success = True
-
- if len(results) > 0:
- # IF NO MESSAGE WAS SUPPLIED, GET IT FROM THE RESULTS, IF THAT DOESN'T WORK, THEN WRITE AN ERROR MESSAGE
- if msg == "NULL":
- try:
- msg = results[1]['status']['message']
- except BaseException:
- msg = "No status message returned at results[1][status][message], " \
- "and none supplied to msg parameter for handle_response."
-
- if failed:
- # BECAUSE SKIPPED/FAILED WILL OFTEN OCCUR ON CODES THAT DON'T GET INCLUDED, THEY ARE CONSIDERED FAILURES
- # HOWEVER, THEY ARE MUTUALLY EXCLUSIVE, SO IF IT IS MARKED SKIPPED OR UNREACHABLE BY THE MODULE LOGIC
- # THEN REMOVE THE FAILED FLAG SO IT DOESN'T OVERRIDE THE DESIRED STATUS OF SKIPPED OR UNREACHABLE.
- if failed and skipped:
- failed = False
- if failed and unreachable:
- failed = False
- if stop_on_fail:
- module.exit_json(msg=msg, failed=failed, changed=changed, unreachable=unreachable, skipped=skipped,
- results=results[1], ansible_facts=ansible_facts, rc=results[0],
- invocation={"module_args": ansible_facts["ansible_params"]})
- elif success:
- if changed_if_success:
- changed = True
- success = False
- if stop_on_success:
- module.exit_json(msg=msg, success=success, changed=changed, unreachable=unreachable,
- skipped=skipped, results=results[1], ansible_facts=ansible_facts, rc=results[0],
- invocation={"module_args": ansible_facts["ansible_params"]})
- return msg
-
- def construct_ansible_facts(self, response, ansible_params, paramgram, *args, **kwargs):
- """
- Constructs a dictionary to return to ansible facts, containing various information about the execution.
-
- :param response: Contains the response from the FortiManager.
- :type response: dict
- :param ansible_params: Contains the parameters Ansible was called with.
- :type ansible_params: dict
- :param paramgram: Contains the paramgram passed to the modules' local modify function.
- :type paramgram: dict
- :param args: Free-form arguments that could be added.
- :param kwargs: Free-form keyword arguments that could be added.
-
- :return: A dictionary containing lots of information to append to Ansible Facts.
- :rtype: dict
- """
-
- facts = {
- "response": response,
- "ansible_params": scrub_dict(ansible_params),
- "paramgram": scrub_dict(paramgram),
- "connected_fmgr": self._conn.return_connected_fmgr()
- }
-
- if args:
- facts["custom_args"] = args
- if kwargs:
- facts.update(kwargs)
-
- return facts
-
-
-##########################
-# BEGIN DEPRECATED METHODS
-##########################
-
-# SOME OF THIS CODE IS DUPLICATED IN THE PLUGIN, BUT THOSE ARE PLUGIN SPECIFIC. THIS VERSION STILL ALLOWS FOR
-# THE USAGE OF PYFMG FOR CUSTOMERS WHO HAVE NOT YET UPGRADED TO ANSIBLE 2.7
-
-# LEGACY PYFMG METHODS START
-# USED TO DETERMINE LOCK CONTEXT ON A FORTIMANAGER. A DATABASE LOCKING CONCEPT THAT NEEDS TO BE ACCOUNTED FOR.
-
-class FMGLockContext(object):
- """
- - DEPRECATING: USING CONNECTION MANAGER NOW INSTEAD. EVENTUALLY THIS CLASS WILL DISAPPEAR. PLEASE
- - CONVERT ALL MODULES TO CONNECTION MANAGER METHOD.
- - LEGACY pyFMG HANDLER OBJECT: REQUIRES A CHECK FOR PY FMG AT TOP OF PAGE
- """
- def __init__(self, fmg):
- self._fmg = fmg
- self._locked_adom_list = list()
- self._uses_workspace = False
- self._uses_adoms = False
-
- @property
- def uses_workspace(self):
- return self._uses_workspace
-
- @uses_workspace.setter
- def uses_workspace(self, val):
- self._uses_workspace = val
-
- @property
- def uses_adoms(self):
- return self._uses_adoms
-
- @uses_adoms.setter
- def uses_adoms(self, val):
- self._uses_adoms = val
-
- def add_adom_to_lock_list(self, adom):
- if adom not in self._locked_adom_list:
- self._locked_adom_list.append(adom)
-
- def remove_adom_from_lock_list(self, adom):
- if adom in self._locked_adom_list:
- self._locked_adom_list.remove(adom)
-
- def check_mode(self):
- url = "/cli/global/system/global"
- code, resp_obj = self._fmg.get(url, fields=["workspace-mode", "adom-status"])
- try:
- if resp_obj["workspace-mode"] != 0:
- self.uses_workspace = True
- except KeyError:
- self.uses_workspace = False
- try:
- if resp_obj["adom-status"] == 1:
- self.uses_adoms = True
- except KeyError:
- self.uses_adoms = False
-
- def run_unlock(self):
- for adom_locked in self._locked_adom_list:
- self.unlock_adom(adom_locked)
-
- def lock_adom(self, adom=None, *args, **kwargs):
- if adom:
- if adom.lower() == "global":
- url = "/dvmdb/global/workspace/lock/"
- else:
- url = "/dvmdb/adom/{adom}/workspace/lock/".format(adom=adom)
- else:
- url = "/dvmdb/adom/root/workspace/lock"
- code, respobj = self._fmg.execute(url, {}, *args, **kwargs)
- if code == 0 and respobj["status"]["message"].lower() == "ok":
- self.add_adom_to_lock_list(adom)
- return code, respobj
-
- def unlock_adom(self, adom=None, *args, **kwargs):
- if adom:
- if adom.lower() == "global":
- url = "/dvmdb/global/workspace/unlock/"
- else:
- url = "/dvmdb/adom/{adom}/workspace/unlock/".format(adom=adom)
- else:
- url = "/dvmdb/adom/root/workspace/unlock"
- code, respobj = self._fmg.execute(url, {}, *args, **kwargs)
- if code == 0 and respobj["status"]["message"].lower() == "ok":
- self.remove_adom_from_lock_list(adom)
- return code, respobj
-
- def commit_changes(self, adom=None, aux=False, *args, **kwargs):
- if adom:
- if aux:
- url = "/pm/config/adom/{adom}/workspace/commit".format(adom=adom)
- else:
- if adom.lower() == "global":
- url = "/dvmdb/global/workspace/commit/"
- else:
- url = "/dvmdb/adom/{adom}/workspace/commit".format(adom=adom)
- else:
- url = "/dvmdb/adom/root/workspace/commit"
- return self._fmg.execute(url, {}, *args, **kwargs)
-
-
-# DEPRECATED -- USE PLUGIN INSTEAD
-class AnsibleFortiManager(object):
- """
- - DEPRECATING: USING CONNECTION MANAGER NOW INSTEAD. EVENTUALLY THIS CLASS WILL DISAPPEAR. PLEASE
- - CONVERT ALL MODULES TO CONNECTION MANAGER METHOD.
- - LEGACY pyFMG HANDLER OBJECT: REQUIRES A CHECK FOR PY FMG AT TOP OF PAGE
- """
-
- def __init__(self, module, ip=None, username=None, passwd=None, use_ssl=True, verify_ssl=False, timeout=300):
- self.ip = ip
- self.username = username
- self.passwd = passwd
- self.use_ssl = use_ssl
- self.verify_ssl = verify_ssl
- self.timeout = timeout
- self.fmgr_instance = None
-
- if not HAS_PYFMGR:
- module.fail_json(msg='Could not import the python library pyFMG required by this module')
-
- self.module = module
-
- def login(self):
- if self.ip is not None:
- self.fmgr_instance = FortiManager(self.ip, self.username, self.passwd, use_ssl=self.use_ssl,
- verify_ssl=self.verify_ssl, timeout=self.timeout, debug=False,
- disable_request_warnings=True)
- return self.fmgr_instance.login()
-
- def logout(self):
- if self.fmgr_instance.sid is not None:
- self.fmgr_instance.logout()
-
- def get(self, url, data):
- return self.fmgr_instance.get(url, **data)
-
- def set(self, url, data):
- return self.fmgr_instance.set(url, **data)
-
- def update(self, url, data):
- return self.fmgr_instance.update(url, **data)
-
- def delete(self, url, data):
- return self.fmgr_instance.delete(url, **data)
-
- def add(self, url, data):
- return self.fmgr_instance.add(url, **data)
-
- def execute(self, url, data):
- return self.fmgr_instance.execute(url, **data)
-
- def move(self, url, data):
- return self.fmgr_instance.move(url, **data)
-
- def clone(self, url, data):
- return self.fmgr_instance.clone(url, **data)
-
-##########################
-# END DEPRECATED METHODS
-##########################
diff --git a/lib/ansible/module_utils/network/fortios/__init__.py b/lib/ansible/module_utils/network/fortios/__init__.py
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/lib/ansible/module_utils/network/fortios/argspec/__init__.py b/lib/ansible/module_utils/network/fortios/argspec/__init__.py
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/lib/ansible/module_utils/network/fortios/argspec/facts/__init__.py b/lib/ansible/module_utils/network/fortios/argspec/facts/__init__.py
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/lib/ansible/module_utils/network/fortios/argspec/facts/facts.py b/lib/ansible/module_utils/network/fortios/argspec/facts/facts.py
deleted file mode 100644
index 2f3e341810e..00000000000
--- a/lib/ansible/module_utils/network/fortios/argspec/facts/facts.py
+++ /dev/null
@@ -1,45 +0,0 @@
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-"""
-The arg spec for the fortios monitor module.
-"""
-
-
-class FactsArgs(object):
- """ The arg spec for the fortios monitor module
- """
-
- def __init__(self, **kwargs):
- pass
-
- argument_spec = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": False},
- "gather_subset": {
- "required": True, "type": "list", "elements": "dict",
- "options": {
- "fact": {"required": True, "type": "str"},
- "filters": {"required": False, "type": "list", "elements": "dict"}
- }
- }
- }
diff --git a/lib/ansible/module_utils/network/fortios/argspec/system/__init__.py b/lib/ansible/module_utils/network/fortios/argspec/system/__init__.py
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/lib/ansible/module_utils/network/fortios/argspec/system/system.py b/lib/ansible/module_utils/network/fortios/argspec/system/system.py
deleted file mode 100644
index 76454f9d9ec..00000000000
--- a/lib/ansible/module_utils/network/fortios/argspec/system/system.py
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-# -*- coding: utf-8 -*-
-# Copyright 2019 Fortinet, Inc.
-# GNU General Public License v3.0+
-# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-"""
-The arg spec for the fortios_facts module
-"""
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-
-class SystemArgs(object):
- """The arg spec for the fortios_facts module
- """
-
- FACT_SYSTEM_SUBSETS = frozenset([
- 'system_current-admins_select',
- 'system_firmware_select',
- 'system_fortimanager_status',
- 'system_ha-checksums_select',
- 'system_interface_select',
- 'system_status_select',
- 'system_time_select',
- ])
-
- def __init__(self, **kwargs):
- pass
diff --git a/lib/ansible/module_utils/network/fortios/facts/__init__.py b/lib/ansible/module_utils/network/fortios/facts/__init__.py
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/lib/ansible/module_utils/network/fortios/facts/facts.py b/lib/ansible/module_utils/network/fortios/facts/facts.py
deleted file mode 100644
index a881b5aeda1..00000000000
--- a/lib/ansible/module_utils/network/fortios/facts/facts.py
+++ /dev/null
@@ -1,92 +0,0 @@
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-"""
-The facts class for fortios
-this file validates each subset of monitor and selectively
-calls the appropriate facts gathering and monitoring function
-"""
-
-from ansible.module_utils.network.fortios.argspec.facts.facts import FactsArgs
-from ansible.module_utils.network.fortios.argspec.system.system import SystemArgs
-from ansible.module_utils.network.common.facts.facts import FactsBase
-from ansible.module_utils.network.fortios.facts.system.system import SystemFacts
-
-
-class Facts(FactsBase):
- """ The facts class for fortios
- """
-
- FACT_SUBSETS = {
- "system": SystemFacts
- }
-
- def __init__(self, module, fos=None, subset=None):
- super(Facts, self).__init__(module)
- self._fos = fos
- self._subset = subset
-
- def gen_runable(self, subsets, valid_subsets):
- """ Generate the runable subset
-
- :param module: The module instance
- :param subsets: The provided subsets
- :param valid_subsets: The valid subsets
- :rtype: list
- :returns: The runable subsets
- """
- runable_subsets = []
- FACT_DETAIL_SUBSETS = []
- FACT_DETAIL_SUBSETS.extend(SystemArgs.FACT_SYSTEM_SUBSETS)
-
- for subset in subsets:
- if subset['fact'] not in FACT_DETAIL_SUBSETS:
- self._module.fail_json(msg='Subset must be one of [%s], got %s' %
- (', '.join(sorted([item for item in FACT_DETAIL_SUBSETS])), subset['fact']))
-
- for valid_subset in frozenset(self.FACT_SUBSETS.keys()):
- if subset['fact'].startswith(valid_subset):
- runable_subsets.append((subset, valid_subset))
-
- return runable_subsets
-
- def get_network_legacy_facts(self, fact_legacy_obj_map, legacy_facts_type=None):
- if not legacy_facts_type:
- legacy_facts_type = self._gather_subset
-
- runable_subsets = self.gen_runable(legacy_facts_type, frozenset(fact_legacy_obj_map.keys()))
- if runable_subsets:
- self.ansible_facts['ansible_net_gather_subset'] = []
-
- instances = list()
- for (subset, valid_subset) in runable_subsets:
- instances.append(fact_legacy_obj_map[valid_subset](self._module, self._fos, subset))
-
- for inst in instances:
- inst.populate_facts(self._connection, self.ansible_facts)
-
- def get_facts(self, facts_type=None, data=None):
- """ Collect the facts for fortios
- :param facts_type: List of facts types
- :param data: previously collected conf
- :rtype: dict
- :return: the facts gathered
- """
- self.get_network_legacy_facts(self.FACT_SUBSETS, facts_type)
-
- return self.ansible_facts, self._warnings
diff --git a/lib/ansible/module_utils/network/fortios/facts/system/__init__.py b/lib/ansible/module_utils/network/fortios/facts/system/__init__.py
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/lib/ansible/module_utils/network/fortios/facts/system/system.py b/lib/ansible/module_utils/network/fortios/facts/system/system.py
deleted file mode 100644
index 5731a0985b1..00000000000
--- a/lib/ansible/module_utils/network/fortios/facts/system/system.py
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# -*- coding: utf-8 -*-
-# Copyright 2019 Fortinet, Inc.
-# GNU General Public License v3.0+
-# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-"""
-The fortios system facts class
-It is in this file the runtime information is collected from the device
-for a given resource, parsed, and the facts tree is populated
-based on the configuration.
-"""
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-import re
-from ansible.module_utils.network.common import utils
-from ansible.module_utils.network.fortios.argspec.system.system import SystemArgs
-
-
-class SystemFacts(object):
- """ The fortios system facts class
- """
-
- def __init__(self, module, fos=None, subset=None, subspec='config', options='options'):
- self._module = module
- self._fos = fos
- self._subset = subset
-
- def populate_facts(self, connection, ansible_facts, data=None):
- """ Populate the facts for system
- :param connection: the device connection
- :param ansible_facts: Facts dictionary
- :rtype: dictionary
- :returns: facts
- """
- ansible_facts['ansible_network_resources'].pop('system', None)
- facts = {}
- if self._subset['fact'].startswith(tuple(SystemArgs.FACT_SYSTEM_SUBSETS)):
- gather_method = getattr(self, self._subset['fact'].replace('-', '_'), self.system_fact)
- resp = gather_method()
- facts.update({self._subset['fact']: resp})
-
- ansible_facts['ansible_network_resources'].update(facts)
- return ansible_facts
-
- def system_fact(self):
- fos = self._fos
- vdom = self._module.params['vdom']
- return fos.monitor('system', self._subset['fact'][len('system_'):].replace('_', '/'), vdom=vdom)
-
- def system_interface_select(self):
- fos = self._fos
- vdom = self._module.params['vdom']
-
- query_string = '?vdom=' + vdom
- system_interface_select_param = self._subset['filters']
- if system_interface_select_param:
- for filter in system_interface_select_param:
- for key, val in filter.items():
- if val:
- query_string += '&' + str(key) + '=' + str(val)
-
- return fos.monitor('system', self._subset['fact'][len('system_'):].replace('_', '/') + query_string, vdom=None)
diff --git a/lib/ansible/module_utils/network/fortios/fortios.py b/lib/ansible/module_utils/network/fortios/fortios.py
deleted file mode 100644
index 45992aa8c47..00000000000
--- a/lib/ansible/module_utils/network/fortios/fortios.py
+++ /dev/null
@@ -1,338 +0,0 @@
-# This code is part of Ansible, but is an independent component.
-# This particular file snippet, and this file snippet only, is BSD licensed.
-# Modules you write using this snippet, which is embedded dynamically by Ansible
-# still belong to the author of the module, and may assign their own license
-# to the complete work.
-#
-# Copyright (c), Benjamin Jolivot , 2014,
-# Miguel Angel Munoz , 2019
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation
-# and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
-# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
-#
-import os
-import time
-import traceback
-
-from ansible.module_utils._text import to_text
-from ansible.module_utils.basic import env_fallback
-
-import json
-
-# BEGIN DEPRECATED
-
-# check for pyFG lib
-try:
- from pyFG import FortiOS, FortiConfig
- from pyFG.exceptions import FailedCommit
- HAS_PYFG = True
-except ImportError:
- HAS_PYFG = False
-
-fortios_argument_spec = dict(
- file_mode=dict(type='bool', default=False),
- config_file=dict(type='path'),
- host=dict(),
- username=dict(fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])),
- password=dict(fallback=(env_fallback, ['ANSIBLE_NET_PASSWORD']), no_log=True),
- timeout=dict(type='int', default=60),
- vdom=dict(type='str'),
- backup=dict(type='bool', default=False),
- backup_path=dict(type='path'),
- backup_filename=dict(type='str'),
-)
-
-fortios_required_if = [
- ['file_mode', False, ['host', 'username', 'password']],
- ['file_mode', True, ['config_file']],
- ['backup', True, ['backup_path']],
-]
-
-fortios_mutually_exclusive = [
- ['config_file', 'host'],
- ['config_file', 'username'],
- ['config_file', 'password']
-]
-
-fortios_error_codes = {
- '-3': "Object not found",
- '-61': "Command error"
-}
-
-# END DEPRECATED
-
-
-class FortiOSHandler(object):
-
- def __init__(self, conn):
- self._conn = conn
-
- def cmdb_url(self, path, name, vdom=None, mkey=None):
-
- url = '/api/v2/cmdb/' + path + '/' + name
- if mkey:
- url = url + '/' + str(mkey)
- if vdom:
- if vdom == "global":
- url += '?global=1'
- else:
- url += '?vdom=' + vdom
- return url
-
- def mon_url(self, path, name, vdom=None, mkey=None):
- url = '/api/v2/monitor/' + path + '/' + name
- if mkey:
- url = url + '/' + str(mkey)
- if vdom:
- if vdom == "global":
- url += '?global=1'
- else:
- url += '?vdom=' + vdom
- return url
-
- def schema(self, path, name, vdom=None):
- if vdom is None:
- url = self.cmdb_url(path, name) + "?action=schema"
- else:
- url = self.cmdb_url(path, name, vdom=vdom) + "&action=schema"
-
- status, result_data = self._conn.send_request(url=url)
-
- if status == 200:
- if vdom == "global":
- return json.loads(to_text(result_data))[0]['results']
- else:
- return json.loads(to_text(result_data))['results']
- else:
- return json.loads(to_text(result_data))
-
- def get_mkeyname(self, path, name, vdom=None):
- schema = self.schema(path, name, vdom=vdom)
- try:
- keyname = schema['mkey']
- except KeyError:
- return False
- return keyname
-
- def get_mkey(self, path, name, data, vdom=None):
-
- keyname = self.get_mkeyname(path, name, vdom)
- if not keyname:
- return None
- else:
- try:
- mkey = data[keyname]
- except KeyError:
- return None
- return mkey
-
- def get(self, path, name, vdom=None, mkey=None, parameters=None):
- url = self.cmdb_url(path, name, vdom, mkey=mkey)
-
- status, result_data = self._conn.send_request(url=url, params=parameters, method='GET')
-
- return self.formatresponse(result_data, vdom=vdom)
-
- def monitor(self, path, name, vdom=None, mkey=None, parameters=None):
- url = self.mon_url(path, name, vdom, mkey)
-
- status, result_data = self._conn.send_request(url=url, params=parameters, method='GET')
-
- return self.formatresponse(result_data, vdom=vdom)
-
- def set(self, path, name, data, mkey=None, vdom=None, parameters=None):
-
- if not mkey:
- mkey = self.get_mkey(path, name, data, vdom=vdom)
- url = self.cmdb_url(path, name, vdom, mkey)
-
- status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='PUT')
-
- if status == 404 or status == 405 or status == 500:
- return self.post(path, name, data, vdom, mkey)
- else:
- return self.formatresponse(result_data, vdom=vdom)
-
- def post(self, path, name, data, vdom=None,
- mkey=None, parameters=None):
-
- if mkey:
- mkeyname = self.get_mkeyname(path, name, vdom)
- data[mkeyname] = mkey
-
- url = self.cmdb_url(path, name, vdom, mkey=None)
-
- status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST')
-
- return self.formatresponse(result_data, vdom=vdom)
-
- def execute(self, path, name, data, vdom=None,
- mkey=None, parameters=None, timeout=300):
- url = self.mon_url(path, name, vdom, mkey=mkey)
-
- status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST', timeout=timeout)
-
- return self.formatresponse(result_data, vdom=vdom)
-
- def delete(self, path, name, vdom=None, mkey=None, parameters=None, data=None):
- if not mkey:
- mkey = self.get_mkey(path, name, data, vdom=vdom)
- url = self.cmdb_url(path, name, vdom, mkey)
- status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='DELETE')
- return self.formatresponse(result_data, vdom=vdom)
-
- def formatresponse(self, res, vdom=None):
- if vdom == "global":
- resp = json.loads(to_text(res))[0]
- resp['vdom'] = "global"
- else:
- resp = json.loads(to_text(res))
- return resp
-
-# BEGIN DEPRECATED
-
-
-def backup(module, running_config):
- backup_path = module.params['backup_path']
- backup_filename = module.params['backup_filename']
- if not os.path.exists(backup_path):
- try:
- os.mkdir(backup_path)
- except Exception:
- module.fail_json(msg="Can't create directory {0} Permission denied ?".format(backup_path))
- tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time()))
- if 0 < len(backup_filename):
- filename = '%s/%s' % (backup_path, backup_filename)
- else:
- filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp)
- try:
- open(filename, 'w').write(running_config)
- except Exception:
- module.fail_json(msg="Can't create backup file {0} Permission denied ?".format(filename))
-
-
-class AnsibleFortios(object):
- def __init__(self, module):
- if not HAS_PYFG:
- module.fail_json(msg='Could not import the python library pyFG required by this module')
-
- self.result = {
- 'changed': False,
- }
- self.module = module
-
- def _connect(self):
- if self.module.params['file_mode']:
- self.forti_device = FortiOS('')
- else:
- host = self.module.params['host']
- username = self.module.params['username']
- password = self.module.params['password']
- timeout = self.module.params['timeout']
- vdom = self.module.params['vdom']
-
- self.forti_device = FortiOS(host, username=username, password=password, timeout=timeout, vdom=vdom)
-
- try:
- self.forti_device.open()
- except Exception as e:
- self.module.fail_json(msg='Error connecting device. %s' % to_text(e),
- exception=traceback.format_exc())
-
- def load_config(self, path):
- self.path = path
- self._connect()
- # load in file_mode
- if self.module.params['file_mode']:
- try:
- f = open(self.module.params['config_file'], 'r')
- running = f.read()
- f.close()
- except IOError as e:
- self.module.fail_json(msg='Error reading configuration file. %s' % to_text(e),
- exception=traceback.format_exc())
- self.forti_device.load_config(config_text=running, path=path)
-
- else:
- # get config
- try:
- self.forti_device.load_config(path=path)
- except Exception as e:
- self.forti_device.close()
- self.module.fail_json(msg='Error reading running config. %s' % to_text(e),
- exception=traceback.format_exc())
-
- # set configs in object
- self.result['running_config'] = self.forti_device.running_config.to_text()
- self.candidate_config = self.forti_device.candidate_config
-
- # backup if needed
- if self.module.params['backup']:
- backup(self.module, self.forti_device.running_config.to_text())
-
- def apply_changes(self):
- change_string = self.forti_device.compare_config()
- if change_string:
- self.result['change_string'] = change_string
- self.result['changed'] = True
-
- # Commit if not check mode
- if change_string and not self.module.check_mode:
- if self.module.params['file_mode']:
- try:
- f = open(self.module.params['config_file'], 'w')
- f.write(self.candidate_config.to_text())
- f.close()
- except IOError as e:
- self.module.fail_json(msg='Error writing configuration file. %s' %
- to_text(e), exception=traceback.format_exc())
- else:
- try:
- self.forti_device.commit()
- except FailedCommit as e:
- # Something's wrong (rollback is automatic)
- self.forti_device.close()
- error_list = self.get_error_infos(e)
- self.module.fail_json(msg_error_list=error_list, msg="Unable to commit change, check your args, the error was %s" % e.message)
-
- self.forti_device.close()
- self.module.exit_json(**self.result)
-
- def del_block(self, block_id):
- self.forti_device.candidate_config[self.path].del_block(block_id)
-
- def add_block(self, block_id, block):
- self.forti_device.candidate_config[self.path][block_id] = block
-
- def get_error_infos(self, cli_errors):
- error_list = []
- for errors in cli_errors.args:
- for error in errors:
- error_code = error[0]
- error_string = error[1]
- error_type = fortios_error_codes.get(error_code, "unknown")
- error_list.append(dict(error_code=error_code, error_type=error_type, error_string=error_string))
-
- return error_list
-
- def get_empty_configuration_block(self, block_name, block_type):
- return FortiConfig(block_name, block_type)
-
-# END DEPRECATED
diff --git a/lib/ansible/modules/network/fortios/fortios_address.py b/lib/ansible/modules/network/fortios/fortios_address.py
deleted file mode 100644
index 03c4a82309c..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_address.py
+++ /dev/null
@@ -1,291 +0,0 @@
-#!/usr/bin/python
-#
-# Ansible module to manage IP addresses on fortios devices
-# (c) 2016, Benjamin Jolivot
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-
-ANSIBLE_METADATA = {'metadata_version': '1.1',
- 'status': ['preview'],
- 'supported_by': 'community'}
-
-DOCUMENTATION = """
----
-module: fortios_address
-version_added: "2.4"
-author: "Benjamin Jolivot (@bjolivot)"
-short_description: Manage fortios firewall address objects
-description:
- - This module provide management of firewall addresses on FortiOS devices.
-extends_documentation_fragment: fortios
-options:
- state:
- description:
- - Specifies if address need to be added or deleted.
- required: true
- choices: ['present', 'absent']
- name:
- description:
- - Name of the address to add or delete.
- required: true
- type:
- description:
- - Type of the address.
- choices: ['iprange', 'fqdn', 'ipmask', 'geography']
- value:
- description:
- - Address value, based on type.
- If type=fqdn, something like www.google.com.
- If type=ipmask, you can use simple ip (192.168.0.1), ip+mask (192.168.0.1 255.255.255.0) or CIDR (192.168.0.1/32).
- start_ip:
- description:
- - First ip in range (used only with type=iprange).
- end_ip:
- description:
- - Last ip in range (used only with type=iprange).
- country:
- description:
- - 2 letter country code (like FR).
- interface:
- description:
- - interface name the address apply to.
- default: any
- comment:
- description:
- - free text to describe address.
-notes:
- - This module requires netaddr python library.
-"""
-
-EXAMPLES = """
-- name: Register french addresses
- fortios_address:
- host: 192.168.0.254
- username: admin
- password: p4ssw0rd
- state: present
- name: "fromfrance"
- type: geography
- country: FR
- comment: "French geoip address"
-
-- name: Register some fqdn
- fortios_address:
- host: 192.168.0.254
- username: admin
- password: p4ssw0rd
- state: present
- name: "Ansible"
- type: fqdn
- value: www.ansible.com
- comment: "Ansible website"
-
-- name: Register google DNS
- fortios_address:
- host: 192.168.0.254
- username: admin
- password: p4ssw0rd
- state: present
- name: "google_dns"
- type: ipmask
- value: 8.8.8.8
-
-"""
-
-RETURN = """
-firewall_address_config:
- description: full firewall addresses config string.
- returned: always
- type: str
-change_string:
- description: The commands executed by the module.
- returned: only if config changed
- type: str
-"""
-
-from ansible.module_utils.network.fortios.fortios import fortios_argument_spec, fortios_required_if
-from ansible.module_utils.network.fortios.fortios import backup, AnsibleFortios
-
-from ansible.module_utils.basic import AnsibleModule
-
-
-# check for netaddr lib
-try:
- from netaddr import IPNetwork
- HAS_NETADDR = True
-except Exception:
- HAS_NETADDR = False
-
-
-# define valid country list for GEOIP address type
-FG_COUNTRY_LIST = (
- 'ZZ', 'A1', 'A2', 'O1', 'AD', 'AE', 'AF', 'AG', 'AI', 'AL', 'AM', 'AN', 'AO',
- 'AP', 'AQ', 'AR', 'AS', 'AT', 'AU', 'AW', 'AX', 'AZ', 'BA', 'BB', 'BD', 'BE',
- 'BF', 'BG', 'BH', 'BI', 'BJ', 'BL', 'BM', 'BN', 'BO', 'BQ', 'BR', 'BS', 'BT',
- 'BV', 'BW', 'BY', 'BZ', 'CA', 'CC', 'CD', 'CF', 'CG', 'CH', 'CI', 'CK', 'CL',
- 'CM', 'CN', 'CO', 'CR', 'CU', 'CV', 'CW', 'CX', 'CY', 'CZ', 'DE', 'DJ', 'DK',
- 'DM', 'DO', 'DZ', 'EC', 'EE', 'EG', 'EH', 'ER', 'ES', 'ET', 'EU', 'FI', 'FJ',
- 'FK', 'FM', 'FO', 'FR', 'GA', 'GB', 'GD', 'GE', 'GF', 'GG', 'GH', 'GI', 'GL',
- 'GM', 'GN', 'GP', 'GQ', 'GR', 'GS', 'GT', 'GU', 'GW', 'GY', 'HK', 'HM', 'HN',
- 'HR', 'HT', 'HU', 'ID', 'IE', 'IL', 'IM', 'IN', 'IO', 'IQ', 'IR', 'IS', 'IT',
- 'JE', 'JM', 'JO', 'JP', 'KE', 'KG', 'KH', 'KI', 'KM', 'KN', 'KP', 'KR', 'KW',
- 'KY', 'KZ', 'LA', 'LB', 'LC', 'LI', 'LK', 'LR', 'LS', 'LT', 'LU', 'LV', 'LY',
- 'MA', 'MC', 'MD', 'ME', 'MF', 'MG', 'MH', 'MK', 'ML', 'MM', 'MN', 'MO', 'MP',
- 'MQ', 'MR', 'MS', 'MT', 'MU', 'MV', 'MW', 'MX', 'MY', 'MZ', 'NA', 'NC', 'NE',
- 'NF', 'NG', 'NI', 'NL', 'NO', 'NP', 'NR', 'NU', 'NZ', 'OM', 'PA', 'PE', 'PF',
- 'PG', 'PH', 'PK', 'PL', 'PM', 'PN', 'PR', 'PS', 'PT', 'PW', 'PY', 'QA', 'RE',
- 'RO', 'RS', 'RU', 'RW', 'SA', 'SB', 'SC', 'SD', 'SE', 'SG', 'SH', 'SI', 'SJ',
- 'SK', 'SL', 'SM', 'SN', 'SO', 'SR', 'SS', 'ST', 'SV', 'SX', 'SY', 'SZ', 'TC',
- 'TD', 'TF', 'TG', 'TH', 'TJ', 'TK', 'TL', 'TM', 'TN', 'TO', 'TR', 'TT', 'TV',
- 'TW', 'TZ', 'UA', 'UG', 'UM', 'US', 'UY', 'UZ', 'VA', 'VC', 'VE', 'VG', 'VI',
- 'VN', 'VU', 'WF', 'WS', 'YE', 'YT', 'ZA', 'ZM', 'ZW'
-)
-
-
-def get_formated_ipaddr(input_ip):
- """
- Format given ip address string to fortigate format (ip netmask)
- Args:
- * **ip_str** (string) : string representing ip address
- accepted format:
- - ip netmask (ex: 192.168.0.10 255.255.255.0)
- - ip (ex: 192.168.0.10)
- - CIDR (ex: 192.168.0.10/24)
-
- Returns:
- formated ip if ip is valid (ex: "192.168.0.10 255.255.255.0")
- False if ip is not valid
- """
- try:
- if " " in input_ip:
- # ip netmask format
- str_ip, str_netmask = input_ip.split(" ")
- ip = IPNetwork(str_ip)
- mask = IPNetwork(str_netmask)
- return "%s %s" % (str_ip, str_netmask)
- else:
- ip = IPNetwork(input_ip)
- return "%s %s" % (str(ip.ip), str(ip.netmask))
- except Exception:
- return False
-
- return False
-
-
-def main():
- argument_spec = dict(
- state=dict(required=True, choices=['present', 'absent']),
- name=dict(required=True),
- type=dict(choices=['iprange', 'fqdn', 'ipmask', 'geography'], default='ipmask'),
- value=dict(),
- start_ip=dict(),
- end_ip=dict(),
- country=dict(),
- interface=dict(default='any'),
- comment=dict(),
- )
-
- # merge argument_spec from module_utils/fortios.py
- argument_spec.update(fortios_argument_spec)
-
- # Load module
- module = AnsibleModule(
- argument_spec=argument_spec,
- required_if=fortios_required_if,
- supports_check_mode=True,
- )
- result = dict(changed=False)
-
- if not HAS_NETADDR:
- module.fail_json(msg='Could not import the python library netaddr required by this module')
-
- # check params
- if module.params['state'] == 'absent':
- if module.params['type'] != "ipmask":
- module.fail_json(msg='Invalid argument type=%s when state=absent' % module.params['type'])
- if module.params['value'] is not None:
- module.fail_json(msg='Invalid argument `value` when state=absent')
- if module.params['start_ip'] is not None:
- module.fail_json(msg='Invalid argument `start_ip` when state=absent')
- if module.params['end_ip'] is not None:
- module.fail_json(msg='Invalid argument `end_ip` when state=absent')
- if module.params['country'] is not None:
- module.fail_json(msg='Invalid argument `country` when state=absent')
- if module.params['interface'] != "any":
- module.fail_json(msg='Invalid argument `interface` when state=absent')
- if module.params['comment'] is not None:
- module.fail_json(msg='Invalid argument `comment` when state=absent')
- else:
- # state=present
- # validate IP
- if module.params['type'] == "ipmask":
- formated_ip = get_formated_ipaddr(module.params['value'])
- if formated_ip is not False:
- module.params['value'] = get_formated_ipaddr(module.params['value'])
- else:
- module.fail_json(msg="Bad ip address format")
-
- # validate country
- if module.params['type'] == "geography":
- if module.params['country'] not in FG_COUNTRY_LIST:
- module.fail_json(msg="Invalid country argument, need to be in `diagnose firewall ipgeo country-list`")
-
- # validate iprange
- if module.params['type'] == "iprange":
- if module.params['start_ip'] is None:
- module.fail_json(msg="Missing argument 'start_ip' when type is iprange")
- if module.params['end_ip'] is None:
- module.fail_json(msg="Missing argument 'end_ip' when type is iprange")
-
- # init forti object
- fortigate = AnsibleFortios(module)
-
- # Config path
- config_path = 'firewall address'
-
- # load config
- fortigate.load_config(config_path)
-
- # Absent State
- if module.params['state'] == 'absent':
- fortigate.candidate_config[config_path].del_block(module.params['name'])
-
- # Present state
- if module.params['state'] == 'present':
- # define address params
- new_addr = fortigate.get_empty_configuration_block(module.params['name'], 'edit')
-
- if module.params['comment'] is not None:
- new_addr.set_param('comment', '"%s"' % (module.params['comment']))
-
- if module.params['type'] == 'iprange':
- new_addr.set_param('type', 'iprange')
- new_addr.set_param('start-ip', module.params['start_ip'])
- new_addr.set_param('end-ip', module.params['end_ip'])
-
- if module.params['type'] == 'geography':
- new_addr.set_param('type', 'geography')
- new_addr.set_param('country', '"%s"' % (module.params['country']))
-
- if module.params['interface'] != 'any':
- new_addr.set_param('associated-interface', '"%s"' % (module.params['interface']))
-
- if module.params['value'] is not None:
- if module.params['type'] == 'fqdn':
- new_addr.set_param('type', 'fqdn')
- new_addr.set_param('fqdn', '"%s"' % (module.params['value']))
- if module.params['type'] == 'ipmask':
- new_addr.set_param('subnet', module.params['value'])
-
- # add the new address object to the device
- fortigate.add_block(module.params['name'], new_addr)
-
- # Apply changes (check mode is managed directly by the fortigate object)
- fortigate.apply_changes()
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_alertemail_setting.py b/lib/ansible/modules/network/fortios/fortios_alertemail_setting.py
deleted file mode 100644
index 82b7a6e3b8f..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_alertemail_setting.py
+++ /dev/null
@@ -1,602 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_alertemail_setting
-short_description: Configure alert email settings in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify alertemail feature and setting category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.9"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- alertemail_setting:
- description:
- - Configure alert email settings.
- default: null
- type: dict
- suboptions:
- admin_login_logs:
- description:
- - Enable/disable administrator login/logout logs in alert email.
- type: str
- choices:
- - enable
- - disable
- alert_interval:
- description:
- - Alert alert interval in minutes.
- type: int
- amc_interface_bypass_mode:
- description:
- - Enable/disable Fortinet Advanced Mezzanine Card (AMC) interface bypass mode logs in alert email.
- type: str
- choices:
- - enable
- - disable
- antivirus_logs:
- description:
- - Enable/disable antivirus logs in alert email.
- type: str
- choices:
- - enable
- - disable
- configuration_changes_logs:
- description:
- - Enable/disable configuration change logs in alert email.
- type: str
- choices:
- - enable
- - disable
- critical_interval:
- description:
- - Critical alert interval in minutes.
- type: int
- debug_interval:
- description:
- - Debug alert interval in minutes.
- type: int
- email_interval:
- description:
- - Interval between sending alert emails (1 - 99999 min).
- type: int
- emergency_interval:
- description:
- - Emergency alert interval in minutes.
- type: int
- error_interval:
- description:
- - Error alert interval in minutes.
- type: int
- FDS_license_expiring_days:
- description:
- - Number of days to send alert email prior to FortiGuard license expiration (1 - 100 days).
- type: int
- FDS_license_expiring_warning:
- description:
- - Enable/disable FortiGuard license expiration warnings in alert email.
- type: str
- choices:
- - enable
- - disable
- FDS_update_logs:
- description:
- - Enable/disable FortiGuard update logs in alert email.
- type: str
- choices:
- - enable
- - disable
- filter_mode:
- description:
- - How to filter log messages that are sent to alert emails.
- type: str
- choices:
- - category
- - threshold
- FIPS_CC_errors:
- description:
- - Enable/disable FIPS and Common Criteria error logs in alert email.
- type: str
- choices:
- - enable
- - disable
- firewall_authentication_failure_logs:
- description:
- - Enable/disable firewall authentication failure logs in alert email.
- type: str
- choices:
- - enable
- - disable
- fortiguard_log_quota_warning:
- description:
- - Enable/disable FortiCloud log quota warnings in alert email.
- type: str
- choices:
- - enable
- - disable
- FSSO_disconnect_logs:
- description:
- - Enable/disable logging of FSSO collector agent disconnect.
- type: str
- choices:
- - enable
- - disable
- HA_logs:
- description:
- - Enable/disable HA logs in alert email.
- type: str
- choices:
- - enable
- - disable
- information_interval:
- description:
- - Information alert interval in minutes.
- type: int
- IPS_logs:
- description:
- - Enable/disable IPS logs in alert email.
- type: str
- choices:
- - enable
- - disable
- IPsec_errors_logs:
- description:
- - Enable/disable IPsec error logs in alert email.
- type: str
- choices:
- - enable
- - disable
- local_disk_usage:
- description:
- - Disk usage percentage at which to send alert email (1 - 99 percent).
- type: int
- log_disk_usage_warning:
- description:
- - Enable/disable disk usage warnings in alert email.
- type: str
- choices:
- - enable
- - disable
- mailto1:
- description:
- - Email address to send alert email to (usually a system administrator) (max. 64 characters).
- type: str
- mailto2:
- description:
- - Optional second email address to send alert email to (max. 64 characters).
- type: str
- mailto3:
- description:
- - Optional third email address to send alert email to (max. 64 characters).
- type: str
- notification_interval:
- description:
- - Notification alert interval in minutes.
- type: int
- PPP_errors_logs:
- description:
- - Enable/disable PPP error logs in alert email.
- type: str
- choices:
- - enable
- - disable
- severity:
- description:
- - Lowest severity level to log.
- type: str
- choices:
- - emergency
- - alert
- - critical
- - error
- - warning
- - notification
- - information
- - debug
- ssh_logs:
- description:
- - Enable/disable SSH logs in alert email.
- type: str
- choices:
- - enable
- - disable
- sslvpn_authentication_errors_logs:
- description:
- - Enable/disable SSL-VPN authentication error logs in alert email.
- type: str
- choices:
- - enable
- - disable
- username:
- description:
- - "Name that appears in the From: field of alert emails (max. 36 characters)."
- type: str
- violation_traffic_logs:
- description:
- - Enable/disable violation traffic logs in alert email.
- type: str
- choices:
- - enable
- - disable
- warning_interval:
- description:
- - Warning alert interval in minutes.
- type: int
- webfilter_logs:
- description:
- - Enable/disable web filter logs in alert email.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure alert email settings.
- fortios_alertemail_setting:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- alertemail_setting:
- admin_login_logs: "enable"
- alert_interval: "4"
- amc_interface_bypass_mode: "enable"
- antivirus_logs: "enable"
- configuration_changes_logs: "enable"
- critical_interval: "8"
- debug_interval: "9"
- email_interval: "10"
- emergency_interval: "11"
- error_interval: "12"
- FDS_license_expiring_days: "13"
- FDS_license_expiring_warning: "enable"
- FDS_update_logs: "enable"
- filter_mode: "category"
- FIPS_CC_errors: "enable"
- firewall_authentication_failure_logs: "enable"
- fortiguard_log_quota_warning: "enable"
- FSSO_disconnect_logs: "enable"
- HA_logs: "enable"
- information_interval: "22"
- IPS_logs: "enable"
- IPsec_errors_logs: "enable"
- local_disk_usage: "25"
- log_disk_usage_warning: "enable"
- mailto1: ""
- mailto2: ""
- mailto3: ""
- notification_interval: "30"
- PPP_errors_logs: "enable"
- severity: "emergency"
- ssh_logs: "enable"
- sslvpn_authentication_errors_logs: "enable"
- username: ""
- violation_traffic_logs: "enable"
- warning_interval: "37"
- webfilter_logs: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_alertemail_setting_data(json):
- option_list = ['admin_login_logs', 'alert_interval', 'amc_interface_bypass_mode',
- 'antivirus_logs', 'configuration_changes_logs', 'critical_interval',
- 'debug_interval', 'email_interval', 'emergency_interval',
- 'error_interval', 'FDS_license_expiring_days', 'FDS_license_expiring_warning',
- 'FDS_update_logs', 'filter_mode', 'FIPS_CC_errors',
- 'firewall_authentication_failure_logs', 'fortiguard_log_quota_warning', 'FSSO_disconnect_logs',
- 'HA_logs', 'information_interval', 'IPS_logs',
- 'IPsec_errors_logs', 'local_disk_usage', 'log_disk_usage_warning',
- 'mailto1', 'mailto2', 'mailto3',
- 'notification_interval', 'PPP_errors_logs', 'severity',
- 'ssh_logs', 'sslvpn_authentication_errors_logs', 'username',
- 'violation_traffic_logs', 'warning_interval', 'webfilter_logs']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def alertemail_setting(data, fos):
- vdom = data['vdom']
- alertemail_setting_data = data['alertemail_setting']
- filtered_data = underscore_to_hyphen(filter_alertemail_setting_data(alertemail_setting_data))
-
- return fos.set('alertemail',
- 'setting',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_alertemail(data, fos):
-
- if data['alertemail_setting']:
- resp = alertemail_setting(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "alertemail_setting": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "admin_login_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "alert_interval": {"required": False, "type": "int"},
- "amc_interface_bypass_mode": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "antivirus_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "configuration_changes_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "critical_interval": {"required": False, "type": "int"},
- "debug_interval": {"required": False, "type": "int"},
- "email_interval": {"required": False, "type": "int"},
- "emergency_interval": {"required": False, "type": "int"},
- "error_interval": {"required": False, "type": "int"},
- "FDS_license_expiring_days": {"required": False, "type": "int"},
- "FDS_license_expiring_warning": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "FDS_update_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "filter_mode": {"required": False, "type": "str",
- "choices": ["category", "threshold"]},
- "FIPS_CC_errors": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "firewall_authentication_failure_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "fortiguard_log_quota_warning": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "FSSO_disconnect_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "HA_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "information_interval": {"required": False, "type": "int"},
- "IPS_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "IPsec_errors_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "local_disk_usage": {"required": False, "type": "int"},
- "log_disk_usage_warning": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "mailto1": {"required": False, "type": "str"},
- "mailto2": {"required": False, "type": "str"},
- "mailto3": {"required": False, "type": "str"},
- "notification_interval": {"required": False, "type": "int"},
- "PPP_errors_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "severity": {"required": False, "type": "str",
- "choices": ["emergency", "alert", "critical",
- "error", "warning", "notification",
- "information", "debug"]},
- "ssh_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "sslvpn_authentication_errors_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "username": {"required": False, "type": "str"},
- "violation_traffic_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "warning_interval": {"required": False, "type": "int"},
- "webfilter_logs": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_alertemail(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_alertemail(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_heuristic.py b/lib/ansible/modules/network/fortios/fortios_antivirus_heuristic.py
deleted file mode 100644
index 38a899b7d67..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_antivirus_heuristic.py
+++ /dev/null
@@ -1,295 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_antivirus_heuristic
-short_description: Configure global heuristic options in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify antivirus feature and heuristic category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- antivirus_heuristic:
- description:
- - Configure global heuristic options.
- default: null
- type: dict
- suboptions:
- mode:
- description:
- - Enable/disable heuristics and determine how the system behaves if heuristics detects a problem.
- type: str
- choices:
- - pass
- - block
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure global heuristic options.
- fortios_antivirus_heuristic:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- antivirus_heuristic:
- mode: "pass"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_antivirus_heuristic_data(json):
- option_list = ['mode']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def antivirus_heuristic(data, fos):
- vdom = data['vdom']
- antivirus_heuristic_data = data['antivirus_heuristic']
- filtered_data = underscore_to_hyphen(filter_antivirus_heuristic_data(antivirus_heuristic_data))
-
- return fos.set('antivirus',
- 'heuristic',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_antivirus(data, fos):
-
- if data['antivirus_heuristic']:
- resp = antivirus_heuristic(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "antivirus_heuristic": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "mode": {"required": False, "type": "str",
- "choices": ["pass", "block", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_profile.py b/lib/ansible/modules/network/fortios/fortios_antivirus_profile.py
deleted file mode 100644
index b35c0415c0a..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_antivirus_profile.py
+++ /dev/null
@@ -1,1366 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_antivirus_profile
-short_description: Configure AntiVirus profiles in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify antivirus feature and profile category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- antivirus_profile:
- description:
- - Configure AntiVirus profiles.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- analytics_bl_filetype:
- description:
- - Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.
- type: int
- analytics_db:
- description:
- - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.
- type: str
- choices:
- - disable
- - enable
- analytics_max_upload:
- description:
- - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes).
- type: int
- analytics_wl_filetype:
- description:
- - Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.
- type: int
- av_block_log:
- description:
- - Enable/disable logging for AntiVirus file blocking.
- type: str
- choices:
- - enable
- - disable
- av_virus_log:
- description:
- - Enable/disable AntiVirus logging.
- type: str
- choices:
- - enable
- - disable
- comment:
- description:
- - Comment.
- type: str
- content_disarm:
- description:
- - AV Content Disarm and Reconstruction settings.
- type: dict
- suboptions:
- cover_page:
- description:
- - Enable/disable inserting a cover page into the disarmed document.
- type: str
- choices:
- - disable
- - enable
- detect_only:
- description:
- - Enable/disable only detect disarmable files, do not alter content.
- type: str
- choices:
- - disable
- - enable
- office_embed:
- description:
- - Enable/disable stripping of embedded objects in Microsoft Office documents.
- type: str
- choices:
- - disable
- - enable
- office_hylink:
- description:
- - Enable/disable stripping of hyperlinks in Microsoft Office documents.
- type: str
- choices:
- - disable
- - enable
- office_linked:
- description:
- - Enable/disable stripping of linked objects in Microsoft Office documents.
- type: str
- choices:
- - disable
- - enable
- office_macro:
- description:
- - Enable/disable stripping of macros in Microsoft Office documents.
- type: str
- choices:
- - disable
- - enable
- original_file_destination:
- description:
- - Destination to send original file if active content is removed.
- type: str
- choices:
- - fortisandbox
- - quarantine
- - discard
- pdf_act_form:
- description:
- - Enable/disable stripping of actions that submit data to other targets in PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_act_gotor:
- description:
- - Enable/disable stripping of links to other PDFs in PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_act_java:
- description:
- - Enable/disable stripping of actions that execute JavaScript code in PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_act_launch:
- description:
- - Enable/disable stripping of links to external applications in PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_act_movie:
- description:
- - Enable/disable stripping of embedded movies in PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_act_sound:
- description:
- - Enable/disable stripping of embedded sound files in PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_embedfile:
- description:
- - Enable/disable stripping of embedded files in PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_hyperlink:
- description:
- - Enable/disable stripping of hyperlinks from PDF documents.
- type: str
- choices:
- - disable
- - enable
- pdf_javacode:
- description:
- - Enable/disable stripping of JavaScript code in PDF documents.
- type: str
- choices:
- - disable
- - enable
- extended_log:
- description:
- - Enable/disable extended logging for antivirus.
- type: str
- choices:
- - enable
- - disable
- ftgd_analytics:
- description:
- - Settings to control which files are uploaded to FortiSandbox.
- type: str
- choices:
- - disable
- - suspicious
- - everything
- ftp:
- description:
- - Configure FTP AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- options:
- description:
- - Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
- http:
- description:
- - Configure HTTP AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- content_disarm:
- description:
- - Enable Content Disarm and Reconstruction for this protocol.
- type: str
- choices:
- - disable
- - enable
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- options:
- description:
- - Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
- imap:
- description:
- - Configure IMAP AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- content_disarm:
- description:
- - Enable Content Disarm and Reconstruction for this protocol.
- type: str
- choices:
- - disable
- - enable
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- executables:
- description:
- - Treat Windows executable files as viruses for the purpose of blocking or monitoring.
- type: str
- choices:
- - default
- - virus
- options:
- description:
- - Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
- inspection_mode:
- description:
- - Inspection mode.
- type: str
- choices:
- - proxy
- - flow-based
- mapi:
- description:
- - Configure MAPI AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- executables:
- description:
- - Treat Windows executable files as viruses for the purpose of blocking or monitoring.
- type: str
- choices:
- - default
- - virus
- options:
- description:
- - Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
- mobile_malware_db:
- description:
- - Enable/disable using the mobile malware signature database.
- type: str
- choices:
- - disable
- - enable
- nac_quar:
- description:
- - Configure AntiVirus quarantine settings.
- type: dict
- suboptions:
- expiry:
- description:
- - Duration of quarantine.
- type: str
- infected:
- description:
- - Enable/Disable quarantining infected hosts to the banned user list.
- type: str
- choices:
- - none
- - quar-src-ip
- log:
- description:
- - Enable/disable AntiVirus quarantine logging.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Profile name.
- required: true
- type: str
- nntp:
- description:
- - Configure NNTP AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- options:
- description:
- - Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
- pop3:
- description:
- - Configure POP3 AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- content_disarm:
- description:
- - Enable Content Disarm and Reconstruction for this protocol.
- type: str
- choices:
- - disable
- - enable
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- executables:
- description:
- - Treat Windows executable files as viruses for the purpose of blocking or monitoring.
- type: str
- choices:
- - default
- - virus
- options:
- description:
- - Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
- replacemsg_group:
- description:
- - Replacement message group customized for this profile. Source system.replacemsg-group.name.
- type: str
- scan_mode:
- description:
- - Choose between full scan mode and quick scan mode.
- type: str
- choices:
- - quick
- - full
- smb:
- description:
- - Configure SMB AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- options:
- description:
- - Enable/disable SMB AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
- smtp:
- description:
- - Configure SMTP AntiVirus options.
- type: dict
- suboptions:
- archive_block:
- description:
- - Select the archive types to block.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- archive_log:
- description:
- - Select the archive types to log.
- type: str
- choices:
- - encrypted
- - corrupted
- - partiallycorrupted
- - multipart
- - nested
- - mailbomb
- - fileslimit
- - timeout
- - unhandled
- content_disarm:
- description:
- - Enable Content Disarm and Reconstruction for this protocol.
- type: str
- choices:
- - disable
- - enable
- emulator:
- description:
- - Enable/disable the virus emulator.
- type: str
- choices:
- - enable
- - disable
- executables:
- description:
- - Treat Windows executable files as viruses for the purpose of blocking or monitoring.
- type: str
- choices:
- - default
- - virus
- options:
- description:
- - Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.
- type: str
- choices:
- - scan
- - avmonitor
- - quarantine
- outbreak_prevention:
- description:
- - Enable FortiGuard Virus Outbreak Prevention service.
- type: str
- choices:
- - disabled
- - files
- - full-archive
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure AntiVirus profiles.
- fortios_antivirus_profile:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- antivirus_profile:
- analytics_bl_filetype: "3 (source dlp.filepattern.id)"
- analytics_db: "disable"
- analytics_max_upload: "5"
- analytics_wl_filetype: "6 (source dlp.filepattern.id)"
- av_block_log: "enable"
- av_virus_log: "enable"
- comment: "Comment."
- content_disarm:
- cover_page: "disable"
- detect_only: "disable"
- office_embed: "disable"
- office_hylink: "disable"
- office_linked: "disable"
- office_macro: "disable"
- original_file_destination: "fortisandbox"
- pdf_act_form: "disable"
- pdf_act_gotor: "disable"
- pdf_act_java: "disable"
- pdf_act_launch: "disable"
- pdf_act_movie: "disable"
- pdf_act_sound: "disable"
- pdf_embedfile: "disable"
- pdf_hyperlink: "disable"
- pdf_javacode: "disable"
- extended_log: "enable"
- ftgd_analytics: "disable"
- ftp:
- archive_block: "encrypted"
- archive_log: "encrypted"
- emulator: "enable"
- options: "scan"
- outbreak_prevention: "disabled"
- http:
- archive_block: "encrypted"
- archive_log: "encrypted"
- content_disarm: "disable"
- emulator: "enable"
- options: "scan"
- outbreak_prevention: "disabled"
- imap:
- archive_block: "encrypted"
- archive_log: "encrypted"
- content_disarm: "disable"
- emulator: "enable"
- executables: "default"
- options: "scan"
- outbreak_prevention: "disabled"
- inspection_mode: "proxy"
- mapi:
- archive_block: "encrypted"
- archive_log: "encrypted"
- emulator: "enable"
- executables: "default"
- options: "scan"
- outbreak_prevention: "disabled"
- mobile_malware_db: "disable"
- nac_quar:
- expiry: ""
- infected: "none"
- log: "enable"
- name: "default_name_63"
- nntp:
- archive_block: "encrypted"
- archive_log: "encrypted"
- emulator: "enable"
- options: "scan"
- outbreak_prevention: "disabled"
- pop3:
- archive_block: "encrypted"
- archive_log: "encrypted"
- content_disarm: "disable"
- emulator: "enable"
- executables: "default"
- options: "scan"
- outbreak_prevention: "disabled"
- replacemsg_group: " (source system.replacemsg-group.name)"
- scan_mode: "quick"
- smb:
- archive_block: "encrypted"
- archive_log: "encrypted"
- emulator: "enable"
- options: "scan"
- outbreak_prevention: "disabled"
- smtp:
- archive_block: "encrypted"
- archive_log: "encrypted"
- content_disarm: "disable"
- emulator: "enable"
- executables: "default"
- options: "scan"
- outbreak_prevention: "disabled"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_antivirus_profile_data(json):
- option_list = ['analytics_bl_filetype', 'analytics_db', 'analytics_max_upload',
- 'analytics_wl_filetype', 'av_block_log', 'av_virus_log',
- 'comment', 'content_disarm', 'extended_log',
- 'ftgd_analytics', 'ftp', 'http',
- 'imap', 'inspection_mode', 'mapi',
- 'mobile_malware_db', 'nac_quar', 'name',
- 'nntp', 'pop3', 'replacemsg_group',
- 'scan_mode', 'smb', 'smtp']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def antivirus_profile(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['antivirus_profile'] and data['antivirus_profile']:
- state = data['antivirus_profile']['state']
- else:
- state = True
- antivirus_profile_data = data['antivirus_profile']
- filtered_data = underscore_to_hyphen(filter_antivirus_profile_data(antivirus_profile_data))
-
- if state == "present":
- return fos.set('antivirus',
- 'profile',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('antivirus',
- 'profile',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_antivirus(data, fos):
-
- if data['antivirus_profile']:
- resp = antivirus_profile(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "antivirus_profile": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "analytics_bl_filetype": {"required": False, "type": "int"},
- "analytics_db": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "analytics_max_upload": {"required": False, "type": "int"},
- "analytics_wl_filetype": {"required": False, "type": "int"},
- "av_block_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "av_virus_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "comment": {"required": False, "type": "str"},
- "content_disarm": {"required": False, "type": "dict",
- "options": {
- "cover_page": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "detect_only": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "office_embed": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "office_hylink": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "office_linked": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "office_macro": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "original_file_destination": {"required": False, "type": "str",
- "choices": ["fortisandbox", "quarantine", "discard"]},
- "pdf_act_form": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_act_gotor": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_act_java": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_act_launch": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_act_movie": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_act_sound": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_embedfile": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_hyperlink": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "pdf_javacode": {"required": False, "type": "str",
- "choices": ["disable", "enable"]}
- }},
- "extended_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "ftgd_analytics": {"required": False, "type": "str",
- "choices": ["disable", "suspicious", "everything"]},
- "ftp": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }},
- "http": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "content_disarm": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }},
- "imap": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "content_disarm": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "executables": {"required": False, "type": "str",
- "choices": ["default", "virus"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }},
- "inspection_mode": {"required": False, "type": "str",
- "choices": ["proxy", "flow-based"]},
- "mapi": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "executables": {"required": False, "type": "str",
- "choices": ["default", "virus"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }},
- "mobile_malware_db": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "nac_quar": {"required": False, "type": "dict",
- "options": {
- "expiry": {"required": False, "type": "str"},
- "infected": {"required": False, "type": "str",
- "choices": ["none", "quar-src-ip"]},
- "log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
- }},
- "name": {"required": True, "type": "str"},
- "nntp": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }},
- "pop3": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "content_disarm": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "executables": {"required": False, "type": "str",
- "choices": ["default", "virus"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }},
- "replacemsg_group": {"required": False, "type": "str"},
- "scan_mode": {"required": False, "type": "str",
- "choices": ["quick", "full"]},
- "smb": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }},
- "smtp": {"required": False, "type": "dict",
- "options": {
- "archive_block": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "archive_log": {"required": False, "type": "str",
- "choices": ["encrypted", "corrupted", "partiallycorrupted",
- "multipart", "nested", "mailbomb",
- "fileslimit", "timeout", "unhandled"]},
- "content_disarm": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "emulator": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "executables": {"required": False, "type": "str",
- "choices": ["default", "virus"]},
- "options": {"required": False, "type": "str",
- "choices": ["scan", "avmonitor", "quarantine"]},
- "outbreak_prevention": {"required": False, "type": "str",
- "choices": ["disabled", "files", "full-archive"]}
- }}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py b/lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py
deleted file mode 100644
index ac1e0ffb85e..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py
+++ /dev/null
@@ -1,505 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_antivirus_quarantine
-short_description: Configure quarantine options in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify antivirus feature and quarantine category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- antivirus_quarantine:
- description:
- - Configure quarantine options.
- default: null
- type: dict
- suboptions:
- agelimit:
- description:
- - Age limit for quarantined files (0 - 479 hours, 0 means forever).
- type: int
- destination:
- description:
- - Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them.
- type: str
- choices:
- - NULL
- - disk
- - FortiAnalyzer
- drop_blocked:
- description:
- - Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
- type: str
- choices:
- - imap
- - smtp
- - pop3
- - http
- - ftp
- - nntp
- - imaps
- - smtps
- - pop3s
- - ftps
- - mapi
- - cifs
- - mm1
- - mm3
- - mm4
- - mm7
- drop_heuristic:
- description:
- - Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of
- being quarantined.
- type: str
- choices:
- - imap
- - smtp
- - pop3
- - http
- - ftp
- - nntp
- - imaps
- - smtps
- - pop3s
- - https
- - ftps
- - mapi
- - cifs
- - mm1
- - mm3
- - mm4
- - mm7
- drop_infected:
- description:
- - Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
- type: str
- choices:
- - imap
- - smtp
- - pop3
- - http
- - ftp
- - nntp
- - imaps
- - smtps
- - pop3s
- - https
- - ftps
- - mapi
- - cifs
- - mm1
- - mm3
- - mm4
- - mm7
- lowspace:
- description:
- - Select the method for handling additional files when running low on disk space.
- type: str
- choices:
- - drop-new
- - ovrw-old
- maxfilesize:
- description:
- - Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited).
- type: int
- quarantine_quota:
- description:
- - The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space).
- type: int
- store_blocked:
- description:
- - Quarantine blocked files found in sessions using the selected protocols.
- type: str
- choices:
- - imap
- - smtp
- - pop3
- - http
- - ftp
- - nntp
- - imaps
- - smtps
- - pop3s
- - ftps
- - mapi
- - cifs
- - mm1
- - mm3
- - mm4
- - mm7
- store_heuristic:
- description:
- - Quarantine files detected by heuristics found in sessions using the selected protocols.
- type: str
- choices:
- - imap
- - smtp
- - pop3
- - http
- - ftp
- - nntp
- - imaps
- - smtps
- - pop3s
- - https
- - ftps
- - mapi
- - cifs
- - mm1
- - mm3
- - mm4
- - mm7
- store_infected:
- description:
- - Quarantine infected files found in sessions using the selected protocols.
- type: str
- choices:
- - imap
- - smtp
- - pop3
- - http
- - ftp
- - nntp
- - imaps
- - smtps
- - pop3s
- - https
- - ftps
- - mapi
- - cifs
- - mm1
- - mm3
- - mm4
- - mm7
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure quarantine options.
- fortios_antivirus_quarantine:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- antivirus_quarantine:
- agelimit: "3"
- destination: "NULL"
- drop_blocked: "imap"
- drop_heuristic: "imap"
- drop_infected: "imap"
- lowspace: "drop-new"
- maxfilesize: "9"
- quarantine_quota: "10"
- store_blocked: "imap"
- store_heuristic: "imap"
- store_infected: "imap"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_antivirus_quarantine_data(json):
- option_list = ['agelimit', 'destination', 'drop_blocked',
- 'drop_heuristic', 'drop_infected', 'lowspace',
- 'maxfilesize', 'quarantine_quota', 'store_blocked',
- 'store_heuristic', 'store_infected']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def antivirus_quarantine(data, fos):
- vdom = data['vdom']
- antivirus_quarantine_data = data['antivirus_quarantine']
- filtered_data = underscore_to_hyphen(filter_antivirus_quarantine_data(antivirus_quarantine_data))
-
- return fos.set('antivirus',
- 'quarantine',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_antivirus(data, fos):
-
- if data['antivirus_quarantine']:
- resp = antivirus_quarantine(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "antivirus_quarantine": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "agelimit": {"required": False, "type": "int"},
- "destination": {"required": False, "type": "str",
- "choices": ["NULL", "disk", "FortiAnalyzer"]},
- "drop_blocked": {"required": False, "type": "str",
- "choices": ["imap", "smtp", "pop3",
- "http", "ftp", "nntp",
- "imaps", "smtps", "pop3s",
- "ftps", "mapi", "cifs",
- "mm1", "mm3", "mm4",
- "mm7"]},
- "drop_heuristic": {"required": False, "type": "str",
- "choices": ["imap", "smtp", "pop3",
- "http", "ftp", "nntp",
- "imaps", "smtps", "pop3s",
- "https", "ftps", "mapi",
- "cifs", "mm1", "mm3",
- "mm4", "mm7"]},
- "drop_infected": {"required": False, "type": "str",
- "choices": ["imap", "smtp", "pop3",
- "http", "ftp", "nntp",
- "imaps", "smtps", "pop3s",
- "https", "ftps", "mapi",
- "cifs", "mm1", "mm3",
- "mm4", "mm7"]},
- "lowspace": {"required": False, "type": "str",
- "choices": ["drop-new", "ovrw-old"]},
- "maxfilesize": {"required": False, "type": "int"},
- "quarantine_quota": {"required": False, "type": "int"},
- "store_blocked": {"required": False, "type": "str",
- "choices": ["imap", "smtp", "pop3",
- "http", "ftp", "nntp",
- "imaps", "smtps", "pop3s",
- "ftps", "mapi", "cifs",
- "mm1", "mm3", "mm4",
- "mm7"]},
- "store_heuristic": {"required": False, "type": "str",
- "choices": ["imap", "smtp", "pop3",
- "http", "ftp", "nntp",
- "imaps", "smtps", "pop3s",
- "https", "ftps", "mapi",
- "cifs", "mm1", "mm3",
- "mm4", "mm7"]},
- "store_infected": {"required": False, "type": "str",
- "choices": ["imap", "smtp", "pop3",
- "http", "ftp", "nntp",
- "imaps", "smtps", "pop3s",
- "https", "ftps", "mapi",
- "cifs", "mm1", "mm3",
- "mm4", "mm7"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_settings.py b/lib/ansible/modules/network/fortios/fortios_antivirus_settings.py
deleted file mode 100644
index f895ab23ed7..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_antivirus_settings.py
+++ /dev/null
@@ -1,312 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_antivirus_settings
-short_description: Configure AntiVirus settings in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify antivirus feature and settings category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- antivirus_settings:
- description:
- - Configure AntiVirus settings.
- default: null
- type: dict
- suboptions:
- default_db:
- description:
- - Select the AV database to be used for AV scanning.
- type: str
- choices:
- - normal
- - extended
- - extreme
- grayware:
- description:
- - Enable/disable grayware detection when an AntiVirus profile is applied to traffic.
- type: str
- choices:
- - enable
- - disable
- override_timeout:
- description:
- - Override the large file scan timeout value in seconds (30 - 3600). Zero is the default value and is used to disable this command. When
- disabled, the daemon adjusts the large file scan timeout based on the file size.
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure AntiVirus settings.
- fortios_antivirus_settings:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- antivirus_settings:
- default_db: "normal"
- grayware: "enable"
- override_timeout: "5"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_antivirus_settings_data(json):
- option_list = ['default_db', 'grayware', 'override_timeout']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def antivirus_settings(data, fos):
- vdom = data['vdom']
- antivirus_settings_data = data['antivirus_settings']
- filtered_data = underscore_to_hyphen(filter_antivirus_settings_data(antivirus_settings_data))
-
- return fos.set('antivirus',
- 'settings',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_antivirus(data, fos):
-
- if data['antivirus_settings']:
- resp = antivirus_settings(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "antivirus_settings": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "default_db": {"required": False, "type": "str",
- "choices": ["normal", "extended", "extreme"]},
- "grayware": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "override_timeout": {"required": False, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_antivirus(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_application_custom.py b/lib/ansible/modules/network/fortios/fortios_application_custom.py
deleted file mode 100644
index 116b1f9d3d9..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_application_custom.py
+++ /dev/null
@@ -1,388 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_application_custom
-short_description: Configure custom application signatures in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify application feature and custom category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- application_custom:
- description:
- - Configure custom application signatures.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- behavior:
- description:
- - Custom application signature behavior.
- type: str
- category:
- description:
- - Custom application category ID (use ? to view available options).
- type: int
- comment:
- description:
- - Comment.
- type: str
- id:
- description:
- - Custom application category ID (use ? to view available options).
- type: int
- name:
- description:
- - Name of this custom application signature.
- type: str
- protocol:
- description:
- - Custom application signature protocol.
- type: str
- signature:
- description:
- - The text that makes up the actual custom application signature.
- type: str
- tag:
- description:
- - Signature tag.
- required: true
- type: str
- technology:
- description:
- - Custom application signature technology.
- type: str
- vendor:
- description:
- - Custom application signature vendor.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure custom application signatures.
- fortios_application_custom:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- application_custom:
- behavior: ""
- category: "4"
- comment: "Comment."
- id: "6"
- name: "default_name_7"
- protocol: ""
- signature: ""
- tag: ""
- technology: ""
- vendor: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_application_custom_data(json):
- option_list = ['behavior', 'category', 'comment',
- 'id', 'name', 'protocol',
- 'signature', 'tag', 'technology',
- 'vendor']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def application_custom(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['application_custom'] and data['application_custom']:
- state = data['application_custom']['state']
- else:
- state = True
- application_custom_data = data['application_custom']
- filtered_data = underscore_to_hyphen(filter_application_custom_data(application_custom_data))
-
- if state == "present":
- return fos.set('application',
- 'custom',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('application',
- 'custom',
- mkey=filtered_data['tag'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_application(data, fos):
-
- if data['application_custom']:
- resp = application_custom(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "application_custom": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "behavior": {"required": False, "type": "str"},
- "category": {"required": False, "type": "int"},
- "comment": {"required": False, "type": "str"},
- "id": {"required": False, "type": "int"},
- "name": {"required": False, "type": "str"},
- "protocol": {"required": False, "type": "str"},
- "signature": {"required": False, "type": "str"},
- "tag": {"required": True, "type": "str"},
- "technology": {"required": False, "type": "str"},
- "vendor": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_application(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_application(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_application_group.py b/lib/ansible/modules/network/fortios/fortios_application_group.py
deleted file mode 100644
index 1cbf4ec350e..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_application_group.py
+++ /dev/null
@@ -1,382 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_application_group
-short_description: Configure firewall application groups in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify application feature and group category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- application_group:
- description:
- - Configure firewall application groups.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- application:
- description:
- - Application ID list.
- type: list
- suboptions:
- id:
- description:
- - Application IDs.
- required: true
- type: int
- category:
- description:
- - Application category ID list.
- type: list
- suboptions:
- id:
- description:
- - Category IDs.
- required: true
- type: int
- comment:
- description:
- - Comment
- type: str
- name:
- description:
- - Application group name.
- required: true
- type: str
- type:
- description:
- - Application group type.
- type: str
- choices:
- - application
- - category
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure firewall application groups.
- fortios_application_group:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- application_group:
- application:
- -
- id: "4"
- category:
- -
- id: "6"
- comment: "Comment"
- name: "default_name_8"
- type: "application"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_application_group_data(json):
- option_list = ['application', 'category', 'comment',
- 'name', 'type']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def application_group(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['application_group'] and data['application_group']:
- state = data['application_group']['state']
- else:
- state = True
- application_group_data = data['application_group']
- filtered_data = underscore_to_hyphen(filter_application_group_data(application_group_data))
-
- if state == "present":
- return fos.set('application',
- 'group',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('application',
- 'group',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_application(data, fos):
-
- if data['application_group']:
- resp = application_group(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "application_group": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "application": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"}
- }},
- "category": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"}
- }},
- "comment": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "type": {"required": False, "type": "str",
- "choices": ["application", "category"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_application(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_application(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_application_list.py b/lib/ansible/modules/network/fortios/fortios_application_list.py
deleted file mode 100644
index ce2dd10619b..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_application_list.py
+++ /dev/null
@@ -1,705 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_application_list
-short_description: Configure application control lists in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify application feature and list category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- application_list:
- description:
- - Configure application control lists.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- app_replacemsg:
- description:
- - Enable/disable replacement messages for blocked applications.
- type: str
- choices:
- - disable
- - enable
- comment:
- description:
- - comments
- type: str
- deep_app_inspection:
- description:
- - Enable/disable deep application inspection.
- type: str
- choices:
- - disable
- - enable
- entries:
- description:
- - Application list entries.
- type: list
- suboptions:
- action:
- description:
- - Pass or block traffic, or reset connection for traffic from this application.
- type: str
- choices:
- - pass
- - block
- - reset
- application:
- description:
- - ID of allowed applications.
- type: list
- suboptions:
- id:
- description:
- - Application IDs.
- required: true
- type: int
- behavior:
- description:
- - Application behavior filter.
- type: str
- category:
- description:
- - Category ID list.
- type: list
- suboptions:
- id:
- description:
- - Application category ID.
- required: true
- type: int
- id:
- description:
- - Entry ID.
- required: true
- type: int
- log:
- description:
- - Enable/disable logging for this application list.
- type: str
- choices:
- - disable
- - enable
- log_packet:
- description:
- - Enable/disable packet logging.
- type: str
- choices:
- - disable
- - enable
- parameters:
- description:
- - Application parameters.
- type: list
- suboptions:
- id:
- description:
- - Parameter ID.
- required: true
- type: int
- value:
- description:
- - Parameter value.
- type: str
- per_ip_shaper:
- description:
- - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name.
- type: str
- popularity:
- description:
- - Application popularity filter (1 - 5, from least to most popular).
- type: str
- choices:
- - 1
- - 2
- - 3
- - 4
- - 5
- protocols:
- description:
- - Application protocol filter.
- type: str
- quarantine:
- description:
- - Quarantine method.
- type: str
- choices:
- - none
- - attacker
- quarantine_expiry:
- description:
- - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker.
- type: str
- quarantine_log:
- description:
- - Enable/disable quarantine logging.
- type: str
- choices:
- - disable
- - enable
- rate_count:
- description:
- - Count of the rate.
- type: int
- rate_duration:
- description:
- - Duration (sec) of the rate.
- type: int
- rate_mode:
- description:
- - Rate limit mode.
- type: str
- choices:
- - periodical
- - continuous
- rate_track:
- description:
- - Track the packet protocol field.
- type: str
- choices:
- - none
- - src-ip
- - dest-ip
- - dhcp-client-mac
- - dns-domain
- risk:
- description:
- - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical).
- type: list
- suboptions:
- level:
- description:
- - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical).
- required: true
- type: int
- session_ttl:
- description:
- - Session TTL (0 = default).
- type: int
- shaper:
- description:
- - Traffic shaper. Source firewall.shaper.traffic-shaper.name.
- type: str
- shaper_reverse:
- description:
- - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name.
- type: str
- sub_category:
- description:
- - Application Sub-category ID list.
- type: list
- suboptions:
- id:
- description:
- - Application sub-category ID.
- required: true
- type: int
- technology:
- description:
- - Application technology filter.
- type: str
- vendor:
- description:
- - Application vendor filter.
- type: str
- extended_log:
- description:
- - Enable/disable extended logging.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - List name.
- required: true
- type: str
- options:
- description:
- - Basic application protocol signatures allowed by default.
- type: str
- choices:
- - allow-dns
- - allow-icmp
- - allow-http
- - allow-ssl
- - allow-quic
- other_application_action:
- description:
- - Action for other applications.
- type: str
- choices:
- - pass
- - block
- other_application_log:
- description:
- - Enable/disable logging for other applications.
- type: str
- choices:
- - disable
- - enable
- p2p_black_list:
- description:
- - P2P applications to be black listed.
- type: str
- choices:
- - skype
- - edonkey
- - bittorrent
- replacemsg_group:
- description:
- - Replacement message group. Source system.replacemsg-group.name.
- type: str
- unknown_application_action:
- description:
- - Pass or block traffic from unknown applications.
- type: str
- choices:
- - pass
- - block
- unknown_application_log:
- description:
- - Enable/disable logging for unknown applications.
- type: str
- choices:
- - disable
- - enable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure application control lists.
- fortios_application_list:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- application_list:
- app_replacemsg: "disable"
- comment: "comments"
- deep_app_inspection: "disable"
- entries:
- -
- action: "pass"
- application:
- -
- id: "9"
- behavior: ""
- category:
- -
- id: "12"
- id: "13"
- log: "disable"
- log_packet: "disable"
- parameters:
- -
- id: "17"
- value: ""
- per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)"
- popularity: "1"
- protocols: ""
- quarantine: "none"
- quarantine_expiry: ""
- quarantine_log: "disable"
- rate_count: "25"
- rate_duration: "26"
- rate_mode: "periodical"
- rate_track: "none"
- risk:
- -
- level: "30"
- session_ttl: "31"
- shaper: " (source firewall.shaper.traffic-shaper.name)"
- shaper_reverse: " (source firewall.shaper.traffic-shaper.name)"
- sub_category:
- -
- id: "35"
- technology: ""
- vendor: ""
- extended_log: "enable"
- name: "default_name_39"
- options: "allow-dns"
- other_application_action: "pass"
- other_application_log: "disable"
- p2p_black_list: "skype"
- replacemsg_group: " (source system.replacemsg-group.name)"
- unknown_application_action: "pass"
- unknown_application_log: "disable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_application_list_data(json):
- option_list = ['app_replacemsg', 'comment', 'deep_app_inspection',
- 'entries', 'extended_log', 'name',
- 'options', 'other_application_action', 'other_application_log',
- 'p2p_black_list', 'replacemsg_group', 'unknown_application_action',
- 'unknown_application_log']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def application_list(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['application_list'] and data['application_list']:
- state = data['application_list']['state']
- else:
- state = True
- application_list_data = data['application_list']
- filtered_data = underscore_to_hyphen(filter_application_list_data(application_list_data))
-
- if state == "present":
- return fos.set('application',
- 'list',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('application',
- 'list',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_application(data, fos):
-
- if data['application_list']:
- resp = application_list(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "application_list": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "app_replacemsg": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "comment": {"required": False, "type": "str"},
- "deep_app_inspection": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "entries": {"required": False, "type": "list",
- "options": {
- "action": {"required": False, "type": "str",
- "choices": ["pass", "block", "reset"]},
- "application": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"}
- }},
- "behavior": {"required": False, "type": "str"},
- "category": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"}
- }},
- "id": {"required": True, "type": "int"},
- "log": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "log_packet": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "parameters": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"},
- "value": {"required": False, "type": "str"}
- }},
- "per_ip_shaper": {"required": False, "type": "str"},
- "popularity": {"required": False, "type": "str",
- "choices": ["1", "2", "3",
- "4", "5"]},
- "protocols": {"required": False, "type": "str"},
- "quarantine": {"required": False, "type": "str",
- "choices": ["none", "attacker"]},
- "quarantine_expiry": {"required": False, "type": "str"},
- "quarantine_log": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "rate_count": {"required": False, "type": "int"},
- "rate_duration": {"required": False, "type": "int"},
- "rate_mode": {"required": False, "type": "str",
- "choices": ["periodical", "continuous"]},
- "rate_track": {"required": False, "type": "str",
- "choices": ["none", "src-ip", "dest-ip",
- "dhcp-client-mac", "dns-domain"]},
- "risk": {"required": False, "type": "list",
- "options": {
- "level": {"required": True, "type": "int"}
- }},
- "session_ttl": {"required": False, "type": "int"},
- "shaper": {"required": False, "type": "str"},
- "shaper_reverse": {"required": False, "type": "str"},
- "sub_category": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"}
- }},
- "technology": {"required": False, "type": "str"},
- "vendor": {"required": False, "type": "str"}
- }},
- "extended_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "name": {"required": True, "type": "str"},
- "options": {"required": False, "type": "str",
- "choices": ["allow-dns", "allow-icmp", "allow-http",
- "allow-ssl", "allow-quic"]},
- "other_application_action": {"required": False, "type": "str",
- "choices": ["pass", "block"]},
- "other_application_log": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "p2p_black_list": {"required": False, "type": "str",
- "choices": ["skype", "edonkey", "bittorrent"]},
- "replacemsg_group": {"required": False, "type": "str"},
- "unknown_application_action": {"required": False, "type": "str",
- "choices": ["pass", "block"]},
- "unknown_application_log": {"required": False, "type": "str",
- "choices": ["disable", "enable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_application(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_application(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_application_name.py b/lib/ansible/modules/network/fortios/fortios_application_name.py
deleted file mode 100644
index ed872e98fd3..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_application_name.py
+++ /dev/null
@@ -1,430 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_application_name
-short_description: Configure application signatures in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify application feature and name category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- application_name:
- description:
- - Configure application signatures.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- behavior:
- description:
- - Application behavior.
- type: str
- category:
- description:
- - Application category ID.
- type: int
- id:
- description:
- - Application ID.
- type: int
- metadata:
- description:
- - Meta data.
- type: list
- suboptions:
- id:
- description:
- - ID.
- required: true
- type: int
- metaid:
- description:
- - Meta ID.
- type: int
- valueid:
- description:
- - Value ID.
- type: int
- name:
- description:
- - Application name.
- required: true
- type: str
- parameter:
- description:
- - Application parameter name.
- type: str
- popularity:
- description:
- - Application popularity.
- type: int
- protocol:
- description:
- - Application protocol.
- type: str
- risk:
- description:
- - Application risk.
- type: int
- sub_category:
- description:
- - Application sub-category ID.
- type: int
- technology:
- description:
- - Application technology.
- type: str
- vendor:
- description:
- - Application vendor.
- type: str
- weight:
- description:
- - Application weight.
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure application signatures.
- fortios_application_name:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- application_name:
- behavior: ""
- category: "4"
- id: "5"
- metadata:
- -
- id: "7"
- metaid: "8"
- valueid: "9"
- name: "default_name_10"
- parameter: ""
- popularity: "12"
- protocol: ""
- risk: "14"
- sub_category: "15"
- technology: ""
- vendor: ""
- weight: "18"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_application_name_data(json):
- option_list = ['behavior', 'category', 'id',
- 'metadata', 'name', 'parameter',
- 'popularity', 'protocol', 'risk',
- 'sub_category', 'technology', 'vendor',
- 'weight']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def application_name(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['application_name'] and data['application_name']:
- state = data['application_name']['state']
- else:
- state = True
- application_name_data = data['application_name']
- filtered_data = underscore_to_hyphen(filter_application_name_data(application_name_data))
-
- if state == "present":
- return fos.set('application',
- 'name',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('application',
- 'name',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_application(data, fos):
-
- if data['application_name']:
- resp = application_name(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "application_name": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "behavior": {"required": False, "type": "str"},
- "category": {"required": False, "type": "int"},
- "id": {"required": False, "type": "int"},
- "metadata": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"},
- "metaid": {"required": False, "type": "int"},
- "valueid": {"required": False, "type": "int"}
- }},
- "name": {"required": True, "type": "str"},
- "parameter": {"required": False, "type": "str"},
- "popularity": {"required": False, "type": "int"},
- "protocol": {"required": False, "type": "str"},
- "risk": {"required": False, "type": "int"},
- "sub_category": {"required": False, "type": "int"},
- "technology": {"required": False, "type": "str"},
- "vendor": {"required": False, "type": "str"},
- "weight": {"required": False, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_application(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_application(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_application_rule_settings.py b/lib/ansible/modules/network/fortios/fortios_application_rule_settings.py
deleted file mode 100644
index f81fc044dea..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_application_rule_settings.py
+++ /dev/null
@@ -1,331 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_application_rule_settings
-short_description: Configure application rule settings in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify application feature and rule_settings category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- application_rule_settings:
- description:
- - Configure application rule settings.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- id:
- description:
- - Rule ID.
- required: true
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure application rule settings.
- fortios_application_rule_settings:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- application_rule_settings:
- id: "3"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_application_rule_settings_data(json):
- option_list = ['id']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def application_rule_settings(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['application_rule_settings'] and data['application_rule_settings']:
- state = data['application_rule_settings']['state']
- else:
- state = True
- application_rule_settings_data = data['application_rule_settings']
- filtered_data = underscore_to_hyphen(filter_application_rule_settings_data(application_rule_settings_data))
-
- if state == "present":
- return fos.set('application',
- 'rule-settings',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('application',
- 'rule-settings',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_application(data, fos):
-
- if data['application_rule_settings']:
- resp = application_rule_settings(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "application_rule_settings": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "id": {"required": True, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_application(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_application(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_authentication_rule.py b/lib/ansible/modules/network/fortios/fortios_authentication_rule.py
deleted file mode 100644
index bb0937ecd74..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_authentication_rule.py
+++ /dev/null
@@ -1,439 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_authentication_rule
-short_description: Configure Authentication Rules in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify authentication feature and rule category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- authentication_rule:
- description:
- - Configure Authentication Rules.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- active_auth_method:
- description:
- - Select an active authentication method. Source authentication.scheme.name.
- type: str
- comments:
- description:
- - Comment.
- type: str
- ip_based:
- description:
- - Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Authentication rule name.
- required: true
- type: str
- protocol:
- description:
- - Select the protocol to use for authentication . Users connect to the FortiGate using this protocol and are asked to authenticate.
- type: str
- choices:
- - http
- - ftp
- - socks
- - ssh
- srcaddr:
- description:
- - Select an IPv4 source address from available options. Required for web proxy authentication.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name.
- required: true
- type: str
- srcaddr6:
- description:
- - Select an IPv6 source address. Required for web proxy authentication.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- sso_auth_method:
- description:
- - Select a single-sign on (SSO) authentication method. Source authentication.scheme.name.
- type: str
- status:
- description:
- - Enable/disable this authentication rule.
- type: str
- choices:
- - enable
- - disable
- transaction_based:
- description:
- - Enable/disable transaction based authentication .
- type: str
- choices:
- - enable
- - disable
- web_auth_cookie:
- description:
- - Enable/disable Web authentication cookies .
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure Authentication Rules.
- fortios_authentication_rule:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- authentication_rule:
- active_auth_method: " (source authentication.scheme.name)"
- comments: ""
- ip_based: "enable"
- name: "default_name_6"
- protocol: "http"
- srcaddr:
- -
- name: "default_name_9 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)"
- srcaddr6:
- -
- name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)"
- sso_auth_method: " (source authentication.scheme.name)"
- status: "enable"
- transaction_based: "enable"
- web_auth_cookie: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_authentication_rule_data(json):
- option_list = ['active_auth_method', 'comments', 'ip_based',
- 'name', 'protocol', 'srcaddr',
- 'srcaddr6', 'sso_auth_method', 'status',
- 'transaction_based', 'web_auth_cookie']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def authentication_rule(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['authentication_rule'] and data['authentication_rule']:
- state = data['authentication_rule']['state']
- else:
- state = True
- authentication_rule_data = data['authentication_rule']
- filtered_data = underscore_to_hyphen(filter_authentication_rule_data(authentication_rule_data))
-
- if state == "present":
- return fos.set('authentication',
- 'rule',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('authentication',
- 'rule',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_authentication(data, fos):
-
- if data['authentication_rule']:
- resp = authentication_rule(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "authentication_rule": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "active_auth_method": {"required": False, "type": "str"},
- "comments": {"required": False, "type": "str"},
- "ip_based": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "name": {"required": True, "type": "str"},
- "protocol": {"required": False, "type": "str",
- "choices": ["http", "ftp", "socks",
- "ssh"]},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "srcaddr6": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "sso_auth_method": {"required": False, "type": "str"},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "transaction_based": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "web_auth_cookie": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_authentication(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_authentication(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_authentication_scheme.py b/lib/ansible/modules/network/fortios/fortios_authentication_scheme.py
deleted file mode 100644
index b283a6ab16c..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_authentication_scheme.py
+++ /dev/null
@@ -1,423 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_authentication_scheme
-short_description: Configure Authentication Schemes in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify authentication feature and scheme category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- authentication_scheme:
- description:
- - Configure Authentication Schemes.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- domain_controller:
- description:
- - Domain controller setting. Source user.domain-controller.name.
- type: str
- fsso_agent_for_ntlm:
- description:
- - FSSO agent to use for NTLM authentication. Source user.fsso.name.
- type: str
- fsso_guest:
- description:
- - Enable/disable user fsso-guest authentication .
- type: str
- choices:
- - enable
- - disable
- kerberos_keytab:
- description:
- - Kerberos keytab setting. Source user.krb-keytab.name.
- type: str
- method:
- description:
- - Authentication methods .
- type: str
- choices:
- - ntlm
- - basic
- - digest
- - form
- - negotiate
- - fsso
- - rsso
- - ssh-publickey
- name:
- description:
- - Authentication scheme name.
- required: true
- type: str
- negotiate_ntlm:
- description:
- - Enable/disable negotiate authentication for NTLM .
- type: str
- choices:
- - enable
- - disable
- require_tfa:
- description:
- - Enable/disable two-factor authentication .
- type: str
- choices:
- - enable
- - disable
- ssh_ca:
- description:
- - SSH CA name. Source firewall.ssh.local-ca.name.
- type: str
- user_database:
- description:
- - Authentication server to contain user information; "local" (default) or "123" (for LDAP).
- type: list
- suboptions:
- name:
- description:
- - Authentication server name. Source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name.
- required: true
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure Authentication Schemes.
- fortios_authentication_scheme:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- authentication_scheme:
- domain_controller: " (source user.domain-controller.name)"
- fsso_agent_for_ntlm: " (source user.fsso.name)"
- fsso_guest: "enable"
- kerberos_keytab: " (source user.krb-keytab.name)"
- method: "ntlm"
- name: "default_name_8"
- negotiate_ntlm: "enable"
- require_tfa: "enable"
- ssh_ca: " (source firewall.ssh.local-ca.name)"
- user_database:
- -
- name: "default_name_13 (source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name)"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_authentication_scheme_data(json):
- option_list = ['domain_controller', 'fsso_agent_for_ntlm', 'fsso_guest',
- 'kerberos_keytab', 'method', 'name',
- 'negotiate_ntlm', 'require_tfa', 'ssh_ca',
- 'user_database']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def authentication_scheme(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['authentication_scheme'] and data['authentication_scheme']:
- state = data['authentication_scheme']['state']
- else:
- state = True
- authentication_scheme_data = data['authentication_scheme']
- filtered_data = underscore_to_hyphen(filter_authentication_scheme_data(authentication_scheme_data))
-
- if state == "present":
- return fos.set('authentication',
- 'scheme',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('authentication',
- 'scheme',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_authentication(data, fos):
-
- if data['authentication_scheme']:
- resp = authentication_scheme(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "authentication_scheme": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "domain_controller": {"required": False, "type": "str"},
- "fsso_agent_for_ntlm": {"required": False, "type": "str"},
- "fsso_guest": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "kerberos_keytab": {"required": False, "type": "str"},
- "method": {"required": False, "type": "str",
- "choices": ["ntlm", "basic", "digest",
- "form", "negotiate", "fsso",
- "rsso", "ssh-publickey"]},
- "name": {"required": True, "type": "str"},
- "negotiate_ntlm": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "require_tfa": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "ssh_ca": {"required": False, "type": "str"},
- "user_database": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_authentication(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_authentication(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_authentication_setting.py b/lib/ansible/modules/network/fortios/fortios_authentication_setting.py
deleted file mode 100644
index 5e91f9e3ed7..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_authentication_setting.py
+++ /dev/null
@@ -1,338 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_authentication_setting
-short_description: Configure authentication setting in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify authentication feature and setting category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- authentication_setting:
- description:
- - Configure authentication setting.
- default: null
- type: dict
- suboptions:
- active_auth_scheme:
- description:
- - Active authentication method (scheme name). Source authentication.scheme.name.
- type: str
- captive_portal:
- description:
- - Captive portal host name. Source firewall.address.name.
- type: str
- captive_portal_ip:
- description:
- - Captive portal IP address.
- type: str
- captive_portal_ip6:
- description:
- - Captive portal IPv6 address.
- type: str
- captive_portal_port:
- description:
- - Captive portal port number (1 - 65535).
- type: int
- captive_portal_type:
- description:
- - Captive portal type.
- type: str
- choices:
- - fqdn
- - ip
- captive_portal6:
- description:
- - IPv6 captive portal host name. Source firewall.address6.name.
- type: str
- sso_auth_scheme:
- description:
- - Single-Sign-On authentication method (scheme name). Source authentication.scheme.name.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure authentication setting.
- fortios_authentication_setting:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- authentication_setting:
- active_auth_scheme: " (source authentication.scheme.name)"
- captive_portal: " (source firewall.address.name)"
- captive_portal_ip: ""
- captive_portal_ip6: ""
- captive_portal_port: "7"
- captive_portal_type: "fqdn"
- captive_portal6: " (source firewall.address6.name)"
- sso_auth_scheme: " (source authentication.scheme.name)"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_authentication_setting_data(json):
- option_list = ['active_auth_scheme', 'captive_portal', 'captive_portal_ip',
- 'captive_portal_ip6', 'captive_portal_port', 'captive_portal_type',
- 'captive_portal6', 'sso_auth_scheme']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def authentication_setting(data, fos):
- vdom = data['vdom']
- authentication_setting_data = data['authentication_setting']
- filtered_data = underscore_to_hyphen(filter_authentication_setting_data(authentication_setting_data))
-
- return fos.set('authentication',
- 'setting',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_authentication(data, fos):
-
- if data['authentication_setting']:
- resp = authentication_setting(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "authentication_setting": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "active_auth_scheme": {"required": False, "type": "str"},
- "captive_portal": {"required": False, "type": "str"},
- "captive_portal_ip": {"required": False, "type": "str"},
- "captive_portal_ip6": {"required": False, "type": "str"},
- "captive_portal_port": {"required": False, "type": "int"},
- "captive_portal_type": {"required": False, "type": "str",
- "choices": ["fqdn", "ip"]},
- "captive_portal6": {"required": False, "type": "str"},
- "sso_auth_scheme": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_authentication(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_authentication(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_config.py b/lib/ansible/modules/network/fortios/fortios_config.py
deleted file mode 100644
index 97c013235a6..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_config.py
+++ /dev/null
@@ -1,182 +0,0 @@
-#!/usr/bin/python
-#
-# Ansible module to manage configuration on fortios devices
-# (c) 2016, Benjamin Jolivot
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-
-ANSIBLE_METADATA = {'metadata_version': '1.1',
- 'status': ['preview'],
- 'supported_by': 'community'}
-
-
-DOCUMENTATION = """
----
-module: fortios_config
-version_added: "2.3"
-author: "Benjamin Jolivot (@bjolivot)"
-short_description: Manage config on Fortinet FortiOS firewall devices
-description:
- - This module provides management of FortiOS Devices configuration.
-extends_documentation_fragment: fortios
-options:
- src:
- description:
- - The I(src) argument provides a path to the configuration template
- to load into the remote device.
- filter:
- description:
- - Only for partial backup, you can restrict by giving expected configuration path (ex. firewall address).
- default: ""
-requirements:
- - pyFG
-"""
-
-EXAMPLES = """
-- name: Backup current config
- fortios_config:
- host: 192.168.0.254
- username: admin
- password: password
- backup: yes
-
-- name: Backup only address objects
- fortios_config:
- host: 192.168.0.254
- username: admin
- password: password
- backup: yes
- backup_path: /tmp/forti_backup/
- filter: "firewall address"
-
-- name: Update configuration from file
- fortios_config:
- host: 192.168.0.254
- username: admin
- password: password
- src: new_configuration.conf.j2
-
-"""
-
-RETURN = """
-running_config:
- description: full config string
- returned: always
- type: str
-change_string:
- description: The commands really executed by the module
- returned: only if config changed
- type: str
-"""
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.network.fortios.fortios import fortios_argument_spec, fortios_required_if
-from ansible.module_utils.network.fortios.fortios import backup
-
-# check for pyFG lib
-try:
- from pyFG import FortiOS, FortiConfig
- from pyFG.fortios import logger
- from pyFG.exceptions import CommandExecutionException, FailedCommit, ForcedCommit
- HAS_PYFG = True
-except Exception:
- HAS_PYFG = False
-
-
-# some blocks don't support update, so remove them
-NOT_UPDATABLE_CONFIG_OBJECTS = [
- "vpn certificate local",
-]
-
-
-def main():
- argument_spec = dict(
- src=dict(type='str', default=None),
- filter=dict(type='str', default=""),
- )
-
- argument_spec.update(fortios_argument_spec)
-
- required_if = fortios_required_if
-
- module = AnsibleModule(
- argument_spec=argument_spec,
- supports_check_mode=True,
- required_if=required_if,
- )
-
- result = dict(changed=False)
-
- # fail if pyFG not present
- if not HAS_PYFG:
- module.fail_json(msg='Could not import the python library pyFG required by this module')
-
- # define device
- f = FortiOS(module.params['host'],
- username=module.params['username'],
- password=module.params['password'],
- timeout=module.params['timeout'],
- vdom=module.params['vdom'])
-
- # connect
- try:
- f.open()
- except Exception:
- module.fail_json(msg='Error connecting device')
-
- # get config
- try:
- f.load_config(path=module.params['filter'])
- result['running_config'] = f.running_config.to_text()
-
- except Exception:
- module.fail_json(msg='Error reading running config')
-
- # backup config
- if module.params['backup']:
- backup(module, f.running_config.to_text())
-
- # update config
- if module.params['src'] is not None:
- # store config in str
- try:
- conf_str = module.params['src']
- f.load_config(in_candidate=True, config_text=conf_str)
- except Exception:
- module.fail_json(msg="Can't open configuration file, or configuration invalid")
-
- # get updates lines
- change_string = f.compare_config()
-
- # remove not updatable parts
- c = FortiConfig()
- c.parse_config_output(change_string)
-
- for o in NOT_UPDATABLE_CONFIG_OBJECTS:
- c.del_block(o)
-
- change_string = c.to_text()
-
- if change_string != "":
- result['change_string'] = change_string
- result['changed'] = True
-
- # Commit if not check mode
- if module.check_mode is False and change_string != "":
- try:
- f.commit(change_string)
- except CommandExecutionException as e:
- module.fail_json(msg="Unable to execute command, check your args, the error was {0}".format(e.message))
- except FailedCommit as e:
- module.fail_json(msg="Unable to commit, check your args, the error was {0}".format(e.message))
- except ForcedCommit as e:
- module.fail_json(msg="Failed to force commit, check your args, the error was {0}".format(e.message))
-
- module.exit_json(**result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py b/lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py
deleted file mode 100644
index 72d2c37a59b..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py
+++ /dev/null
@@ -1,457 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_dlp_filepattern
-short_description: Configure file patterns used by DLP blocking in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify dlp feature and filepattern category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- dlp_filepattern:
- description:
- - Configure file patterns used by DLP blocking.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comment:
- description:
- - Optional comments.
- type: str
- entries:
- description:
- - Configure file patterns used by DLP blocking.
- type: list
- suboptions:
- file_type:
- description:
- - Select a file type.
- type: str
- choices:
- - 7z
- - arj
- - cab
- - lzh
- - rar
- - tar
- - zip
- - bzip
- - gzip
- - bzip2
- - xz
- - bat
- - msc
- - uue
- - mime
- - base64
- - binhex
- - elf
- - exe
- - hta
- - html
- - jad
- - class
- - cod
- - javascript
- - msoffice
- - msofficex
- - fsg
- - upx
- - petite
- - aspack
- - sis
- - hlp
- - activemime
- - jpeg
- - gif
- - tiff
- - png
- - bmp
- - ignored
- - unknown
- - mpeg
- - mov
- - mp3
- - wma
- - wav
- - pdf
- - avi
- - rm
- - torrent
- - hibun
- - msi
- - mach-o
- - dmg
- - .net
- - xar
- - chm
- - iso
- - crx
- filter_type:
- description:
- - Filter by file name pattern or by file type.
- type: str
- choices:
- - pattern
- - type
- pattern:
- description:
- - Add a file name pattern.
- required: true
- type: str
- id:
- description:
- - ID.
- required: true
- type: int
- name:
- description:
- - Name of table containing the file pattern list.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure file patterns used by DLP blocking.
- fortios_dlp_filepattern:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- dlp_filepattern:
- comment: "Optional comments."
- entries:
- -
- file_type: "7z"
- filter_type: "pattern"
- pattern: ""
- id: "8"
- name: "default_name_9"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_dlp_filepattern_data(json):
- option_list = ['comment', 'entries', 'id',
- 'name']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def dlp_filepattern(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['dlp_filepattern'] and data['dlp_filepattern']:
- state = data['dlp_filepattern']['state']
- else:
- state = True
- dlp_filepattern_data = data['dlp_filepattern']
- filtered_data = underscore_to_hyphen(filter_dlp_filepattern_data(dlp_filepattern_data))
-
- if state == "present":
- return fos.set('dlp',
- 'filepattern',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('dlp',
- 'filepattern',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_dlp(data, fos):
-
- if data['dlp_filepattern']:
- resp = dlp_filepattern(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "dlp_filepattern": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comment": {"required": False, "type": "str"},
- "entries": {"required": False, "type": "list",
- "options": {
- "file_type": {"required": False, "type": "str",
- "choices": ["7z", "arj", "cab",
- "lzh", "rar", "tar",
- "zip", "bzip", "gzip",
- "bzip2", "xz", "bat",
- "msc", "uue", "mime",
- "base64", "binhex", "elf",
- "exe", "hta", "html",
- "jad", "class", "cod",
- "javascript", "msoffice", "msofficex",
- "fsg", "upx", "petite",
- "aspack", "sis", "hlp",
- "activemime", "jpeg", "gif",
- "tiff", "png", "bmp",
- "ignored", "unknown", "mpeg",
- "mov", "mp3", "wma",
- "wav", "pdf", "avi",
- "rm", "torrent", "hibun",
- "msi", "mach-o", "dmg",
- ".net", "xar", "chm",
- "iso", "crx"]},
- "filter_type": {"required": False, "type": "str",
- "choices": ["pattern", "type"]},
- "pattern": {"required": True, "type": "str"}
- }},
- "id": {"required": True, "type": "int"},
- "name": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py b/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py
deleted file mode 100644
index 960be872438..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py
+++ /dev/null
@@ -1,481 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_dlp_fp_doc_source
-short_description: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints in
- Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify dlp feature and fp_doc_source category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- dlp_fp_doc_source:
- description:
- - Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- date:
- description:
- - Day of the month on which to scan the server (1 - 31).
- type: int
- file_path:
- description:
- - Path on the server to the fingerprint files (max 119 characters).
- type: str
- file_pattern:
- description:
- - Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards.
- type: str
- keep_modified:
- description:
- - Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Name of the DLP fingerprint database.
- required: true
- type: str
- password:
- description:
- - Password required to log into the file server.
- type: str
- period:
- description:
- - Frequency for which the FortiGate checks the server for new or changed files.
- type: str
- choices:
- - none
- - daily
- - weekly
- - monthly
- remove_deleted:
- description:
- - Enable to keep the fingerprint database up to date when a file is deleted from the server.
- type: str
- choices:
- - enable
- - disable
- scan_on_creation:
- description:
- - Enable to keep the fingerprint database up to date when a file is added or changed on the server.
- type: str
- choices:
- - enable
- - disable
- scan_subdirectories:
- description:
- - Enable/disable scanning subdirectories to find files to create fingerprints from.
- type: str
- choices:
- - enable
- - disable
- sensitivity:
- description:
- - Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using fp-sensitivity. Source dlp
- .fp-sensitivity.name.
- type: str
- server:
- description:
- - IPv4 or IPv6 address of the server.
- type: str
- server_type:
- description:
- - Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported.
- type: str
- choices:
- - samba
- tod_hour:
- description:
- - Hour of the day on which to scan the server (0 - 23).
- type: int
- tod_min:
- description:
- - Minute of the hour on which to scan the server (0 - 59).
- type: int
- username:
- description:
- - User name required to log into the file server.
- type: str
- vdom:
- description:
- - Select the VDOM that can communicate with the file server.
- type: str
- choices:
- - mgmt
- - current
- weekday:
- description:
- - Day of the week on which to scan the server.
- type: str
- choices:
- - sunday
- - monday
- - tuesday
- - wednesday
- - thursday
- - friday
- - saturday
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints.
- fortios_dlp_fp_doc_source:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- dlp_fp_doc_source:
- date: "3"
- file_path: ""
- file_pattern: ""
- keep_modified: "enable"
- name: "default_name_7"
- password: ""
- period: "none"
- remove_deleted: "enable"
- scan_on_creation: "enable"
- scan_subdirectories: "enable"
- sensitivity: " (source dlp.fp-sensitivity.name)"
- server: "192.168.100.40"
- server_type: "samba"
- tod_hour: "16"
- tod_min: "17"
- username: ""
- vdom: "mgmt"
- weekday: "sunday"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_dlp_fp_doc_source_data(json):
- option_list = ['date', 'file_path', 'file_pattern',
- 'keep_modified', 'name', 'password',
- 'period', 'remove_deleted', 'scan_on_creation',
- 'scan_subdirectories', 'sensitivity', 'server',
- 'server_type', 'tod_hour', 'tod_min',
- 'username', 'vdom', 'weekday']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def dlp_fp_doc_source(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['dlp_fp_doc_source'] and data['dlp_fp_doc_source']:
- state = data['dlp_fp_doc_source']['state']
- else:
- state = True
- dlp_fp_doc_source_data = data['dlp_fp_doc_source']
- filtered_data = underscore_to_hyphen(filter_dlp_fp_doc_source_data(dlp_fp_doc_source_data))
-
- if state == "present":
- return fos.set('dlp',
- 'fp-doc-source',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('dlp',
- 'fp-doc-source',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_dlp(data, fos):
-
- if data['dlp_fp_doc_source']:
- resp = dlp_fp_doc_source(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "dlp_fp_doc_source": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "date": {"required": False, "type": "int"},
- "file_path": {"required": False, "type": "str"},
- "file_pattern": {"required": False, "type": "str"},
- "keep_modified": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "name": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str"},
- "period": {"required": False, "type": "str",
- "choices": ["none", "daily", "weekly",
- "monthly"]},
- "remove_deleted": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "scan_on_creation": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "scan_subdirectories": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "sensitivity": {"required": False, "type": "str"},
- "server": {"required": False, "type": "str"},
- "server_type": {"required": False, "type": "str",
- "choices": ["samba"]},
- "tod_hour": {"required": False, "type": "int"},
- "tod_min": {"required": False, "type": "int"},
- "username": {"required": False, "type": "str"},
- "vdom": {"required": False, "type": "str",
- "choices": ["mgmt", "current"]},
- "weekday": {"required": False, "type": "str",
- "choices": ["sunday", "monday", "tuesday",
- "wednesday", "thursday", "friday",
- "saturday"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_fp_sensitivity.py b/lib/ansible/modules/network/fortios/fortios_dlp_fp_sensitivity.py
deleted file mode 100644
index 563b77c7d43..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_dlp_fp_sensitivity.py
+++ /dev/null
@@ -1,332 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_dlp_fp_sensitivity
-short_description: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet's FortiOS and
- FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify dlp feature and fp_sensitivity category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- dlp_fp_sensitivity:
- description:
- - Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- name:
- description:
- - DLP Sensitivity Levels.
- required: true
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source.
- fortios_dlp_fp_sensitivity:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- dlp_fp_sensitivity:
- name: "default_name_3"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_dlp_fp_sensitivity_data(json):
- option_list = ['name']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def dlp_fp_sensitivity(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['dlp_fp_sensitivity'] and data['dlp_fp_sensitivity']:
- state = data['dlp_fp_sensitivity']['state']
- else:
- state = True
- dlp_fp_sensitivity_data = data['dlp_fp_sensitivity']
- filtered_data = underscore_to_hyphen(filter_dlp_fp_sensitivity_data(dlp_fp_sensitivity_data))
-
- if state == "present":
- return fos.set('dlp',
- 'fp-sensitivity',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('dlp',
- 'fp-sensitivity',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_dlp(data, fos):
-
- if data['dlp_fp_sensitivity']:
- resp = dlp_fp_sensitivity(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "dlp_fp_sensitivity": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "name": {"required": True, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_sensor.py b/lib/ansible/modules/network/fortios/fortios_dlp_sensor.py
deleted file mode 100644
index a78f6c30037..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_dlp_sensor.py
+++ /dev/null
@@ -1,602 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_dlp_sensor
-short_description: Configure DLP sensors in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify dlp feature and sensor category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- dlp_sensor:
- description:
- - Configure DLP sensors.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comment:
- description:
- - Comment.
- type: str
- dlp_log:
- description:
- - Enable/disable DLP logging.
- type: str
- choices:
- - enable
- - disable
- extended_log:
- description:
- - Enable/disable extended logging for data leak prevention.
- type: str
- choices:
- - enable
- - disable
- filter:
- description:
- - Set up DLP filters for this sensor.
- type: list
- suboptions:
- action:
- description:
- - Action to take with content that this DLP sensor matches.
- type: str
- choices:
- - allow
- - log-only
- - block
- - quarantine-ip
- archive:
- description:
- - Enable/disable DLP archiving.
- type: str
- choices:
- - disable
- - enable
- company_identifier:
- description:
- - Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched.
- type: str
- expiry:
- description:
- - Quarantine duration in days, hours, minutes format (dddhhmm).
- type: str
- file_size:
- description:
- - Match files this size or larger (0 - 4294967295 kbytes).
- type: int
- file_type:
- description:
- - Select the number of a DLP file pattern table to match. Source dlp.filepattern.id.
- type: int
- filter_by:
- description:
- - Select the type of content to match.
- type: str
- choices:
- - credit-card
- - ssn
- - regexp
- - file-type
- - file-size
- - fingerprint
- - watermark
- - encrypted
- fp_sensitivity:
- description:
- - Select a DLP file pattern sensitivity to match.
- type: list
- suboptions:
- name:
- description:
- - Select a DLP sensitivity. Source dlp.fp-sensitivity.name.
- required: true
- type: str
- id:
- description:
- - ID.
- required: true
- type: int
- match_percentage:
- description:
- - Percentage of fingerprints in the fingerprint databases designated with the selected fp-sensitivity to match.
- type: int
- name:
- description:
- - Filter name.
- type: str
- proto:
- description:
- - Check messages or files over one or more of these protocols.
- type: str
- choices:
- - smtp
- - pop3
- - imap
- - http-get
- - http-post
- - ftp
- - nntp
- - mapi
- - mm1
- - mm3
- - mm4
- - mm7
- regexp:
- description:
- - Enter a regular expression to match (max. 255 characters).
- type: str
- severity:
- description:
- - Select the severity or threat level that matches this filter.
- type: str
- choices:
- - info
- - low
- - medium
- - high
- - critical
- type:
- description:
- - Select whether to check the content of messages (an email message) or files (downloaded files or email attachments).
- type: str
- choices:
- - file
- - message
- flow_based:
- description:
- - Enable/disable flow-based DLP.
- type: str
- choices:
- - enable
- - disable
- full_archive_proto:
- description:
- - Protocols to always content archive.
- type: str
- choices:
- - smtp
- - pop3
- - imap
- - http-get
- - http-post
- - ftp
- - nntp
- - mapi
- - mm1
- - mm3
- - mm4
- - mm7
- nac_quar_log:
- description:
- - Enable/disable NAC quarantine logging.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Name of the DLP sensor.
- required: true
- type: str
- options:
- description:
- - Configure DLP options.
- type: str
- replacemsg_group:
- description:
- - Replacement message group used by this DLP sensor. Source system.replacemsg-group.name.
- type: str
- summary_proto:
- description:
- - Protocols to always log summary.
- type: str
- choices:
- - smtp
- - pop3
- - imap
- - http-get
- - http-post
- - ftp
- - nntp
- - mapi
- - mm1
- - mm3
- - mm4
- - mm7
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure DLP sensors.
- fortios_dlp_sensor:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- dlp_sensor:
- comment: "Comment."
- dlp_log: "enable"
- extended_log: "enable"
- filter:
- -
- action: "allow"
- archive: "disable"
- company_identifier: "myId_9"
- expiry: ""
- file_size: "11"
- file_type: "12 (source dlp.filepattern.id)"
- filter_by: "credit-card"
- fp_sensitivity:
- -
- name: "default_name_15 (source dlp.fp-sensitivity.name)"
- id: "16"
- match_percentage: "17"
- name: "default_name_18"
- proto: "smtp"
- regexp: ""
- severity: "info"
- type: "file"
- flow_based: "enable"
- full_archive_proto: "smtp"
- nac_quar_log: "enable"
- name: "default_name_26"
- options: ""
- replacemsg_group: " (source system.replacemsg-group.name)"
- summary_proto: "smtp"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_dlp_sensor_data(json):
- option_list = ['comment', 'dlp_log', 'extended_log',
- 'filter', 'flow_based', 'full_archive_proto',
- 'nac_quar_log', 'name', 'options',
- 'replacemsg_group', 'summary_proto']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def dlp_sensor(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['dlp_sensor'] and data['dlp_sensor']:
- state = data['dlp_sensor']['state']
- else:
- state = True
- dlp_sensor_data = data['dlp_sensor']
- filtered_data = underscore_to_hyphen(filter_dlp_sensor_data(dlp_sensor_data))
-
- if state == "present":
- return fos.set('dlp',
- 'sensor',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('dlp',
- 'sensor',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_dlp(data, fos):
-
- if data['dlp_sensor']:
- resp = dlp_sensor(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "dlp_sensor": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comment": {"required": False, "type": "str"},
- "dlp_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "extended_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "filter": {"required": False, "type": "list",
- "options": {
- "action": {"required": False, "type": "str",
- "choices": ["allow", "log-only", "block",
- "quarantine-ip"]},
- "archive": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "company_identifier": {"required": False, "type": "str"},
- "expiry": {"required": False, "type": "str"},
- "file_size": {"required": False, "type": "int"},
- "file_type": {"required": False, "type": "int"},
- "filter_by": {"required": False, "type": "str",
- "choices": ["credit-card", "ssn", "regexp",
- "file-type", "file-size", "fingerprint",
- "watermark", "encrypted"]},
- "fp_sensitivity": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "id": {"required": True, "type": "int"},
- "match_percentage": {"required": False, "type": "int"},
- "name": {"required": False, "type": "str"},
- "proto": {"required": False, "type": "str",
- "choices": ["smtp", "pop3", "imap",
- "http-get", "http-post", "ftp",
- "nntp", "mapi", "mm1",
- "mm3", "mm4", "mm7"]},
- "regexp": {"required": False, "type": "str"},
- "severity": {"required": False, "type": "str",
- "choices": ["info", "low", "medium",
- "high", "critical"]},
- "type": {"required": False, "type": "str",
- "choices": ["file", "message"]}
- }},
- "flow_based": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "full_archive_proto": {"required": False, "type": "str",
- "choices": ["smtp", "pop3", "imap",
- "http-get", "http-post", "ftp",
- "nntp", "mapi", "mm1",
- "mm3", "mm4", "mm7"]},
- "nac_quar_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "name": {"required": True, "type": "str"},
- "options": {"required": False, "type": "str"},
- "replacemsg_group": {"required": False, "type": "str"},
- "summary_proto": {"required": False, "type": "str",
- "choices": ["smtp", "pop3", "imap",
- "http-get", "http-post", "ftp",
- "nntp", "mapi", "mm1",
- "mm3", "mm4", "mm7"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_settings.py b/lib/ansible/modules/network/fortios/fortios_dlp_settings.py
deleted file mode 100644
index 5c937cb84c8..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_dlp_settings.py
+++ /dev/null
@@ -1,320 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_dlp_settings
-short_description: Designate logical storage for DLP fingerprint database in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify dlp feature and settings category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- dlp_settings:
- description:
- - Designate logical storage for DLP fingerprint database.
- default: null
- type: dict
- suboptions:
- cache_mem_percent:
- description:
- - Maximum percentage of available memory allocated to caching (1 - 15%).
- type: int
- chunk_size:
- description:
- - Maximum fingerprint chunk size. **Changing will flush the entire database**.
- type: int
- db_mode:
- description:
- - Behaviour when the maximum size is reached.
- type: str
- choices:
- - stop-adding
- - remove-modified-then-oldest
- - remove-oldest
- size:
- description:
- - Maximum total size of files within the storage (MB).
- type: int
- storage_device:
- description:
- - Storage device name. Source system.storage.name.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Designate logical storage for DLP fingerprint database.
- fortios_dlp_settings:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- dlp_settings:
- cache_mem_percent: "3"
- chunk_size: "4"
- db_mode: "stop-adding"
- size: "6"
- storage_device: " (source system.storage.name)"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_dlp_settings_data(json):
- option_list = ['cache_mem_percent', 'chunk_size', 'db_mode',
- 'size', 'storage_device']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def dlp_settings(data, fos):
- vdom = data['vdom']
- dlp_settings_data = data['dlp_settings']
- filtered_data = underscore_to_hyphen(filter_dlp_settings_data(dlp_settings_data))
-
- return fos.set('dlp',
- 'settings',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_dlp(data, fos):
-
- if data['dlp_settings']:
- resp = dlp_settings(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "dlp_settings": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "cache_mem_percent": {"required": False, "type": "int"},
- "chunk_size": {"required": False, "type": "int"},
- "db_mode": {"required": False, "type": "str",
- "choices": ["stop-adding", "remove-modified-then-oldest", "remove-oldest"]},
- "size": {"required": False, "type": "int"},
- "storage_device": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_dlp(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py b/lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py
deleted file mode 100644
index df206175db7..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py
+++ /dev/null
@@ -1,399 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_dnsfilter_domain_filter
-short_description: Configure DNS domain filters in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify dnsfilter feature and domain_filter category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- dnsfilter_domain_filter:
- description:
- - Configure DNS domain filters.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comment:
- description:
- - Optional comments.
- type: str
- entries:
- description:
- - DNS domain filter entries.
- type: list
- suboptions:
- action:
- description:
- - Action to take for domain filter matches.
- type: str
- choices:
- - block
- - allow
- - monitor
- domain:
- description:
- - Domain entries to be filtered.
- type: str
- id:
- description:
- - Id.
- required: true
- type: int
- status:
- description:
- - Enable/disable this domain filter.
- type: str
- choices:
- - enable
- - disable
- type:
- description:
- - DNS domain filter type.
- type: str
- choices:
- - simple
- - regex
- - wildcard
- id:
- description:
- - ID.
- required: true
- type: int
- name:
- description:
- - Name of table.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure DNS domain filters.
- fortios_dnsfilter_domain_filter:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- dnsfilter_domain_filter:
- comment: "Optional comments."
- entries:
- -
- action: "block"
- domain: ""
- id: "7"
- status: "enable"
- type: "simple"
- id: "10"
- name: "default_name_11"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_dnsfilter_domain_filter_data(json):
- option_list = ['comment', 'entries', 'id',
- 'name']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def dnsfilter_domain_filter(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['dnsfilter_domain_filter'] and data['dnsfilter_domain_filter']:
- state = data['dnsfilter_domain_filter']['state']
- else:
- state = True
- dnsfilter_domain_filter_data = data['dnsfilter_domain_filter']
- filtered_data = underscore_to_hyphen(filter_dnsfilter_domain_filter_data(dnsfilter_domain_filter_data))
-
- if state == "present":
- return fos.set('dnsfilter',
- 'domain-filter',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('dnsfilter',
- 'domain-filter',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_dnsfilter(data, fos):
-
- if data['dnsfilter_domain_filter']:
- resp = dnsfilter_domain_filter(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "dnsfilter_domain_filter": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comment": {"required": False, "type": "str"},
- "entries": {"required": False, "type": "list",
- "options": {
- "action": {"required": False, "type": "str",
- "choices": ["block", "allow", "monitor"]},
- "domain": {"required": False, "type": "str"},
- "id": {"required": True, "type": "int"},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "type": {"required": False, "type": "str",
- "choices": ["simple", "regex", "wildcard"]}
- }},
- "id": {"required": True, "type": "int"},
- "name": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_dnsfilter(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_dnsfilter(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py b/lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py
deleted file mode 100644
index 7bec71695e9..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py
+++ /dev/null
@@ -1,511 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_dnsfilter_profile
-short_description: Configure DNS domain filter profiles in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify dnsfilter feature and profile category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- dnsfilter_profile:
- description:
- - Configure DNS domain filter profiles.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- block_action:
- description:
- - Action to take for blocked domains.
- type: str
- choices:
- - block
- - redirect
- block_botnet:
- description:
- - Enable/disable blocking botnet C&C DNS lookups.
- type: str
- choices:
- - disable
- - enable
- comment:
- description:
- - Comment.
- type: str
- domain_filter:
- description:
- - Domain filter settings.
- type: dict
- suboptions:
- domain_filter_table:
- description:
- - DNS domain filter table ID. Source dnsfilter.domain-filter.id.
- type: int
- external_ip_blocklist:
- description:
- - One or more external IP block lists.
- type: list
- suboptions:
- name:
- description:
- - External domain block list name. Source system.external-resource.name.
- required: true
- type: str
- ftgd_dns:
- description:
- - FortiGuard DNS Filter settings.
- type: dict
- suboptions:
- filters:
- description:
- - FortiGuard DNS domain filters.
- type: list
- suboptions:
- action:
- description:
- - Action to take for DNS requests matching the category.
- type: str
- choices:
- - block
- - monitor
- category:
- description:
- - Category number.
- type: int
- id:
- description:
- - ID number.
- required: true
- type: int
- log:
- description:
- - Enable/disable DNS filter logging for this DNS profile.
- type: str
- choices:
- - enable
- - disable
- options:
- description:
- - FortiGuard DNS filter options.
- type: str
- choices:
- - error-allow
- - ftgd-disable
- log_all_domain:
- description:
- - Enable/disable logging of all domains visited (detailed DNS logging).
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Profile name.
- required: true
- type: str
- redirect_portal:
- description:
- - IP address of the SDNS redirect portal.
- type: str
- safe_search:
- description:
- - Enable/disable Google, Bing, and YouTube safe search.
- type: str
- choices:
- - disable
- - enable
- sdns_domain_log:
- description:
- - Enable/disable domain filtering and botnet domain logging.
- type: str
- choices:
- - enable
- - disable
- sdns_ftgd_err_log:
- description:
- - Enable/disable FortiGuard SDNS rating error logging.
- type: str
- choices:
- - enable
- - disable
- youtube_restrict:
- description:
- - Set safe search for YouTube restriction level.
- type: str
- choices:
- - strict
- - moderate
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure DNS domain filter profiles.
- fortios_dnsfilter_profile:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- dnsfilter_profile:
- block_action: "block"
- block_botnet: "disable"
- comment: "Comment."
- domain_filter:
- domain_filter_table: "7 (source dnsfilter.domain-filter.id)"
- external_ip_blocklist:
- -
- name: "default_name_9 (source system.external-resource.name)"
- ftgd_dns:
- filters:
- -
- action: "block"
- category: "13"
- id: "14"
- log: "enable"
- options: "error-allow"
- log_all_domain: "enable"
- name: "default_name_18"
- redirect_portal: ""
- safe_search: "disable"
- sdns_domain_log: "enable"
- sdns_ftgd_err_log: "enable"
- youtube_restrict: "strict"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_dnsfilter_profile_data(json):
- option_list = ['block_action', 'block_botnet', 'comment',
- 'domain_filter', 'external_ip_blocklist', 'ftgd_dns',
- 'log_all_domain', 'name', 'redirect_portal',
- 'safe_search', 'sdns_domain_log', 'sdns_ftgd_err_log',
- 'youtube_restrict']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def dnsfilter_profile(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['dnsfilter_profile'] and data['dnsfilter_profile']:
- state = data['dnsfilter_profile']['state']
- else:
- state = True
- dnsfilter_profile_data = data['dnsfilter_profile']
- filtered_data = underscore_to_hyphen(filter_dnsfilter_profile_data(dnsfilter_profile_data))
-
- if state == "present":
- return fos.set('dnsfilter',
- 'profile',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('dnsfilter',
- 'profile',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_dnsfilter(data, fos):
-
- if data['dnsfilter_profile']:
- resp = dnsfilter_profile(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "dnsfilter_profile": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "block_action": {"required": False, "type": "str",
- "choices": ["block", "redirect"]},
- "block_botnet": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "comment": {"required": False, "type": "str"},
- "domain_filter": {"required": False, "type": "dict",
- "options": {
- "domain_filter_table": {"required": False, "type": "int"}
- }},
- "external_ip_blocklist": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "ftgd_dns": {"required": False, "type": "dict",
- "options": {
- "filters": {"required": False, "type": "list",
- "options": {
- "action": {"required": False, "type": "str",
- "choices": ["block", "monitor"]},
- "category": {"required": False, "type": "int"},
- "id": {"required": True, "type": "int"},
- "log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
- }},
- "options": {"required": False, "type": "str",
- "choices": ["error-allow", "ftgd-disable"]}
- }},
- "log_all_domain": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "name": {"required": True, "type": "str"},
- "redirect_portal": {"required": False, "type": "str"},
- "safe_search": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "sdns_domain_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "sdns_ftgd_err_log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "youtube_restrict": {"required": False, "type": "str",
- "choices": ["strict", "moderate"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_dnsfilter(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_dnsfilter(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_client.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_client.py
deleted file mode 100644
index e8cf9d374d9..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_client.py
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_endpoint_control_client
-short_description: Configure endpoint control client lists in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify endpoint_control feature and client category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- endpoint_control_client:
- description:
- - Configure endpoint control client lists.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- ad_groups:
- description:
- - Endpoint client AD logon groups.
- type: str
- ftcl_uid:
- description:
- - Endpoint FortiClient UID.
- type: str
- id:
- description:
- - Endpoint client ID.
- required: true
- type: int
- info:
- description:
- - Endpoint client information.
- type: str
- src_ip:
- description:
- - Endpoint client IP address.
- type: str
- src_mac:
- description:
- - Endpoint client MAC address.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure endpoint control client lists.
- fortios_endpoint_control_client:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- endpoint_control_client:
- ad_groups: ""
- ftcl_uid: ""
- id: "5"
- info: ""
- src_ip: ""
- src_mac: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_endpoint_control_client_data(json):
- option_list = ['ad_groups', 'ftcl_uid', 'id',
- 'info', 'src_ip', 'src_mac']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def endpoint_control_client(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['endpoint_control_client'] and data['endpoint_control_client']:
- state = data['endpoint_control_client']['state']
- else:
- state = True
- endpoint_control_client_data = data['endpoint_control_client']
- filtered_data = underscore_to_hyphen(filter_endpoint_control_client_data(endpoint_control_client_data))
-
- if state == "present":
- return fos.set('endpoint-control',
- 'client',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('endpoint-control',
- 'client',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_endpoint_control(data, fos):
-
- if data['endpoint_control_client']:
- resp = endpoint_control_client(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "endpoint_control_client": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "ad_groups": {"required": False, "type": "str"},
- "ftcl_uid": {"required": False, "type": "str"},
- "id": {"required": True, "type": "int"},
- "info": {"required": False, "type": "str"},
- "src_ip": {"required": False, "type": "str"},
- "src_mac": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py
deleted file mode 100644
index 526a03a7af8..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py
+++ /dev/null
@@ -1,396 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_endpoint_control_forticlient_ems
-short_description: Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify endpoint_control feature and forticlient_ems category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- endpoint_control_forticlient_ems:
- description:
- - Configure FortiClient Enterprise Management Server (EMS) entries.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- address:
- description:
- - Firewall address name. Source firewall.address.name.
- type: str
- admin_password:
- description:
- - FortiClient EMS admin password.
- type: str
- admin_type:
- description:
- - FortiClient EMS admin type.
- type: str
- choices:
- - Windows
- - LDAP
- admin_username:
- description:
- - FortiClient EMS admin username.
- type: str
- https_port:
- description:
- - "FortiClient EMS HTTPS access port number. (1 - 65535)."
- type: int
- listen_port:
- description:
- - "FortiClient EMS telemetry listen port number. (1 - 65535)."
- type: int
- name:
- description:
- - FortiClient Enterprise Management Server (EMS) name.
- required: true
- type: str
- rest_api_auth:
- description:
- - FortiClient EMS REST API authentication.
- type: str
- choices:
- - disable
- - userpass
- serial_number:
- description:
- - FortiClient EMS Serial Number.
- type: str
- upload_port:
- description:
- - "FortiClient EMS telemetry upload port number. (1 - 65535)."
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure FortiClient Enterprise Management Server (EMS) entries.
- fortios_endpoint_control_forticlient_ems:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- endpoint_control_forticlient_ems:
- address: " (source firewall.address.name)"
- admin_password: ""
- admin_type: "Windows"
- admin_username: ""
- https_port: "7"
- listen_port: "8"
- name: "default_name_9"
- rest_api_auth: "disable"
- serial_number: ""
- upload_port: "12"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_endpoint_control_forticlient_ems_data(json):
- option_list = ['address', 'admin_password', 'admin_type',
- 'admin_username', 'https_port', 'listen_port',
- 'name', 'rest_api_auth', 'serial_number',
- 'upload_port']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def endpoint_control_forticlient_ems(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['endpoint_control_forticlient_ems'] and data['endpoint_control_forticlient_ems']:
- state = data['endpoint_control_forticlient_ems']['state']
- else:
- state = True
- endpoint_control_forticlient_ems_data = data['endpoint_control_forticlient_ems']
- filtered_data = underscore_to_hyphen(filter_endpoint_control_forticlient_ems_data(endpoint_control_forticlient_ems_data))
-
- if state == "present":
- return fos.set('endpoint-control',
- 'forticlient-ems',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('endpoint-control',
- 'forticlient-ems',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_endpoint_control(data, fos):
-
- if data['endpoint_control_forticlient_ems']:
- resp = endpoint_control_forticlient_ems(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "endpoint_control_forticlient_ems": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "address": {"required": False, "type": "str"},
- "admin_password": {"required": False, "type": "str"},
- "admin_type": {"required": False, "type": "str",
- "choices": ["Windows", "LDAP"]},
- "admin_username": {"required": False, "type": "str"},
- "https_port": {"required": False, "type": "int"},
- "listen_port": {"required": False, "type": "int"},
- "name": {"required": True, "type": "str"},
- "rest_api_auth": {"required": False, "type": "str",
- "choices": ["disable", "userpass"]},
- "serial_number": {"required": False, "type": "str"},
- "upload_port": {"required": False, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_registration_sync.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_registration_sync.py
deleted file mode 100644
index fcbe4ae04b5..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_registration_sync.py
+++ /dev/null
@@ -1,336 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_endpoint_control_forticlient_registration_sync
-short_description: Configure FortiClient registration synchronization settings in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify endpoint_control feature and forticlient_registration_sync category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- endpoint_control_forticlient_registration_sync:
- description:
- - Configure FortiClient registration synchronization settings.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- peer_ip:
- description:
- - IP address of the peer FortiGate for endpoint license synchronization.
- type: str
- peer_name:
- description:
- - Peer name.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure FortiClient registration synchronization settings.
- fortios_endpoint_control_forticlient_registration_sync:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- endpoint_control_forticlient_registration_sync:
- peer_ip: ""
- peer_name: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_endpoint_control_forticlient_registration_sync_data(json):
- option_list = ['peer_ip', 'peer_name']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def endpoint_control_forticlient_registration_sync(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['endpoint_control_forticlient_registration_sync'] and data['endpoint_control_forticlient_registration_sync']:
- state = data['endpoint_control_forticlient_registration_sync']['state']
- else:
- state = True
- endpoint_control_forticlient_registration_sync_data = data['endpoint_control_forticlient_registration_sync']
- filtered_data = underscore_to_hyphen(filter_endpoint_control_forticlient_registration_sync_data(endpoint_control_forticlient_registration_sync_data))
-
- if state == "present":
- return fos.set('endpoint-control',
- 'forticlient-registration-sync',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('endpoint-control',
- 'forticlient-registration-sync',
- mkey=filtered_data['peer-name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_endpoint_control(data, fos):
-
- if data['endpoint_control_forticlient_registration_sync']:
- resp = endpoint_control_forticlient_registration_sync(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "endpoint_control_forticlient_registration_sync": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "peer_ip": {"required": False, "type": "str"},
- "peer_name": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py
deleted file mode 100644
index 2a1b910cbd7..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py
+++ /dev/null
@@ -1,1177 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_endpoint_control_profile
-short_description: Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify endpoint_control feature and profile category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- endpoint_control_profile:
- description:
- - Configure FortiClient endpoint control profiles.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- description:
- description:
- - Description.
- type: str
- device_groups:
- description:
- - Device groups.
- type: list
- suboptions:
- name:
- description:
- - Device group object from available options. Source user.device-group.name user.device-category.name.
- required: true
- type: str
- forticlient_android_settings:
- description:
- - FortiClient settings for Android platform.
- type: dict
- suboptions:
- disable_wf_when_protected:
- description:
- - Enable/disable FortiClient web category filtering when protected by FortiGate.
- type: str
- choices:
- - enable
- - disable
- forticlient_advanced_vpn:
- description:
- - Enable/disable advanced FortiClient VPN configuration.
- type: str
- choices:
- - enable
- - disable
- forticlient_advanced_vpn_buffer:
- description:
- - Advanced FortiClient VPN configuration.
- type: str
- forticlient_vpn_provisioning:
- description:
- - Enable/disable FortiClient VPN provisioning.
- type: str
- choices:
- - enable
- - disable
- forticlient_vpn_settings:
- description:
- - FortiClient VPN settings.
- type: list
- suboptions:
- auth_method:
- description:
- - Authentication method.
- type: str
- choices:
- - psk
- - certificate
- name:
- description:
- - VPN name.
- required: true
- type: str
- preshared_key:
- description:
- - Pre-shared secret for PSK authentication.
- type: str
- remote_gw:
- description:
- - IP address or FQDN of the remote VPN gateway.
- type: str
- sslvpn_access_port:
- description:
- - SSL VPN access port (1 - 65535).
- type: int
- sslvpn_require_certificate:
- description:
- - Enable/disable requiring SSL VPN client certificate.
- type: str
- choices:
- - enable
- - disable
- type:
- description:
- - VPN type (IPsec or SSL VPN).
- type: str
- choices:
- - ipsec
- - ssl
- forticlient_wf:
- description:
- - Enable/disable FortiClient web filtering.
- type: str
- choices:
- - enable
- - disable
- forticlient_wf_profile:
- description:
- - The FortiClient web filter profile to apply. Source webfilter.profile.name.
- type: str
- forticlient_ios_settings:
- description:
- - FortiClient settings for iOS platform.
- type: dict
- suboptions:
- client_vpn_provisioning:
- description:
- - FortiClient VPN provisioning.
- type: str
- choices:
- - enable
- - disable
- client_vpn_settings:
- description:
- - FortiClient VPN settings.
- type: list
- suboptions:
- auth_method:
- description:
- - Authentication method.
- type: str
- choices:
- - psk
- - certificate
- name:
- description:
- - VPN name.
- required: true
- type: str
- preshared_key:
- description:
- - Pre-shared secret for PSK authentication.
- type: str
- remote_gw:
- description:
- - IP address or FQDN of the remote VPN gateway.
- type: str
- sslvpn_access_port:
- description:
- - SSL VPN access port (1 - 65535).
- type: int
- sslvpn_require_certificate:
- description:
- - Enable/disable requiring SSL VPN client certificate.
- type: str
- choices:
- - enable
- - disable
- type:
- description:
- - VPN type (IPsec or SSL VPN).
- type: str
- choices:
- - ipsec
- - ssl
- vpn_configuration_content:
- description:
- - Content of VPN configuration.
- type: str
- vpn_configuration_name:
- description:
- - Name of VPN configuration.
- type: str
- configuration_content:
- description:
- - Content of configuration profile.
- type: str
- configuration_name:
- description:
- - Name of configuration profile.
- type: str
- disable_wf_when_protected:
- description:
- - Enable/disable FortiClient web category filtering when protected by FortiGate.
- type: str
- choices:
- - enable
- - disable
- distribute_configuration_profile:
- description:
- - Enable/disable configuration profile (.mobileconfig file) distribution.
- type: str
- choices:
- - enable
- - disable
- forticlient_wf:
- description:
- - Enable/disable FortiClient web filtering.
- type: str
- choices:
- - enable
- - disable
- forticlient_wf_profile:
- description:
- - The FortiClient web filter profile to apply. Source webfilter.profile.name.
- type: str
- forticlient_winmac_settings:
- description:
- - FortiClient settings for Windows/Mac platform.
- type: dict
- suboptions:
- av_realtime_protection:
- description:
- - Enable/disable FortiClient AntiVirus real-time protection.
- type: str
- choices:
- - enable
- - disable
- av_signature_up_to_date:
- description:
- - Enable/disable FortiClient AV signature updates.
- type: str
- choices:
- - enable
- - disable
- forticlient_application_firewall:
- description:
- - Enable/disable the FortiClient application firewall.
- type: str
- choices:
- - enable
- - disable
- forticlient_application_firewall_list:
- description:
- - FortiClient application firewall rule list. Source application.list.name.
- type: str
- forticlient_av:
- description:
- - Enable/disable FortiClient AntiVirus scanning.
- type: str
- choices:
- - enable
- - disable
- forticlient_ems_compliance:
- description:
- - Enable/disable FortiClient Enterprise Management Server (EMS) compliance.
- type: str
- choices:
- - enable
- - disable
- forticlient_ems_compliance_action:
- description:
- - FortiClient EMS compliance action.
- type: str
- choices:
- - block
- - warning
- forticlient_ems_entries:
- description:
- - FortiClient EMS entries.
- type: list
- suboptions:
- name:
- description:
- - FortiClient EMS name. Source endpoint-control.forticlient-ems.name.
- required: true
- type: str
- forticlient_linux_ver:
- description:
- - Minimum FortiClient Linux version.
- type: str
- forticlient_log_upload:
- description:
- - Enable/disable uploading FortiClient logs.
- type: str
- choices:
- - enable
- - disable
- forticlient_log_upload_level:
- description:
- - Select the FortiClient logs to upload.
- type: str
- choices:
- - traffic
- - vulnerability
- - event
- forticlient_log_upload_server:
- description:
- - IP address or FQDN of the server to which to upload FortiClient logs.
- type: str
- forticlient_mac_ver:
- description:
- - Minimum FortiClient Mac OS version.
- type: str
- forticlient_minimum_software_version:
- description:
- - Enable/disable requiring clients to run FortiClient with a minimum software version number.
- type: str
- choices:
- - enable
- - disable
- forticlient_operating_system:
- description:
- - FortiClient operating system.
- type: list
- suboptions:
- id:
- description:
- - Operating system entry ID.
- required: true
- type: int
- os_name:
- description:
- - "Customize operating system name or Mac OS format:x.x.x"
- type: str
- os_type:
- description:
- - Operating system type.
- type: str
- choices:
- - custom
- - mac-os
- - win-7
- - win-80
- - win-81
- - win-10
- - win-2000
- - win-home-svr
- - win-svr-10
- - win-svr-2003
- - win-svr-2003-r2
- - win-svr-2008
- - win-svr-2008-r2
- - win-svr-2012
- - win-svr-2012-r2
- - win-sto-svr-2003
- - win-vista
- - win-xp
- - ubuntu-linux
- - centos-linux
- - redhat-linux
- - fedora-linux
- forticlient_own_file:
- description:
- - Checking the path and filename of the FortiClient application.
- type: list
- suboptions:
- file:
- description:
- - File path and name.
- type: str
- id:
- description:
- - File ID.
- required: true
- type: int
- forticlient_registration_compliance_action:
- description:
- - FortiClient registration compliance action.
- type: str
- choices:
- - block
- - warning
- forticlient_registry_entry:
- description:
- - FortiClient registry entry.
- type: list
- suboptions:
- id:
- description:
- - Registry entry ID.
- required: true
- type: int
- registry_entry:
- description:
- - Registry entry.
- type: str
- forticlient_running_app:
- description:
- - Use FortiClient to verify if the listed applications are running on the client.
- type: list
- suboptions:
- app_name:
- description:
- - Application name.
- type: str
- app_sha256_signature:
- description:
- - App's SHA256 signature.
- type: str
- app_sha256_signature2:
- description:
- - App's SHA256 Signature.
- type: str
- app_sha256_signature3:
- description:
- - App's SHA256 Signature.
- type: str
- app_sha256_signature4:
- description:
- - App's SHA256 Signature.
- type: str
- application_check_rule:
- description:
- - Application check rule.
- type: str
- choices:
- - present
- - absent
- id:
- description:
- - Application ID.
- required: true
- type: int
- process_name:
- description:
- - Process name.
- type: str
- process_name2:
- description:
- - Process name.
- type: str
- process_name3:
- description:
- - Process name.
- type: str
- process_name4:
- description:
- - Process name.
- type: str
- forticlient_security_posture:
- description:
- - Enable/disable FortiClient security posture check options.
- type: str
- choices:
- - enable
- - disable
- forticlient_security_posture_compliance_action:
- description:
- - FortiClient security posture compliance action.
- type: str
- choices:
- - block
- - warning
- forticlient_system_compliance:
- description:
- - Enable/disable enforcement of FortiClient system compliance.
- type: str
- choices:
- - enable
- - disable
- forticlient_system_compliance_action:
- description:
- - Block or warn clients not compliant with FortiClient requirements.
- type: str
- choices:
- - block
- - warning
- forticlient_vuln_scan:
- description:
- - Enable/disable FortiClient vulnerability scanning.
- type: str
- choices:
- - enable
- - disable
- forticlient_vuln_scan_compliance_action:
- description:
- - FortiClient vulnerability compliance action.
- type: str
- choices:
- - block
- - warning
- forticlient_vuln_scan_enforce:
- description:
- - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action.
- type: str
- choices:
- - critical
- - high
- - medium
- - low
- - info
- forticlient_vuln_scan_enforce_grace:
- description:
- - FortiClient vulnerability scan enforcement grace period (0 - 30 days).
- type: int
- forticlient_vuln_scan_exempt:
- description:
- - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically.
- type: str
- choices:
- - enable
- - disable
- forticlient_wf:
- description:
- - Enable/disable FortiClient web filtering.
- type: str
- choices:
- - enable
- - disable
- forticlient_wf_profile:
- description:
- - The FortiClient web filter profile to apply. Source webfilter.profile.name.
- type: str
- forticlient_win_ver:
- description:
- - Minimum FortiClient Windows version.
- type: str
- os_av_software_installed:
- description:
- - Enable/disable checking for OS recognized AntiVirus software.
- type: str
- choices:
- - enable
- - disable
- sandbox_address:
- description:
- - FortiSandbox address.
- type: str
- sandbox_analysis:
- description:
- - Enable/disable sending files to FortiSandbox for analysis.
- type: str
- choices:
- - enable
- - disable
- on_net_addr:
- description:
- - Addresses for on-net detection.
- type: list
- suboptions:
- name:
- description:
- - Address object from available options. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- profile_name:
- description:
- - Profile name.
- type: str
- replacemsg_override_group:
- description:
- - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name.
- type: str
- src_addr:
- description:
- - Source addresses.
- type: list
- suboptions:
- name:
- description:
- - Address object from available options. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- user_groups:
- description:
- - User groups.
- type: list
- suboptions:
- name:
- description:
- - User group name. Source user.group.name.
- required: true
- type: str
- users:
- description:
- - Users.
- type: list
- suboptions:
- name:
- description:
- - User name. Source user.local.name.
- required: true
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure FortiClient endpoint control profiles.
- fortios_endpoint_control_profile:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- endpoint_control_profile:
- description: ""
- device_groups:
- -
- name: "default_name_5 (source user.device-group.name user.device-category.name)"
- forticlient_android_settings:
- disable_wf_when_protected: "enable"
- forticlient_advanced_vpn: "enable"
- forticlient_advanced_vpn_buffer: ""
- forticlient_vpn_provisioning: "enable"
- forticlient_vpn_settings:
- -
- auth_method: "psk"
- name: "default_name_13"
- preshared_key: ""
- remote_gw: ""
- sslvpn_access_port: "16"
- sslvpn_require_certificate: "enable"
- type: "ipsec"
- forticlient_wf: "enable"
- forticlient_wf_profile: " (source webfilter.profile.name)"
- forticlient_ios_settings:
- client_vpn_provisioning: "enable"
- client_vpn_settings:
- -
- auth_method: "psk"
- name: "default_name_25"
- preshared_key: ""
- remote_gw: ""
- sslvpn_access_port: "28"
- sslvpn_require_certificate: "enable"
- type: "ipsec"
- vpn_configuration_content: ""
- vpn_configuration_name: ""
- configuration_content: ""
- configuration_name: ""
- disable_wf_when_protected: "enable"
- distribute_configuration_profile: "enable"
- forticlient_wf: "enable"
- forticlient_wf_profile: " (source webfilter.profile.name)"
- forticlient_winmac_settings:
- av_realtime_protection: "enable"
- av_signature_up_to_date: "enable"
- forticlient_application_firewall: "enable"
- forticlient_application_firewall_list: " (source application.list.name)"
- forticlient_av: "enable"
- forticlient_ems_compliance: "enable"
- forticlient_ems_compliance_action: "block"
- forticlient_ems_entries:
- -
- name: "default_name_48 (source endpoint-control.forticlient-ems.name)"
- forticlient_linux_ver: ""
- forticlient_log_upload: "enable"
- forticlient_log_upload_level: "traffic"
- forticlient_log_upload_server: ""
- forticlient_mac_ver: ""
- forticlient_minimum_software_version: "enable"
- forticlient_operating_system:
- -
- id: "56"
- os_name: ""
- os_type: "custom"
- forticlient_own_file:
- -
- file: ""
- id: "61"
- forticlient_registration_compliance_action: "block"
- forticlient_registry_entry:
- -
- id: "64"
- registry_entry: ""
- forticlient_running_app:
- -
- app_name: ""
- app_sha256_signature: ""
- app_sha256_signature2: ""
- app_sha256_signature3: ""
- app_sha256_signature4: ""
- application_check_rule: "present"
- id: "73"
- process_name: ""
- process_name2: ""
- process_name3: ""
- process_name4: ""
- forticlient_security_posture: "enable"
- forticlient_security_posture_compliance_action: "block"
- forticlient_system_compliance: "enable"
- forticlient_system_compliance_action: "block"
- forticlient_vuln_scan: "enable"
- forticlient_vuln_scan_compliance_action: "block"
- forticlient_vuln_scan_enforce: "critical"
- forticlient_vuln_scan_enforce_grace: "85"
- forticlient_vuln_scan_exempt: "enable"
- forticlient_wf: "enable"
- forticlient_wf_profile: " (source webfilter.profile.name)"
- forticlient_win_ver: ""
- os_av_software_installed: "enable"
- sandbox_address: ""
- sandbox_analysis: "enable"
- on_net_addr:
- -
- name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)"
- profile_name: ""
- replacemsg_override_group: " (source system.replacemsg-group.name)"
- src_addr:
- -
- name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)"
- user_groups:
- -
- name: "default_name_100 (source user.group.name)"
- users:
- -
- name: "default_name_102 (source user.local.name)"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_endpoint_control_profile_data(json):
- option_list = ['description', 'device_groups', 'forticlient_android_settings',
- 'forticlient_ios_settings', 'forticlient_winmac_settings', 'on_net_addr',
- 'profile_name', 'replacemsg_override_group', 'src_addr',
- 'user_groups', 'users']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def endpoint_control_profile(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['endpoint_control_profile'] and data['endpoint_control_profile']:
- state = data['endpoint_control_profile']['state']
- else:
- state = True
- endpoint_control_profile_data = data['endpoint_control_profile']
- filtered_data = underscore_to_hyphen(filter_endpoint_control_profile_data(endpoint_control_profile_data))
-
- if state == "present":
- return fos.set('endpoint-control',
- 'profile',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('endpoint-control',
- 'profile',
- mkey=filtered_data['profile-name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_endpoint_control(data, fos):
-
- if data['endpoint_control_profile']:
- resp = endpoint_control_profile(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "endpoint_control_profile": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "description": {"required": False, "type": "str"},
- "device_groups": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "forticlient_android_settings": {"required": False, "type": "dict",
- "options": {
- "disable_wf_when_protected": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_advanced_vpn": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_advanced_vpn_buffer": {"required": False, "type": "str"},
- "forticlient_vpn_provisioning": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_vpn_settings": {"required": False, "type": "list",
- "options": {
- "auth_method": {"required": False, "type": "str",
- "choices": ["psk", "certificate"]},
- "name": {"required": True, "type": "str"},
- "preshared_key": {"required": False, "type": "str"},
- "remote_gw": {"required": False, "type": "str"},
- "sslvpn_access_port": {"required": False, "type": "int"},
- "sslvpn_require_certificate": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "type": {"required": False, "type": "str",
- "choices": ["ipsec", "ssl"]}
- }},
- "forticlient_wf": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_wf_profile": {"required": False, "type": "str"}
- }},
- "forticlient_ios_settings": {"required": False, "type": "dict",
- "options": {
- "client_vpn_provisioning": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "client_vpn_settings": {"required": False, "type": "list",
- "options": {
- "auth_method": {"required": False, "type": "str",
- "choices": ["psk", "certificate"]},
- "name": {"required": True, "type": "str"},
- "preshared_key": {"required": False, "type": "str"},
- "remote_gw": {"required": False, "type": "str"},
- "sslvpn_access_port": {"required": False, "type": "int"},
- "sslvpn_require_certificate": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "type": {"required": False, "type": "str",
- "choices": ["ipsec", "ssl"]},
- "vpn_configuration_content": {"required": False, "type": "str"},
- "vpn_configuration_name": {"required": False, "type": "str"}
- }},
- "configuration_content": {"required": False, "type": "str"},
- "configuration_name": {"required": False, "type": "str"},
- "disable_wf_when_protected": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "distribute_configuration_profile": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_wf": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_wf_profile": {"required": False, "type": "str"}
- }},
- "forticlient_winmac_settings": {"required": False, "type": "dict",
- "options": {
- "av_realtime_protection": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "av_signature_up_to_date": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_application_firewall": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_application_firewall_list": {"required": False, "type": "str"},
- "forticlient_av": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_ems_compliance": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_ems_compliance_action": {"required": False, "type": "str",
- "choices": ["block", "warning"]},
- "forticlient_ems_entries": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "forticlient_linux_ver": {"required": False, "type": "str"},
- "forticlient_log_upload": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_log_upload_level": {"required": False, "type": "str",
- "choices": ["traffic", "vulnerability", "event"]},
- "forticlient_log_upload_server": {"required": False, "type": "str"},
- "forticlient_mac_ver": {"required": False, "type": "str"},
- "forticlient_minimum_software_version": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_operating_system": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"},
- "os_name": {"required": False, "type": "str"},
- "os_type": {"required": False, "type": "str",
- "choices": ["custom", "mac-os", "win-7",
- "win-80", "win-81", "win-10",
- "win-2000", "win-home-svr", "win-svr-10",
- "win-svr-2003", "win-svr-2003-r2",
- "win-svr-2008", "win-svr-2008-r2",
- "win-svr-2012", "win-svr-2012-r2",
- "win-sto-svr-2003", "win-vista", "win-xp",
- "ubuntu-linux", "centos-linux", "redhat-linux",
- "fedora-linux"]}
- }},
- "forticlient_own_file": {"required": False, "type": "list",
- "options": {
- "file": {"required": False, "type": "str"},
- "id": {"required": True, "type": "int"}
- }},
- "forticlient_registration_compliance_action": {"required": False, "type": "str",
- "choices": ["block", "warning"]},
- "forticlient_registry_entry": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"},
- "registry_entry": {"required": False, "type": "str"}
- }},
- "forticlient_running_app": {"required": False, "type": "list",
- "options": {
- "app_name": {"required": False, "type": "str"},
- "app_sha256_signature": {"required": False, "type": "str"},
- "app_sha256_signature2": {"required": False, "type": "str"},
- "app_sha256_signature3": {"required": False, "type": "str"},
- "app_sha256_signature4": {"required": False, "type": "str"},
- "application_check_rule": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "id": {"required": True, "type": "int"},
- "process_name": {"required": False, "type": "str"},
- "process_name2": {"required": False, "type": "str"},
- "process_name3": {"required": False, "type": "str"},
- "process_name4": {"required": False, "type": "str"}
- }},
- "forticlient_security_posture": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_security_posture_compliance_action": {"required": False, "type": "str",
- "choices": ["block", "warning"]},
- "forticlient_system_compliance": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_system_compliance_action": {"required": False, "type": "str",
- "choices": ["block", "warning"]},
- "forticlient_vuln_scan": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_vuln_scan_compliance_action": {"required": False, "type": "str",
- "choices": ["block", "warning"]},
- "forticlient_vuln_scan_enforce": {"required": False, "type": "str",
- "choices": ["critical", "high", "medium",
- "low", "info"]},
- "forticlient_vuln_scan_enforce_grace": {"required": False, "type": "int"},
- "forticlient_vuln_scan_exempt": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_wf": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_wf_profile": {"required": False, "type": "str"},
- "forticlient_win_ver": {"required": False, "type": "str"},
- "os_av_software_installed": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "sandbox_address": {"required": False, "type": "str"},
- "sandbox_analysis": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
- }},
- "on_net_addr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "profile_name": {"required": False, "type": "str"},
- "replacemsg_override_group": {"required": False, "type": "str"},
- "src_addr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "user_groups": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "users": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py
deleted file mode 100644
index 5f7375c6d8b..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py
+++ /dev/null
@@ -1,392 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_endpoint_control_settings
-short_description: Configure endpoint control settings in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify endpoint_control feature and settings category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- endpoint_control_settings:
- description:
- - Configure endpoint control settings.
- default: null
- type: dict
- suboptions:
- download_custom_link:
- description:
- - Customized URL for downloading FortiClient.
- type: str
- download_location:
- description:
- - FortiClient download location (FortiGuard or custom).
- type: str
- choices:
- - fortiguard
- - custom
- forticlient_avdb_update_interval:
- description:
- - Period of time between FortiClient AntiVirus database updates (0 - 24 hours).
- type: int
- forticlient_dereg_unsupported_client:
- description:
- - Enable/disable deregistering unsupported FortiClient endpoints.
- type: str
- choices:
- - enable
- - disable
- forticlient_ems_rest_api_call_timeout:
- description:
- - FortiClient EMS call timeout in milliseconds (500 - 30000 milliseconds).
- type: int
- forticlient_keepalive_interval:
- description:
- - Interval between two KeepAlive messages from FortiClient (20 - 300 sec).
- type: int
- forticlient_offline_grace:
- description:
- - Enable/disable grace period for offline registered clients.
- type: str
- choices:
- - enable
- - disable
- forticlient_offline_grace_interval:
- description:
- - Grace period for offline registered FortiClient (60 - 600 sec).
- type: int
- forticlient_reg_key:
- description:
- - FortiClient registration key.
- type: str
- forticlient_reg_key_enforce:
- description:
- - Enable/disable requiring or enforcing FortiClient registration keys.
- type: str
- choices:
- - enable
- - disable
- forticlient_reg_timeout:
- description:
- - FortiClient registration license timeout (days, min = 1, max = 180, 0 means unlimited).
- type: int
- forticlient_sys_update_interval:
- description:
- - Interval between two system update messages from FortiClient (30 - 1440 min).
- type: int
- forticlient_user_avatar:
- description:
- - Enable/disable uploading FortiClient user avatars.
- type: str
- choices:
- - enable
- - disable
- forticlient_warning_interval:
- description:
- - Period of time between FortiClient portal warnings (0 - 24 hours).
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure endpoint control settings.
- fortios_endpoint_control_settings:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- endpoint_control_settings:
- download_custom_link: ""
- download_location: "fortiguard"
- forticlient_avdb_update_interval: "5"
- forticlient_dereg_unsupported_client: "enable"
- forticlient_ems_rest_api_call_timeout: "7"
- forticlient_keepalive_interval: "8"
- forticlient_offline_grace: "enable"
- forticlient_offline_grace_interval: "10"
- forticlient_reg_key: ""
- forticlient_reg_key_enforce: "enable"
- forticlient_reg_timeout: "13"
- forticlient_sys_update_interval: "14"
- forticlient_user_avatar: "enable"
- forticlient_warning_interval: "16"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_endpoint_control_settings_data(json):
- option_list = ['download_custom_link', 'download_location', 'forticlient_avdb_update_interval',
- 'forticlient_dereg_unsupported_client', 'forticlient_ems_rest_api_call_timeout', 'forticlient_keepalive_interval',
- 'forticlient_offline_grace', 'forticlient_offline_grace_interval', 'forticlient_reg_key',
- 'forticlient_reg_key_enforce', 'forticlient_reg_timeout', 'forticlient_sys_update_interval',
- 'forticlient_user_avatar', 'forticlient_warning_interval']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def endpoint_control_settings(data, fos):
- vdom = data['vdom']
- endpoint_control_settings_data = data['endpoint_control_settings']
- filtered_data = underscore_to_hyphen(filter_endpoint_control_settings_data(endpoint_control_settings_data))
-
- return fos.set('endpoint-control',
- 'settings',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_endpoint_control(data, fos):
-
- if data['endpoint_control_settings']:
- resp = endpoint_control_settings(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "endpoint_control_settings": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "download_custom_link": {"required": False, "type": "str"},
- "download_location": {"required": False, "type": "str",
- "choices": ["fortiguard", "custom"]},
- "forticlient_avdb_update_interval": {"required": False, "type": "int"},
- "forticlient_dereg_unsupported_client": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_ems_rest_api_call_timeout": {"required": False, "type": "int"},
- "forticlient_keepalive_interval": {"required": False, "type": "int"},
- "forticlient_offline_grace": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_offline_grace_interval": {"required": False, "type": "int"},
- "forticlient_reg_key": {"required": False, "type": "str"},
- "forticlient_reg_key_enforce": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_reg_timeout": {"required": False, "type": "int"},
- "forticlient_sys_update_interval": {"required": False, "type": "int"},
- "forticlient_user_avatar": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "forticlient_warning_interval": {"required": False, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_endpoint_control(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py b/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py
deleted file mode 100644
index d2795d2a195..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py
+++ /dev/null
@@ -1,627 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_extender_controller_extender
-short_description: Extender controller configuration in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify extender_controller feature and extender category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- extender_controller_extender:
- description:
- - Extender controller configuration.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- aaa_shared_secret:
- description:
- - AAA shared secret.
- type: str
- access_point_name:
- description:
- - Access point name(APN).
- type: str
- admin:
- description:
- - FortiExtender Administration (enable or disable).
- type: str
- choices:
- - disable
- - discovered
- - enable
- at_dial_script:
- description:
- - Initialization AT commands specific to the MODEM.
- type: str
- billing_start_day:
- description:
- - Billing start day.
- type: int
- cdma_aaa_spi:
- description:
- - CDMA AAA SPI.
- type: str
- cdma_ha_spi:
- description:
- - CDMA HA SPI.
- type: str
- cdma_nai:
- description:
- - NAI for CDMA MODEMS.
- type: str
- conn_status:
- description:
- - Connection status.
- type: int
- description:
- description:
- - Description.
- type: str
- dial_mode:
- description:
- - Dial mode (dial-on-demand or always-connect).
- type: str
- choices:
- - dial-on-demand
- - always-connect
- dial_status:
- description:
- - Dial status.
- type: int
- ext_name:
- description:
- - FortiExtender name.
- type: str
- ha_shared_secret:
- description:
- - HA shared secret.
- type: str
- id:
- description:
- - FortiExtender serial number.
- required: true
- type: str
- ifname:
- description:
- - FortiExtender interface name.
- type: str
- initiated_update:
- description:
- - Allow/disallow network initiated updates to the MODEM.
- type: str
- choices:
- - enable
- - disable
- mode:
- description:
- - FortiExtender mode.
- type: str
- choices:
- - standalone
- - redundant
- modem_passwd:
- description:
- - MODEM password.
- type: str
- modem_type:
- description:
- - MODEM type (CDMA, GSM/LTE or WIMAX).
- type: str
- choices:
- - cdma
- - gsm/lte
- - wimax
- multi_mode:
- description:
- - MODEM mode of operation(3G,LTE,etc).
- type: str
- choices:
- - auto
- - auto-3g
- - force-lte
- - force-3g
- - force-2g
- ppp_auth_protocol:
- description:
- - PPP authentication protocol (PAP,CHAP or auto).
- type: str
- choices:
- - auto
- - pap
- - chap
- ppp_echo_request:
- description:
- - Enable/disable PPP echo request.
- type: str
- choices:
- - enable
- - disable
- ppp_password:
- description:
- - PPP password.
- type: str
- ppp_username:
- description:
- - PPP username.
- type: str
- primary_ha:
- description:
- - Primary HA.
- type: str
- quota_limit_mb:
- description:
- - Monthly quota limit (MB).
- type: int
- redial:
- description:
- - Number of redials allowed based on failed attempts.
- type: str
- choices:
- - none
- - 1
- - 2
- - 3
- - 4
- - 5
- - 6
- - 7
- - 8
- - 9
- - 10
- redundant_intf:
- description:
- - Redundant interface.
- type: str
- roaming:
- description:
- - Enable/disable MODEM roaming.
- type: str
- choices:
- - enable
- - disable
- role:
- description:
- - FortiExtender work role(Primary, Secondary, None).
- type: str
- choices:
- - none
- - primary
- - secondary
- secondary_ha:
- description:
- - Secondary HA.
- type: str
- sim_pin:
- description:
- - SIM PIN.
- type: str
- vdom:
- description:
- - VDOM
- type: int
- wimax_auth_protocol:
- description:
- - WiMax authentication protocol(TLS or TTLS).
- type: str
- choices:
- - tls
- - ttls
- wimax_carrier:
- description:
- - WiMax carrier.
- type: str
- wimax_realm:
- description:
- - WiMax realm.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Extender controller configuration.
- fortios_extender_controller_extender:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- extender_controller_extender:
- aaa_shared_secret: ""
- access_point_name: ""
- admin: "disable"
- at_dial_script: ""
- billing_start_day: "7"
- cdma_aaa_spi: ""
- cdma_ha_spi: ""
- cdma_nai: ""
- conn_status: "11"
- description: ""
- dial_mode: "dial-on-demand"
- dial_status: "14"
- ext_name: ""
- ha_shared_secret: ""
- id: "17"
- ifname: ""
- initiated_update: "enable"
- mode: "standalone"
- modem_passwd: ""
- modem_type: "cdma"
- multi_mode: "auto"
- ppp_auth_protocol: "auto"
- ppp_echo_request: "enable"
- ppp_password: ""
- ppp_username: ""
- primary_ha: ""
- quota_limit_mb: "29"
- redial: "none"
- redundant_intf: ""
- roaming: "enable"
- role: "none"
- secondary_ha: ""
- sim_pin: ""
- vdom: "36"
- wimax_auth_protocol: "tls"
- wimax_carrier: ""
- wimax_realm: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_extender_controller_extender_data(json):
- option_list = ['aaa_shared_secret', 'access_point_name', 'admin',
- 'at_dial_script', 'billing_start_day', 'cdma_aaa_spi',
- 'cdma_ha_spi', 'cdma_nai', 'conn_status',
- 'description', 'dial_mode', 'dial_status',
- 'ext_name', 'ha_shared_secret', 'id',
- 'ifname', 'initiated_update', 'mode',
- 'modem_passwd', 'modem_type', 'multi_mode',
- 'ppp_auth_protocol', 'ppp_echo_request', 'ppp_password',
- 'ppp_username', 'primary_ha', 'quota_limit_mb',
- 'redial', 'redundant_intf', 'roaming',
- 'role', 'secondary_ha', 'sim_pin',
- 'vdom', 'wimax_auth_protocol', 'wimax_carrier',
- 'wimax_realm']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def extender_controller_extender(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['extender_controller_extender'] and data['extender_controller_extender']:
- state = data['extender_controller_extender']['state']
- else:
- state = True
- extender_controller_extender_data = data['extender_controller_extender']
- filtered_data = underscore_to_hyphen(filter_extender_controller_extender_data(extender_controller_extender_data))
-
- if state == "present":
- return fos.set('extender-controller',
- 'extender',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('extender-controller',
- 'extender',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_extender_controller(data, fos):
-
- if data['extender_controller_extender']:
- resp = extender_controller_extender(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "extender_controller_extender": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "aaa_shared_secret": {"required": False, "type": "str"},
- "access_point_name": {"required": False, "type": "str"},
- "admin": {"required": False, "type": "str",
- "choices": ["disable", "discovered", "enable"]},
- "at_dial_script": {"required": False, "type": "str"},
- "billing_start_day": {"required": False, "type": "int"},
- "cdma_aaa_spi": {"required": False, "type": "str"},
- "cdma_ha_spi": {"required": False, "type": "str"},
- "cdma_nai": {"required": False, "type": "str"},
- "conn_status": {"required": False, "type": "int"},
- "description": {"required": False, "type": "str"},
- "dial_mode": {"required": False, "type": "str",
- "choices": ["dial-on-demand", "always-connect"]},
- "dial_status": {"required": False, "type": "int"},
- "ext_name": {"required": False, "type": "str"},
- "ha_shared_secret": {"required": False, "type": "str"},
- "id": {"required": True, "type": "str"},
- "ifname": {"required": False, "type": "str"},
- "initiated_update": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "mode": {"required": False, "type": "str",
- "choices": ["standalone", "redundant"]},
- "modem_passwd": {"required": False, "type": "str"},
- "modem_type": {"required": False, "type": "str",
- "choices": ["cdma", "gsm/lte", "wimax"]},
- "multi_mode": {"required": False, "type": "str",
- "choices": ["auto", "auto-3g", "force-lte",
- "force-3g", "force-2g"]},
- "ppp_auth_protocol": {"required": False, "type": "str",
- "choices": ["auto", "pap", "chap"]},
- "ppp_echo_request": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "ppp_password": {"required": False, "type": "str"},
- "ppp_username": {"required": False, "type": "str"},
- "primary_ha": {"required": False, "type": "str"},
- "quota_limit_mb": {"required": False, "type": "int"},
- "redial": {"required": False, "type": "str",
- "choices": ["none", "1", "2",
- "3", "4", "5",
- "6", "7", "8",
- "9", "10"]},
- "redundant_intf": {"required": False, "type": "str"},
- "roaming": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "role": {"required": False, "type": "str",
- "choices": ["none", "primary", "secondary"]},
- "secondary_ha": {"required": False, "type": "str"},
- "sim_pin": {"required": False, "type": "str"},
- "vdom": {"required": False, "type": "int"},
- "wimax_auth_protocol": {"required": False, "type": "str",
- "choices": ["tls", "ttls"]},
- "wimax_carrier": {"required": False, "type": "str"},
- "wimax_realm": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_extender_controller(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_extender_controller(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_facts.py b/lib/ansible/modules/network/fortios/fortios_facts.py
deleted file mode 100644
index 7359fd0dc36..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_facts.py
+++ /dev/null
@@ -1,282 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_facts
-version_added: "2.9"
-short_description: Get facts about fortios devices.
-description:
- - Collects facts from network devices running the fortios operating
- system. This module places the facts gathered in the fact tree keyed by the
- respective resource name. This facts module will only collect those
- facts which user specified in playbook.
-author:
- - Don Yao (@fortinetps)
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Support both legacy mode (local_action) and httpapi
- - Legacy mode run as a local_action in your playbook, requires fortiosapi library developed by Fortinet
- - httpapi mode is the new recommend way for network modules
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- required: false
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- required: false
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- required: false
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: false
- required: false
- gather_subset:
- description:
- - When supplied, this argument will restrict the facts collected
- to a given subset. Possible values for this argument include
- system_current-admins_select, system_firmware_select,
- system_fortimanager_status, system_ha-checksums_select,
- system_interface_select, system_status_select and system_time_select
- type: list
- elements: dict
- required: true
- suboptions:
- fact:
- description:
- - Name of the facts to gather
- type: str
- required: true
- filters:
- description:
- - Filters apply when gathering facts
- type: list
- elements: dict
- required: false
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
-
- tasks:
- - name: gather basic system status facts
- fortios_facts:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- gather_subset:
- - fact: 'system_status_select'
-
- - name: gather all physical interfaces status facts
- fortios_facts:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- gather_subset:
- - fact: 'system_interface_select'
-
- - name: gather gather all physical and vlan interfaces status facts
- fortios_facts:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- gather_subset:
- - fact: 'system_interface_select'
- filters:
- - include_vlan: true
-
- - name: gather basic system info and physical interface port3 status facts
- fortios_facts:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- gather_subset:
- - fact: 'system_status_select'
- - fact: 'system_interface_select'
- filters:
- - interface_name: 'port3'
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'GET'
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "firmware"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "system"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-ansible_facts:
- description: The list of fact subsets collected from the device
- returned: always
- type: dict
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-from ansible.module_utils.network.fortios.argspec.facts.facts import FactsArgs
-from ansible.module_utils.network.fortios.facts.facts import Facts
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def main():
- """ Main entry point for AnsibleModule
- """
- argument_spec = FactsArgs.argument_spec
-
- module = AnsibleModule(argument_spec=argument_spec,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- warnings = []
- connection = Connection(module._socket_path)
- module._connection = connection
- fos = FortiOSHandler(connection)
-
- result = Facts(module, fos).get_facts()
-
- ansible_facts, additional_warnings = result
- warnings.extend(additional_warnings)
-
- module.exit_json(ansible_facts=ansible_facts, warnings=warnings)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- warnings = []
-
- fos = FortiOSAPI()
- login(module.params, fos)
- module._connection = fos
-
- result = Facts(module, fos).get_facts()
-
- ansible_facts, additional_warnings = result
- warnings.extend(additional_warnings)
-
- module.exit_json(ansible_facts=ansible_facts, warnings=warnings)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py
deleted file mode 100644
index 71a9fa39e92..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py
+++ /dev/null
@@ -1,492 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_DoS_policy
-short_description: Configure IPv4 DoS policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and DoS_policy category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_DoS_policy:
- description:
- - Configure IPv4 DoS policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- anomaly:
- description:
- - Anomaly name.
- type: list
- suboptions:
- action:
- description:
- - Action taken when the threshold is reached.
- type: str
- choices:
- - pass
- - block
- log:
- description:
- - Enable/disable anomaly logging.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Anomaly name.
- required: true
- type: str
- quarantine:
- description:
- - Quarantine method.
- type: str
- choices:
- - none
- - attacker
- quarantine_expiry:
- description:
- - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker.
- type: str
- quarantine_log:
- description:
- - Enable/disable quarantine logging.
- type: str
- choices:
- - disable
- - enable
- status:
- description:
- - Enable/disable this anomaly.
- type: str
- choices:
- - disable
- - enable
- threshold:
- description:
- - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.
- type: int
- threshold(default):
- description:
- - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold
- value assigned to it.
- type: int
- comments:
- description:
- - Comment.
- type: str
- dstaddr:
- description:
- - Destination address name from available addresses.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- interface:
- description:
- - Incoming interface name from available interfaces. Source system.zone.name system.interface.name.
- type: str
- policyid:
- description:
- - Policy ID.
- required: true
- type: int
- service:
- description:
- - Service object from available options.
- type: list
- suboptions:
- name:
- description:
- - Service name. Source firewall.service.custom.name firewall.service.group.name.
- required: true
- type: str
- srcaddr:
- description:
- - Source address name from available addresses.
- type: list
- suboptions:
- name:
- description:
- - Service name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- status:
- description:
- - Enable/disable this policy.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv4 DoS policies.
- fortios_firewall_DoS_policy:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_DoS_policy:
- anomaly:
- -
- action: "pass"
- log: "enable"
- name: "default_name_6"
- quarantine: "none"
- quarantine_expiry: ""
- quarantine_log: "disable"
- status: "disable"
- threshold: "11"
- threshold(default): "12"
- comments: ""
- dstaddr:
- -
- name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)"
- interface: " (source system.zone.name system.interface.name)"
- policyid: "17"
- service:
- -
- name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)"
- srcaddr:
- -
- name: "default_name_21 (source firewall.address.name firewall.addrgrp.name)"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_DoS_policy_data(json):
- option_list = ['anomaly', 'comments', 'dstaddr',
- 'interface', 'policyid', 'service',
- 'srcaddr', 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_DoS_policy(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_DoS_policy'] and data['firewall_DoS_policy']:
- state = data['firewall_DoS_policy']['state']
- else:
- state = True
- firewall_DoS_policy_data = data['firewall_DoS_policy']
- filtered_data = underscore_to_hyphen(filter_firewall_DoS_policy_data(firewall_DoS_policy_data))
-
- if state == "present":
- return fos.set('firewall',
- 'DoS-policy',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'DoS-policy',
- mkey=filtered_data['policyid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_DoS_policy']:
- resp = firewall_DoS_policy(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_DoS_policy": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "anomaly": {"required": False, "type": "list",
- "options": {
- "action": {"required": False, "type": "str",
- "choices": ["pass", "block"]},
- "log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "name": {"required": True, "type": "str"},
- "quarantine": {"required": False, "type": "str",
- "choices": ["none", "attacker"]},
- "quarantine_expiry": {"required": False, "type": "str"},
- "quarantine_log": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "status": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "threshold": {"required": False, "type": "int"},
- "threshold(default)": {"required": False, "type": "int"}
- }},
- "comments": {"required": False, "type": "str"},
- "dstaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "interface": {"required": False, "type": "str"},
- "policyid": {"required": True, "type": "int"},
- "service": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py
deleted file mode 100644
index e20f2aa2fe4..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py
+++ /dev/null
@@ -1,492 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_DoS_policy6
-short_description: Configure IPv6 DoS policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and DoS_policy6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_DoS_policy6:
- description:
- - Configure IPv6 DoS policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- anomaly:
- description:
- - Anomaly name.
- type: list
- suboptions:
- action:
- description:
- - Action taken when the threshold is reached.
- type: str
- choices:
- - pass
- - block
- log:
- description:
- - Enable/disable anomaly logging.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Anomaly name.
- required: true
- type: str
- quarantine:
- description:
- - Quarantine method.
- type: str
- choices:
- - none
- - attacker
- quarantine_expiry:
- description:
- - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker.
- type: str
- quarantine_log:
- description:
- - Enable/disable quarantine logging.
- type: str
- choices:
- - disable
- - enable
- status:
- description:
- - Enable/disable this anomaly.
- type: str
- choices:
- - disable
- - enable
- threshold:
- description:
- - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.
- type: int
- threshold(default):
- description:
- - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold
- value assigned to it.
- type: int
- comments:
- description:
- - Comment.
- type: str
- dstaddr:
- description:
- - Destination address name from available addresses.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- interface:
- description:
- - Incoming interface name from available interfaces. Source system.zone.name system.interface.name.
- type: str
- policyid:
- description:
- - Policy ID.
- required: true
- type: int
- service:
- description:
- - Service object from available options.
- type: list
- suboptions:
- name:
- description:
- - Service name. Source firewall.service.custom.name firewall.service.group.name.
- required: true
- type: str
- srcaddr:
- description:
- - Source address name from available addresses.
- type: list
- suboptions:
- name:
- description:
- - Service name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- status:
- description:
- - Enable/disable this policy.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 DoS policies.
- fortios_firewall_DoS_policy6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_DoS_policy6:
- anomaly:
- -
- action: "pass"
- log: "enable"
- name: "default_name_6"
- quarantine: "none"
- quarantine_expiry: ""
- quarantine_log: "disable"
- status: "disable"
- threshold: "11"
- threshold(default): "12"
- comments: ""
- dstaddr:
- -
- name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)"
- interface: " (source system.zone.name system.interface.name)"
- policyid: "17"
- service:
- -
- name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)"
- srcaddr:
- -
- name: "default_name_21 (source firewall.address6.name firewall.addrgrp6.name)"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_DoS_policy6_data(json):
- option_list = ['anomaly', 'comments', 'dstaddr',
- 'interface', 'policyid', 'service',
- 'srcaddr', 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_DoS_policy6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_DoS_policy6'] and data['firewall_DoS_policy6']:
- state = data['firewall_DoS_policy6']['state']
- else:
- state = True
- firewall_DoS_policy6_data = data['firewall_DoS_policy6']
- filtered_data = underscore_to_hyphen(filter_firewall_DoS_policy6_data(firewall_DoS_policy6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'DoS-policy6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'DoS-policy6',
- mkey=filtered_data['policyid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_DoS_policy6']:
- resp = firewall_DoS_policy6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_DoS_policy6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "anomaly": {"required": False, "type": "list",
- "options": {
- "action": {"required": False, "type": "str",
- "choices": ["pass", "block"]},
- "log": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "name": {"required": True, "type": "str"},
- "quarantine": {"required": False, "type": "str",
- "choices": ["none", "attacker"]},
- "quarantine_expiry": {"required": False, "type": "str"},
- "quarantine_log": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "status": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "threshold": {"required": False, "type": "int"},
- "threshold(default)": {"required": False, "type": "int"}
- }},
- "comments": {"required": False, "type": "str"},
- "dstaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "interface": {"required": False, "type": "str"},
- "policyid": {"required": True, "type": "int"},
- "service": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_address.py b/lib/ansible/modules/network/fortios/fortios_firewall_address.py
deleted file mode 100644
index a3371a0f76d..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_address.py
+++ /dev/null
@@ -1,571 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_address
-short_description: Configure IPv4 addresses in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and address category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_address:
- description:
- - Configure IPv4 addresses.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- allow_routing:
- description:
- - Enable/disable use of this address in the static route configuration.
- type: str
- choices:
- - enable
- - disable
- associated_interface:
- description:
- - Network interface associated with address. Source system.interface.name system.zone.name.
- type: str
- cache_ttl:
- description:
- - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.
- type: int
- color:
- description:
- - Color of icon on the GUI.
- type: int
- comment:
- description:
- - Comment.
- type: str
- country:
- description:
- - IP addresses associated to a specific country.
- type: str
- end_ip:
- description:
- - Final IP address (inclusive) in the range for the address.
- type: str
- epg_name:
- description:
- - Endpoint group name.
- type: str
- filter:
- description:
- - Match criteria filter.
- type: str
- fqdn:
- description:
- - Fully Qualified Domain Name address.
- type: str
- list:
- description:
- - IP address list.
- type: list
- suboptions:
- ip:
- description:
- - IP.
- required: true
- type: str
- name:
- description:
- - Address name.
- required: true
- type: str
- obj_id:
- description:
- - Object ID for NSX.
- type: str
- organization:
- description:
- - "Organization domain name (Syntax: organization/domain)."
- type: str
- policy_group:
- description:
- - Policy group name.
- type: str
- sdn:
- description:
- - SDN.
- type: str
- choices:
- - aci
- - aws
- - azure
- - gcp
- - nsx
- - nuage
- - oci
- - openstack
- sdn_tag:
- description:
- - SDN Tag.
- type: str
- start_ip:
- description:
- - First IP address (inclusive) in the range for the address.
- type: str
- subnet:
- description:
- - IP address and subnet mask of address.
- type: str
- subnet_name:
- description:
- - Subnet name.
- type: str
- tagging:
- description:
- - Config object tagging.
- type: list
- suboptions:
- category:
- description:
- - Tag category. Source system.object-tagging.category.
- type: str
- name:
- description:
- - Tagging entry name.
- required: true
- type: str
- tags:
- description:
- - Tags.
- type: list
- suboptions:
- name:
- description:
- - Tag name. Source system.object-tagging.tags.name.
- required: true
- type: str
- tenant:
- description:
- - Tenant.
- type: str
- type:
- description:
- - Type of address.
- type: str
- choices:
- - ipmask
- - iprange
- - fqdn
- - geography
- - wildcard
- - wildcard-fqdn
- - dynamic
- uuid:
- description:
- - Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- type: str
- visibility:
- description:
- - Enable/disable address visibility in the GUI.
- type: str
- choices:
- - enable
- - disable
- wildcard:
- description:
- - IP address and wildcard netmask.
- type: str
- wildcard_fqdn:
- description:
- - Fully Qualified Domain Name with wildcard characters.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv4 addresses.
- fortios_firewall_address:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_address:
- allow_routing: "enable"
- associated_interface: " (source system.interface.name system.zone.name)"
- cache_ttl: "5"
- color: "6"
- comment: "Comment."
- country: ""
- end_ip: ""
- epg_name: ""
- filter: ""
- fqdn: ""
- list:
- -
- ip: ""
- name: "default_name_15"
- obj_id: ""
- organization: ""
- policy_group: ""
- sdn: "aci"
- sdn_tag: ""
- start_ip: ""
- subnet: ""
- subnet_name: ""
- tagging:
- -
- category: " (source system.object-tagging.category)"
- name: "default_name_26"
- tags:
- -
- name: "default_name_28 (source system.object-tagging.tags.name)"
- tenant: ""
- type: "ipmask"
- uuid: ""
- visibility: "enable"
- wildcard: ""
- wildcard_fqdn: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_address_data(json):
- option_list = ['allow_routing', 'associated_interface', 'cache_ttl',
- 'color', 'comment', 'country',
- 'end_ip', 'epg_name', 'filter',
- 'fqdn', 'list', 'name',
- 'obj_id', 'organization', 'policy_group',
- 'sdn', 'sdn_tag', 'start_ip',
- 'subnet', 'subnet_name', 'tagging',
- 'tenant', 'type', 'uuid',
- 'visibility', 'wildcard', 'wildcard_fqdn']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_address(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_address'] and data['firewall_address']:
- state = data['firewall_address']['state']
- else:
- state = True
- firewall_address_data = data['firewall_address']
- filtered_data = underscore_to_hyphen(filter_firewall_address_data(firewall_address_data))
-
- if state == "present":
- return fos.set('firewall',
- 'address',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'address',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_address']:
- resp = firewall_address(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_address": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "allow_routing": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "associated_interface": {"required": False, "type": "str"},
- "cache_ttl": {"required": False, "type": "int"},
- "color": {"required": False, "type": "int"},
- "comment": {"required": False, "type": "str"},
- "country": {"required": False, "type": "str"},
- "end_ip": {"required": False, "type": "str"},
- "epg_name": {"required": False, "type": "str"},
- "filter": {"required": False, "type": "str"},
- "fqdn": {"required": False, "type": "str"},
- "list": {"required": False, "type": "list",
- "options": {
- "ip": {"required": True, "type": "str"}
- }},
- "name": {"required": True, "type": "str"},
- "obj_id": {"required": False, "type": "str"},
- "organization": {"required": False, "type": "str"},
- "policy_group": {"required": False, "type": "str"},
- "sdn": {"required": False, "type": "str",
- "choices": ["aci", "aws", "azure",
- "gcp", "nsx", "nuage",
- "oci", "openstack"]},
- "sdn_tag": {"required": False, "type": "str"},
- "start_ip": {"required": False, "type": "str"},
- "subnet": {"required": False, "type": "str"},
- "subnet_name": {"required": False, "type": "str"},
- "tagging": {"required": False, "type": "list",
- "options": {
- "category": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "tags": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
- }},
- "tenant": {"required": False, "type": "str"},
- "type": {"required": False, "type": "str",
- "choices": ["ipmask", "iprange", "fqdn",
- "geography", "wildcard", "wildcard-fqdn",
- "dynamic"]},
- "uuid": {"required": False, "type": "str"},
- "visibility": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "wildcard": {"required": False, "type": "str"},
- "wildcard_fqdn": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_address6.py b/lib/ansible/modules/network/fortios/fortios_firewall_address6.py
deleted file mode 100644
index c8bae7ccabb..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_address6.py
+++ /dev/null
@@ -1,536 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_address6
-short_description: Configure IPv6 firewall addresses in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and address6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_address6:
- description:
- - Configure IPv6 firewall addresses.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- cache_ttl:
- description:
- - Minimal TTL of individual IPv6 addresses in FQDN cache.
- type: int
- color:
- description:
- - Integer value to determine the color of the icon in the GUI (range 1 to 32).
- type: int
- comment:
- description:
- - Comment.
- type: str
- end_ip:
- description:
- - "Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)."
- type: str
- fqdn:
- description:
- - Fully qualified domain name.
- type: str
- host:
- description:
- - Host Address.
- type: str
- host_type:
- description:
- - Host type.
- type: str
- choices:
- - any
- - specific
- ip6:
- description:
- - "IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx)."
- type: str
- list:
- description:
- - IP address list.
- type: list
- suboptions:
- ip:
- description:
- - IP.
- required: true
- type: str
- name:
- description:
- - Address name.
- required: true
- type: str
- obj_id:
- description:
- - Object ID for NSX.
- type: str
- sdn:
- description:
- - SDN.
- type: str
- choices:
- - nsx
- start_ip:
- description:
- - "First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)."
- type: str
- subnet_segment:
- description:
- - IPv6 subnet segments.
- type: list
- suboptions:
- name:
- description:
- - Name.
- required: true
- type: str
- type:
- description:
- - Subnet segment type.
- type: str
- choices:
- - any
- - specific
- value:
- description:
- - Subnet segment value.
- type: str
- tagging:
- description:
- - Config object tagging
- type: list
- suboptions:
- category:
- description:
- - Tag category. Source system.object-tagging.category.
- type: str
- name:
- description:
- - Tagging entry name.
- required: true
- type: str
- tags:
- description:
- - Tags.
- type: list
- suboptions:
- name:
- description:
- - Tag name. Source system.object-tagging.tags.name.
- required: true
- type: str
- template:
- description:
- - IPv6 address template. Source firewall.address6-template.name.
- type: str
- type:
- description:
- - Type of IPv6 address object .
- type: str
- choices:
- - ipprefix
- - iprange
- - fqdn
- - dynamic
- - template
- uuid:
- description:
- - Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- type: str
- visibility:
- description:
- - Enable/disable the visibility of the object in the GUI.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 firewall addresses.
- fortios_firewall_address6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_address6:
- cache_ttl: "3"
- color: "4"
- comment: "Comment."
- end_ip: ""
- fqdn: ""
- host: ""
- host_type: "any"
- ip6: ""
- list:
- -
- ip: ""
- name: "default_name_13"
- obj_id: ""
- sdn: "nsx"
- start_ip: ""
- subnet_segment:
- -
- name: "default_name_18"
- type: "any"
- value: ""
- tagging:
- -
- category: " (source system.object-tagging.category)"
- name: "default_name_23"
- tags:
- -
- name: "default_name_25 (source system.object-tagging.tags.name)"
- template: " (source firewall.address6-template.name)"
- type: "ipprefix"
- uuid: ""
- visibility: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_address6_data(json):
- option_list = ['cache_ttl', 'color', 'comment',
- 'end_ip', 'fqdn', 'host',
- 'host_type', 'ip6', 'list',
- 'name', 'obj_id', 'sdn',
- 'start_ip', 'subnet_segment', 'tagging',
- 'template', 'type', 'uuid',
- 'visibility']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_address6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_address6'] and data['firewall_address6']:
- state = data['firewall_address6']['state']
- else:
- state = True
- firewall_address6_data = data['firewall_address6']
- filtered_data = underscore_to_hyphen(filter_firewall_address6_data(firewall_address6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'address6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'address6',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_address6']:
- resp = firewall_address6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_address6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "cache_ttl": {"required": False, "type": "int"},
- "color": {"required": False, "type": "int"},
- "comment": {"required": False, "type": "str"},
- "end_ip": {"required": False, "type": "str"},
- "fqdn": {"required": False, "type": "str"},
- "host": {"required": False, "type": "str"},
- "host_type": {"required": False, "type": "str",
- "choices": ["any", "specific"]},
- "ip6": {"required": False, "type": "str"},
- "list": {"required": False, "type": "list",
- "options": {
- "ip": {"required": True, "type": "str"}
- }},
- "name": {"required": True, "type": "str"},
- "obj_id": {"required": False, "type": "str"},
- "sdn": {"required": False, "type": "str",
- "choices": ["nsx"]},
- "start_ip": {"required": False, "type": "str"},
- "subnet_segment": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"},
- "type": {"required": False, "type": "str",
- "choices": ["any", "specific"]},
- "value": {"required": False, "type": "str"}
- }},
- "tagging": {"required": False, "type": "list",
- "options": {
- "category": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "tags": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
- }},
- "template": {"required": False, "type": "str"},
- "type": {"required": False, "type": "str",
- "choices": ["ipprefix", "iprange", "fqdn",
- "dynamic", "template"]},
- "uuid": {"required": False, "type": "str"},
- "visibility": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py b/lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py
deleted file mode 100644
index ca2488f6d7b..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py
+++ /dev/null
@@ -1,406 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_address6_template
-short_description: Configure IPv6 address templates in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and address6_template category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_address6_template:
- description:
- - Configure IPv6 address templates.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- ip6:
- description:
- - IPv6 address prefix.
- type: str
- name:
- description:
- - IPv6 address template name.
- required: true
- type: str
- subnet_segment:
- description:
- - IPv6 subnet segments.
- type: list
- suboptions:
- bits:
- description:
- - Number of bits.
- type: int
- exclusive:
- description:
- - Enable/disable exclusive value.
- type: str
- choices:
- - enable
- - disable
- id:
- description:
- - Subnet segment ID.
- required: true
- type: int
- name:
- description:
- - Subnet segment name.
- type: str
- values:
- description:
- - Subnet segment values.
- type: list
- suboptions:
- name:
- description:
- - Subnet segment value name.
- required: true
- type: str
- value:
- description:
- - Subnet segment value.
- type: str
- subnet_segment_count:
- description:
- - Number of IPv6 subnet segments.
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 address templates.
- fortios_firewall_address6_template:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_address6_template:
- ip6: ""
- name: "default_name_4"
- subnet_segment:
- -
- bits: "6"
- exclusive: "enable"
- id: "8"
- name: "default_name_9"
- values:
- -
- name: "default_name_11"
- value: ""
- subnet_segment_count: "13"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_address6_template_data(json):
- option_list = ['ip6', 'name', 'subnet_segment',
- 'subnet_segment_count']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_address6_template(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_address6_template'] and data['firewall_address6_template']:
- state = data['firewall_address6_template']['state']
- else:
- state = True
- firewall_address6_template_data = data['firewall_address6_template']
- filtered_data = underscore_to_hyphen(filter_firewall_address6_template_data(firewall_address6_template_data))
-
- if state == "present":
- return fos.set('firewall',
- 'address6-template',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'address6-template',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_address6_template']:
- resp = firewall_address6_template(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_address6_template": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "ip6": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "subnet_segment": {"required": False, "type": "list",
- "options": {
- "bits": {"required": False, "type": "int"},
- "exclusive": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "id": {"required": True, "type": "int"},
- "name": {"required": False, "type": "str"},
- "values": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"},
- "value": {"required": False, "type": "str"}
- }}
- }},
- "subnet_segment_count": {"required": False, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py b/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py
deleted file mode 100644
index ea63a365298..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py
+++ /dev/null
@@ -1,428 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_addrgrp
-short_description: Configure IPv4 address groups in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and addrgrp category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_addrgrp:
- description:
- - Configure IPv4 address groups.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- allow_routing:
- description:
- - Enable/disable use of this group in the static route configuration.
- type: str
- choices:
- - enable
- - disable
- color:
- description:
- - Color of icon on the GUI.
- type: int
- comment:
- description:
- - Comment.
- type: str
- member:
- description:
- - Address objects contained within the group.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- name:
- description:
- - Address group name.
- required: true
- type: str
- tagging:
- description:
- - Config object tagging.
- type: list
- suboptions:
- category:
- description:
- - Tag category. Source system.object-tagging.category.
- type: str
- name:
- description:
- - Tagging entry name.
- required: true
- type: str
- tags:
- description:
- - Tags.
- type: list
- suboptions:
- name:
- description:
- - Tag name. Source system.object-tagging.tags.name.
- required: true
- type: str
- uuid:
- description:
- - Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- type: str
- visibility:
- description:
- - Enable/disable address visibility in the GUI.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv4 address groups.
- fortios_firewall_addrgrp:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_addrgrp:
- allow_routing: "enable"
- color: "4"
- comment: "Comment."
- member:
- -
- name: "default_name_7 (source firewall.address.name firewall.addrgrp.name)"
- name: "default_name_8"
- tagging:
- -
- category: " (source system.object-tagging.category)"
- name: "default_name_11"
- tags:
- -
- name: "default_name_13 (source system.object-tagging.tags.name)"
- uuid: ""
- visibility: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_addrgrp_data(json):
- option_list = ['allow_routing', 'color', 'comment',
- 'member', 'name', 'tagging',
- 'uuid', 'visibility']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_addrgrp(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_addrgrp'] and data['firewall_addrgrp']:
- state = data['firewall_addrgrp']['state']
- else:
- state = True
- firewall_addrgrp_data = data['firewall_addrgrp']
- filtered_data = underscore_to_hyphen(filter_firewall_addrgrp_data(firewall_addrgrp_data))
-
- if state == "present":
- return fos.set('firewall',
- 'addrgrp',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'addrgrp',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_addrgrp']:
- resp = firewall_addrgrp(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_addrgrp": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "allow_routing": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "color": {"required": False, "type": "int"},
- "comment": {"required": False, "type": "str"},
- "member": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "name": {"required": True, "type": "str"},
- "tagging": {"required": False, "type": "list",
- "options": {
- "category": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "tags": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
- }},
- "uuid": {"required": False, "type": "str"},
- "visibility": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py b/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py
deleted file mode 100644
index 1eff778c694..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py
+++ /dev/null
@@ -1,418 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_addrgrp6
-short_description: Configure IPv6 address groups in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and addrgrp6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_addrgrp6:
- description:
- - Configure IPv6 address groups.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- color:
- description:
- - Integer value to determine the color of the icon in the GUI (1 - 32).
- type: int
- comment:
- description:
- - Comment.
- type: str
- member:
- description:
- - Address objects contained within the group.
- type: list
- suboptions:
- name:
- description:
- - Address6/addrgrp6 name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- name:
- description:
- - IPv6 address group name.
- required: true
- type: str
- tagging:
- description:
- - Config object tagging.
- type: list
- suboptions:
- category:
- description:
- - Tag category. Source system.object-tagging.category.
- type: str
- name:
- description:
- - Tagging entry name.
- required: true
- type: str
- tags:
- description:
- - Tags.
- type: list
- suboptions:
- name:
- description:
- - Tag name. Source system.object-tagging.tags.name.
- required: true
- type: str
- uuid:
- description:
- - Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- type: str
- visibility:
- description:
- - Enable/disable address group6 visibility in the GUI.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 address groups.
- fortios_firewall_addrgrp6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_addrgrp6:
- color: "3"
- comment: "Comment."
- member:
- -
- name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)"
- name: "default_name_7"
- tagging:
- -
- category: " (source system.object-tagging.category)"
- name: "default_name_10"
- tags:
- -
- name: "default_name_12 (source system.object-tagging.tags.name)"
- uuid: ""
- visibility: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_addrgrp6_data(json):
- option_list = ['color', 'comment', 'member',
- 'name', 'tagging', 'uuid',
- 'visibility']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_addrgrp6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_addrgrp6'] and data['firewall_addrgrp6']:
- state = data['firewall_addrgrp6']['state']
- else:
- state = True
- firewall_addrgrp6_data = data['firewall_addrgrp6']
- filtered_data = underscore_to_hyphen(filter_firewall_addrgrp6_data(firewall_addrgrp6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'addrgrp6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'addrgrp6',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_addrgrp6']:
- resp = firewall_addrgrp6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_addrgrp6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "color": {"required": False, "type": "int"},
- "comment": {"required": False, "type": "str"},
- "member": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "name": {"required": True, "type": "str"},
- "tagging": {"required": False, "type": "list",
- "options": {
- "category": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "tags": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
- }},
- "uuid": {"required": False, "type": "str"},
- "visibility": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py b/lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py
deleted file mode 100644
index 085325f269b..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py
+++ /dev/null
@@ -1,320 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_auth_portal
-short_description: Configure firewall authentication portals in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and auth_portal category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- firewall_auth_portal:
- description:
- - Configure firewall authentication portals.
- default: null
- type: dict
- suboptions:
- groups:
- description:
- - Firewall user groups permitted to authenticate through this portal. Separate group names with spaces.
- type: list
- suboptions:
- name:
- description:
- - Group name. Source user.group.name.
- required: true
- type: str
- identity_based_route:
- description:
- - Name of the identity-based route that applies to this portal. Source firewall.identity-based-route.name.
- type: str
- portal_addr:
- description:
- - Address (or FQDN) of the authentication portal.
- type: str
- portal_addr6:
- description:
- - IPv6 address (or FQDN) of authentication portal.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure firewall authentication portals.
- fortios_firewall_auth_portal:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- firewall_auth_portal:
- groups:
- -
- name: "default_name_4 (source user.group.name)"
- identity_based_route: " (source firewall.identity-based-route.name)"
- portal_addr: ""
- portal_addr6: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_auth_portal_data(json):
- option_list = ['groups', 'identity_based_route', 'portal_addr',
- 'portal_addr6']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_auth_portal(data, fos):
- vdom = data['vdom']
- firewall_auth_portal_data = data['firewall_auth_portal']
- filtered_data = underscore_to_hyphen(filter_firewall_auth_portal_data(firewall_auth_portal_data))
-
- return fos.set('firewall',
- 'auth-portal',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_auth_portal']:
- resp = firewall_auth_portal(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "firewall_auth_portal": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "groups": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "identity_based_route": {"required": False, "type": "str"},
- "portal_addr": {"required": False, "type": "str"},
- "portal_addr6": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py b/lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py
deleted file mode 100644
index fb44e63ab03..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py
+++ /dev/null
@@ -1,463 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_central_snat_map
-short_description: Configure central SNAT policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and central_snat_map category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_central_snat_map:
- description:
- - Configure central SNAT policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comments:
- description:
- - Comment.
- type: str
- dst_addr:
- description:
- - Destination address name from available addresses.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- dstintf:
- description:
- - Destination interface name from available interfaces.
- type: list
- suboptions:
- name:
- description:
- - Interface name. Source system.interface.name system.zone.name.
- required: true
- type: str
- nat:
- description:
- - Enable/disable source NAT.
- type: str
- choices:
- - disable
- - enable
- nat_ippool:
- description:
- - Name of the IP pools to be used to translate addresses from available IP Pools.
- type: list
- suboptions:
- name:
- description:
- - IP pool name. Source firewall.ippool.name.
- required: true
- type: str
- nat_port:
- description:
- - Translated port or port range (0 to 65535).
- type: str
- orig_addr:
- description:
- - Original address.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- orig_port:
- description:
- - Original TCP port (0 to 65535).
- type: str
- policyid:
- description:
- - Policy ID.
- required: true
- type: int
- protocol:
- description:
- - Integer value for the protocol type (0 - 255).
- type: int
- srcintf:
- description:
- - Source interface name from available interfaces.
- type: list
- suboptions:
- name:
- description:
- - Interface name. Source system.interface.name system.zone.name.
- required: true
- type: str
- status:
- description:
- - Enable/disable the active status of this policy.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure central SNAT policies.
- fortios_firewall_central_snat_map:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_central_snat_map:
- comments: ""
- dst_addr:
- -
- name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)"
- dstintf:
- -
- name: "default_name_7 (source system.interface.name system.zone.name)"
- nat: "disable"
- nat_ippool:
- -
- name: "default_name_10 (source firewall.ippool.name)"
- nat_port: ""
- orig_addr:
- -
- name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)"
- orig_port: ""
- policyid: "15"
- protocol: "16"
- srcintf:
- -
- name: "default_name_18 (source system.interface.name system.zone.name)"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_central_snat_map_data(json):
- option_list = ['comments', 'dst_addr', 'dstintf',
- 'nat', 'nat_ippool', 'nat_port',
- 'orig_addr', 'orig_port', 'policyid',
- 'protocol', 'srcintf', 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_central_snat_map(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_central_snat_map'] and data['firewall_central_snat_map']:
- state = data['firewall_central_snat_map']['state']
- else:
- state = True
- firewall_central_snat_map_data = data['firewall_central_snat_map']
- filtered_data = underscore_to_hyphen(filter_firewall_central_snat_map_data(firewall_central_snat_map_data))
-
- if state == "present":
- return fos.set('firewall',
- 'central-snat-map',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'central-snat-map',
- mkey=filtered_data['policyid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_central_snat_map']:
- resp = firewall_central_snat_map(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_central_snat_map": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comments": {"required": False, "type": "str"},
- "dst_addr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "dstintf": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "nat": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "nat_ippool": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "nat_port": {"required": False, "type": "str"},
- "orig_addr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "orig_port": {"required": False, "type": "str"},
- "policyid": {"required": True, "type": "int"},
- "protocol": {"required": False, "type": "int"},
- "srcintf": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_dnstranslation.py b/lib/ansible/modules/network/fortios/fortios_firewall_dnstranslation.py
deleted file mode 100644
index 5f9c796b77b..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_dnstranslation.py
+++ /dev/null
@@ -1,352 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_dnstranslation
-short_description: Configure DNS translation in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and dnstranslation category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_dnstranslation:
- description:
- - Configure DNS translation.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- dst:
- description:
- - IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or
- subnet on the external network, but number of addresses must equal number of mapped IP addresses in src.
- type: str
- id:
- description:
- - ID.
- required: true
- type: int
- netmask:
- description:
- - If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst.
- type: str
- src:
- description:
- - IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address
- matches, the resolved address is substituted with dst.
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure DNS translation.
- fortios_firewall_dnstranslation:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_dnstranslation:
- dst: ""
- id: "4"
- netmask: ""
- src: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_dnstranslation_data(json):
- option_list = ['dst', 'id', 'netmask',
- 'src']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_dnstranslation(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_dnstranslation'] and data['firewall_dnstranslation']:
- state = data['firewall_dnstranslation']['state']
- else:
- state = True
- firewall_dnstranslation_data = data['firewall_dnstranslation']
- filtered_data = underscore_to_hyphen(filter_firewall_dnstranslation_data(firewall_dnstranslation_data))
-
- if state == "present":
- return fos.set('firewall',
- 'dnstranslation',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'dnstranslation',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_dnstranslation']:
- resp = firewall_dnstranslation(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_dnstranslation": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "dst": {"required": False, "type": "str"},
- "id": {"required": True, "type": "int"},
- "netmask": {"required": False, "type": "str"},
- "src": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py b/lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py
deleted file mode 100644
index fcdc6c4612f..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py
+++ /dev/null
@@ -1,383 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_identity_based_route
-short_description: Configure identity based routing in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and identity_based_route category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_identity_based_route:
- description:
- - Configure identity based routing.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comments:
- description:
- - Comments.
- type: str
- name:
- description:
- - Name.
- required: true
- type: str
- rule:
- description:
- - Rule.
- type: list
- suboptions:
- device:
- description:
- - Outgoing interface for the rule. Source system.interface.name.
- type: str
- gateway:
- description:
- - "IPv4 address of the gateway (Format: xxx.xxx.xxx.xxx )."
- type: str
- groups:
- description:
- - Select one or more group(s) from available groups that are allowed to use this route. Separate group names with a space.
- type: list
- suboptions:
- name:
- description:
- - Group name. Source user.group.name.
- required: true
- type: str
- id:
- description:
- - Rule ID.
- required: true
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure identity based routing.
- fortios_firewall_identity_based_route:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_identity_based_route:
- comments: ""
- name: "default_name_4"
- rule:
- -
- device: " (source system.interface.name)"
- gateway: ""
- groups:
- -
- name: "default_name_9 (source user.group.name)"
- id: "10"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_identity_based_route_data(json):
- option_list = ['comments', 'name', 'rule']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_identity_based_route(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_identity_based_route'] and data['firewall_identity_based_route']:
- state = data['firewall_identity_based_route']['state']
- else:
- state = True
- firewall_identity_based_route_data = data['firewall_identity_based_route']
- filtered_data = underscore_to_hyphen(filter_firewall_identity_based_route_data(firewall_identity_based_route_data))
-
- if state == "present":
- return fos.set('firewall',
- 'identity-based-route',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'identity-based-route',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_identity_based_route']:
- resp = firewall_identity_based_route(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_identity_based_route": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comments": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "rule": {"required": False, "type": "list",
- "options": {
- "device": {"required": False, "type": "str"},
- "gateway": {"required": False, "type": "str"},
- "groups": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "id": {"required": True, "type": "int"}
- }}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py
deleted file mode 100644
index 433b83c264a..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py
+++ /dev/null
@@ -1,555 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_interface_policy
-short_description: Configure IPv4 interface policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and interface_policy category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_interface_policy:
- description:
- - Configure IPv4 interface policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- address_type:
- description:
- - Policy address type (IPv4 or IPv6).
- type: str
- choices:
- - ipv4
- - ipv6
- application_list:
- description:
- - Application list name. Source application.list.name.
- type: str
- application_list_status:
- description:
- - Enable/disable application control.
- type: str
- choices:
- - enable
- - disable
- av_profile:
- description:
- - Antivirus profile. Source antivirus.profile.name.
- type: str
- av_profile_status:
- description:
- - Enable/disable antivirus.
- type: str
- choices:
- - enable
- - disable
- comments:
- description:
- - Comments.
- type: str
- dlp_sensor:
- description:
- - DLP sensor name. Source dlp.sensor.name.
- type: str
- dlp_sensor_status:
- description:
- - Enable/disable DLP.
- type: str
- choices:
- - enable
- - disable
- dsri:
- description:
- - Enable/disable DSRI.
- type: str
- choices:
- - enable
- - disable
- dstaddr:
- description:
- - Address object to limit traffic monitoring to network traffic sent to the specified address or range.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- interface:
- description:
- - Monitored interface name from available interfaces. Source system.zone.name system.interface.name.
- type: str
- ips_sensor:
- description:
- - IPS sensor name. Source ips.sensor.name.
- type: str
- ips_sensor_status:
- description:
- - Enable/disable IPS.
- type: str
- choices:
- - enable
- - disable
- label:
- description:
- - Label.
- type: str
- logtraffic:
- description:
- - "Logging type to be used in this policy (Options: all | utm | disable)."
- type: str
- choices:
- - all
- - utm
- - disable
- policyid:
- description:
- - Policy ID.
- required: true
- type: int
- scan_botnet_connections:
- description:
- - Enable/disable scanning for connections to Botnet servers.
- type: str
- choices:
- - disable
- - block
- - monitor
- service:
- description:
- - Service object from available options.
- type: list
- suboptions:
- name:
- description:
- - Service name. Source firewall.service.custom.name firewall.service.group.name.
- required: true
- type: str
- spamfilter_profile:
- description:
- - Antispam profile. Source spamfilter.profile.name.
- type: str
- spamfilter_profile_status:
- description:
- - Enable/disable antispam.
- type: str
- choices:
- - enable
- - disable
- srcaddr:
- description:
- - Address object to limit traffic monitoring to network traffic sent from the specified address or range.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- status:
- description:
- - Enable/disable this policy.
- type: str
- choices:
- - enable
- - disable
- webfilter_profile:
- description:
- - Web filter profile. Source webfilter.profile.name.
- type: str
- webfilter_profile_status:
- description:
- - Enable/disable web filtering.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv4 interface policies.
- fortios_firewall_interface_policy:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_interface_policy:
- address_type: "ipv4"
- application_list: " (source application.list.name)"
- application_list_status: "enable"
- av_profile: " (source antivirus.profile.name)"
- av_profile_status: "enable"
- comments: ""
- dlp_sensor: " (source dlp.sensor.name)"
- dlp_sensor_status: "enable"
- dsri: "enable"
- dstaddr:
- -
- name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)"
- interface: " (source system.zone.name system.interface.name)"
- ips_sensor: " (source ips.sensor.name)"
- ips_sensor_status: "enable"
- label: ""
- logtraffic: "all"
- policyid: "19"
- scan_botnet_connections: "disable"
- service:
- -
- name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)"
- spamfilter_profile: " (source spamfilter.profile.name)"
- spamfilter_profile_status: "enable"
- srcaddr:
- -
- name: "default_name_26 (source firewall.address.name firewall.addrgrp.name)"
- status: "enable"
- webfilter_profile: " (source webfilter.profile.name)"
- webfilter_profile_status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_interface_policy_data(json):
- option_list = ['address_type', 'application_list', 'application_list_status',
- 'av_profile', 'av_profile_status', 'comments',
- 'dlp_sensor', 'dlp_sensor_status', 'dsri',
- 'dstaddr', 'interface', 'ips_sensor',
- 'ips_sensor_status', 'label', 'logtraffic',
- 'policyid', 'scan_botnet_connections', 'service',
- 'spamfilter_profile', 'spamfilter_profile_status', 'srcaddr',
- 'status', 'webfilter_profile', 'webfilter_profile_status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_interface_policy(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_interface_policy'] and data['firewall_interface_policy']:
- state = data['firewall_interface_policy']['state']
- else:
- state = True
- firewall_interface_policy_data = data['firewall_interface_policy']
- filtered_data = underscore_to_hyphen(filter_firewall_interface_policy_data(firewall_interface_policy_data))
-
- if state == "present":
- return fos.set('firewall',
- 'interface-policy',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'interface-policy',
- mkey=filtered_data['policyid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_interface_policy']:
- resp = firewall_interface_policy(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_interface_policy": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "address_type": {"required": False, "type": "str",
- "choices": ["ipv4", "ipv6"]},
- "application_list": {"required": False, "type": "str"},
- "application_list_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "av_profile": {"required": False, "type": "str"},
- "av_profile_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "comments": {"required": False, "type": "str"},
- "dlp_sensor": {"required": False, "type": "str"},
- "dlp_sensor_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "dsri": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "dstaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "interface": {"required": False, "type": "str"},
- "ips_sensor": {"required": False, "type": "str"},
- "ips_sensor_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "label": {"required": False, "type": "str"},
- "logtraffic": {"required": False, "type": "str",
- "choices": ["all", "utm", "disable"]},
- "policyid": {"required": True, "type": "int"},
- "scan_botnet_connections": {"required": False, "type": "str",
- "choices": ["disable", "block", "monitor"]},
- "service": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "spamfilter_profile": {"required": False, "type": "str"},
- "spamfilter_profile_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "webfilter_profile": {"required": False, "type": "str"},
- "webfilter_profile_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py
deleted file mode 100644
index 6cdde1d5024..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py
+++ /dev/null
@@ -1,555 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_interface_policy6
-short_description: Configure IPv6 interface policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and interface_policy6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_interface_policy6:
- description:
- - Configure IPv6 interface policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- address_type:
- description:
- - Policy address type (IPv4 or IPv6).
- type: str
- choices:
- - ipv4
- - ipv6
- application_list:
- description:
- - Application list name. Source application.list.name.
- type: str
- application_list_status:
- description:
- - Enable/disable application control.
- type: str
- choices:
- - enable
- - disable
- av_profile:
- description:
- - Antivirus profile. Source antivirus.profile.name.
- type: str
- av_profile_status:
- description:
- - Enable/disable antivirus.
- type: str
- choices:
- - enable
- - disable
- comments:
- description:
- - Comments.
- type: str
- dlp_sensor:
- description:
- - DLP sensor name. Source dlp.sensor.name.
- type: str
- dlp_sensor_status:
- description:
- - Enable/disable DLP.
- type: str
- choices:
- - enable
- - disable
- dsri:
- description:
- - Enable/disable DSRI.
- type: str
- choices:
- - enable
- - disable
- dstaddr6:
- description:
- - IPv6 address object to limit traffic monitoring to network traffic sent to the specified address or range.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- interface:
- description:
- - Monitored interface name from available interfaces. Source system.zone.name system.interface.name.
- type: str
- ips_sensor:
- description:
- - IPS sensor name. Source ips.sensor.name.
- type: str
- ips_sensor_status:
- description:
- - Enable/disable IPS.
- type: str
- choices:
- - enable
- - disable
- label:
- description:
- - Label.
- type: str
- logtraffic:
- description:
- - "Logging type to be used in this policy (Options: all | utm | disable)."
- type: str
- choices:
- - all
- - utm
- - disable
- policyid:
- description:
- - Policy ID.
- required: true
- type: int
- scan_botnet_connections:
- description:
- - Enable/disable scanning for connections to Botnet servers.
- type: str
- choices:
- - disable
- - block
- - monitor
- service6:
- description:
- - Service name.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.service.custom.name firewall.service.group.name.
- required: true
- type: str
- spamfilter_profile:
- description:
- - Antispam profile. Source spamfilter.profile.name.
- type: str
- spamfilter_profile_status:
- description:
- - Enable/disable antispam.
- type: str
- choices:
- - enable
- - disable
- srcaddr6:
- description:
- - IPv6 address object to limit traffic monitoring to network traffic sent from the specified address or range.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- status:
- description:
- - Enable/disable this policy.
- type: str
- choices:
- - enable
- - disable
- webfilter_profile:
- description:
- - Web filter profile. Source webfilter.profile.name.
- type: str
- webfilter_profile_status:
- description:
- - Enable/disable web filtering.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 interface policies.
- fortios_firewall_interface_policy6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_interface_policy6:
- address_type: "ipv4"
- application_list: " (source application.list.name)"
- application_list_status: "enable"
- av_profile: " (source antivirus.profile.name)"
- av_profile_status: "enable"
- comments: ""
- dlp_sensor: " (source dlp.sensor.name)"
- dlp_sensor_status: "enable"
- dsri: "enable"
- dstaddr6:
- -
- name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)"
- interface: " (source system.zone.name system.interface.name)"
- ips_sensor: " (source ips.sensor.name)"
- ips_sensor_status: "enable"
- label: ""
- logtraffic: "all"
- policyid: "19"
- scan_botnet_connections: "disable"
- service6:
- -
- name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)"
- spamfilter_profile: " (source spamfilter.profile.name)"
- spamfilter_profile_status: "enable"
- srcaddr6:
- -
- name: "default_name_26 (source firewall.address6.name firewall.addrgrp6.name)"
- status: "enable"
- webfilter_profile: " (source webfilter.profile.name)"
- webfilter_profile_status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_interface_policy6_data(json):
- option_list = ['address_type', 'application_list', 'application_list_status',
- 'av_profile', 'av_profile_status', 'comments',
- 'dlp_sensor', 'dlp_sensor_status', 'dsri',
- 'dstaddr6', 'interface', 'ips_sensor',
- 'ips_sensor_status', 'label', 'logtraffic',
- 'policyid', 'scan_botnet_connections', 'service6',
- 'spamfilter_profile', 'spamfilter_profile_status', 'srcaddr6',
- 'status', 'webfilter_profile', 'webfilter_profile_status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_interface_policy6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_interface_policy6'] and data['firewall_interface_policy6']:
- state = data['firewall_interface_policy6']['state']
- else:
- state = True
- firewall_interface_policy6_data = data['firewall_interface_policy6']
- filtered_data = underscore_to_hyphen(filter_firewall_interface_policy6_data(firewall_interface_policy6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'interface-policy6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'interface-policy6',
- mkey=filtered_data['policyid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_interface_policy6']:
- resp = firewall_interface_policy6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_interface_policy6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "address_type": {"required": False, "type": "str",
- "choices": ["ipv4", "ipv6"]},
- "application_list": {"required": False, "type": "str"},
- "application_list_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "av_profile": {"required": False, "type": "str"},
- "av_profile_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "comments": {"required": False, "type": "str"},
- "dlp_sensor": {"required": False, "type": "str"},
- "dlp_sensor_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "dsri": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "dstaddr6": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "interface": {"required": False, "type": "str"},
- "ips_sensor": {"required": False, "type": "str"},
- "ips_sensor_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "label": {"required": False, "type": "str"},
- "logtraffic": {"required": False, "type": "str",
- "choices": ["all", "utm", "disable"]},
- "policyid": {"required": True, "type": "int"},
- "scan_botnet_connections": {"required": False, "type": "str",
- "choices": ["disable", "block", "monitor"]},
- "service6": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "spamfilter_profile": {"required": False, "type": "str"},
- "spamfilter_profile_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "srcaddr6": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "webfilter_profile": {"required": False, "type": "str"},
- "webfilter_profile_status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py b/lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py
deleted file mode 100644
index 87188c7f13d..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py
+++ /dev/null
@@ -1,425 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_internet_service
-short_description: Show Internet Service application in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and internet_service category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_internet_service:
- description:
- - Show Internet Service application.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- database:
- description:
- - Database name this Internet Service belongs to.
- type: str
- choices:
- - isdb
- - irdb
- direction:
- description:
- - How this service may be used in a firewall policy (source, destination or both).
- type: str
- choices:
- - src
- - dst
- - both
- entry:
- description:
- - Entries in the Internet Service database.
- type: list
- suboptions:
- id:
- description:
- - Entry ID.
- required: true
- type: int
- ip_number:
- description:
- - Total number of IP addresses.
- type: int
- ip_range_number:
- description:
- - Total number of IP ranges.
- type: int
- port:
- description:
- - Integer value for the TCP/IP port (0 - 65535).
- type: int
- protocol:
- description:
- - Integer value for the protocol type as defined by IANA (0 - 255).
- type: int
- icon_id:
- description:
- - Icon ID of Internet Service.
- type: int
- id:
- description:
- - Internet Service ID.
- required: true
- type: int
- name:
- description:
- - Internet Service name.
- type: str
- offset:
- description:
- - Offset of Internet Service ID.
- type: int
- reputation:
- description:
- - Reputation level of the Internet Service.
- type: int
- sld_id:
- description:
- - Second Level Domain.
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Show Internet Service application.
- fortios_firewall_internet_service:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_internet_service:
- database: "isdb"
- direction: "src"
- entry:
- -
- id: "6"
- ip_number: "7"
- ip_range_number: "8"
- port: "9"
- protocol: "10"
- icon_id: "11"
- id: "12"
- name: "default_name_13"
- offset: "14"
- reputation: "15"
- sld_id: "16"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_internet_service_data(json):
- option_list = ['database', 'direction', 'entry',
- 'icon_id', 'id', 'name',
- 'offset', 'reputation', 'sld_id']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_internet_service(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_internet_service'] and data['firewall_internet_service']:
- state = data['firewall_internet_service']['state']
- else:
- state = True
- firewall_internet_service_data = data['firewall_internet_service']
- filtered_data = underscore_to_hyphen(filter_firewall_internet_service_data(firewall_internet_service_data))
-
- if state == "present":
- return fos.set('firewall',
- 'internet-service',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'internet-service',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_internet_service']:
- resp = firewall_internet_service(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_internet_service": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "database": {"required": False, "type": "str",
- "choices": ["isdb", "irdb"]},
- "direction": {"required": False, "type": "str",
- "choices": ["src", "dst", "both"]},
- "entry": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"},
- "ip_number": {"required": False, "type": "int"},
- "ip_range_number": {"required": False, "type": "int"},
- "port": {"required": False, "type": "int"},
- "protocol": {"required": False, "type": "int"}
- }},
- "icon_id": {"required": False, "type": "int"},
- "id": {"required": True, "type": "int"},
- "name": {"required": False, "type": "str"},
- "offset": {"required": False, "type": "int"},
- "reputation": {"required": False, "type": "int"},
- "sld_id": {"required": False, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py b/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py
deleted file mode 100644
index 169fcce8e29..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py
+++ /dev/null
@@ -1,472 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_internet_service_custom
-short_description: Configure custom Internet Services in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and internet_service_custom category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_internet_service_custom:
- description:
- - Configure custom Internet Services.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comment:
- description:
- - Comment.
- type: str
- disable_entry:
- description:
- - Disable entries in the Internet Service database.
- type: list
- suboptions:
- id:
- description:
- - Disable entry ID.
- required: true
- type: int
- ip_range:
- description:
- - IP ranges in the disable entry.
- type: list
- suboptions:
- end_ip:
- description:
- - End IP address.
- type: str
- id:
- description:
- - Disable entry range ID.
- required: true
- type: int
- start_ip:
- description:
- - Start IP address.
- type: str
- port:
- description:
- - Integer value for the TCP/IP port (0 - 65535).
- type: int
- protocol:
- description:
- - Integer value for the protocol type as defined by IANA (0 - 255).
- type: int
- entry:
- description:
- - Entries added to the Internet Service database and custom database.
- type: list
- suboptions:
- dst:
- description:
- - Destination address or address group name.
- type: list
- suboptions:
- name:
- description:
- - Select the destination address or address group object from available options. Source firewall.address.name firewall
- .addrgrp.name.
- required: true
- type: str
- id:
- description:
- - Entry ID(1-255).
- required: true
- type: int
- port_range:
- description:
- - Port ranges in the custom entry.
- type: list
- suboptions:
- end_port:
- description:
- - Integer value for ending TCP/UDP/SCTP destination port in range (1 to 65535).
- type: int
- id:
- description:
- - Custom entry port range ID.
- required: true
- type: int
- start_port:
- description:
- - Integer value for starting TCP/UDP/SCTP destination port in range (1 to 65535).
- type: int
- protocol:
- description:
- - Integer value for the protocol type as defined by IANA (0 - 255).
- type: int
- master_service_id:
- description:
- - Internet Service ID in the Internet Service database. Source firewall.internet-service.id.
- type: int
- name:
- description:
- - Internet Service name.
- required: true
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure custom Internet Services.
- fortios_firewall_internet_service_custom:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_internet_service_custom:
- comment: "Comment."
- disable_entry:
- -
- id: "5"
- ip_range:
- -
- end_ip: ""
- id: "8"
- start_ip: ""
- port: "10"
- protocol: "11"
- entry:
- -
- dst:
- -
- name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)"
- id: "15"
- port_range:
- -
- end_port: "17"
- id: "18"
- start_port: "19"
- protocol: "20"
- master_service_id: "21 (source firewall.internet-service.id)"
- name: "default_name_22"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_internet_service_custom_data(json):
- option_list = ['comment', 'disable_entry', 'entry',
- 'master_service_id', 'name']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_internet_service_custom(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_internet_service_custom'] and data['firewall_internet_service_custom']:
- state = data['firewall_internet_service_custom']['state']
- else:
- state = True
- firewall_internet_service_custom_data = data['firewall_internet_service_custom']
- filtered_data = underscore_to_hyphen(filter_firewall_internet_service_custom_data(firewall_internet_service_custom_data))
-
- if state == "present":
- return fos.set('firewall',
- 'internet-service-custom',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'internet-service-custom',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_internet_service_custom']:
- resp = firewall_internet_service_custom(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_internet_service_custom": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comment": {"required": False, "type": "str"},
- "disable_entry": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"},
- "ip_range": {"required": False, "type": "list",
- "options": {
- "end_ip": {"required": False, "type": "str"},
- "id": {"required": True, "type": "int"},
- "start_ip": {"required": False, "type": "str"}
- }},
- "port": {"required": False, "type": "int"},
- "protocol": {"required": False, "type": "int"}
- }},
- "entry": {"required": False, "type": "list",
- "options": {
- "dst": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "id": {"required": True, "type": "int"},
- "port_range": {"required": False, "type": "list",
- "options": {
- "end_port": {"required": False, "type": "int"},
- "id": {"required": True, "type": "int"},
- "start_port": {"required": False, "type": "int"}
- }},
- "protocol": {"required": False, "type": "int"}
- }},
- "master_service_id": {"required": False, "type": "int"},
- "name": {"required": True, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py b/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py
deleted file mode 100644
index 4081bab9135..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py
+++ /dev/null
@@ -1,354 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_internet_service_group
-short_description: Configure group of Internet Service in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and internet_service_group category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_internet_service_group:
- description:
- - Configure group of Internet Service.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comment:
- description:
- - Comment.
- type: str
- member:
- description:
- - Internet Service group member.
- type: list
- suboptions:
- id:
- description:
- - Internet Service ID. Source firewall.internet-service.id.
- required: true
- type: int
- name:
- description:
- - Internet Service group name.
- required: true
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure group of Internet Service.
- fortios_firewall_internet_service_group:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_internet_service_group:
- comment: "Comment."
- member:
- -
- id: "5 (source firewall.internet-service.id)"
- name: "default_name_6"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_internet_service_group_data(json):
- option_list = ['comment', 'member', 'name']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_internet_service_group(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_internet_service_group'] and data['firewall_internet_service_group']:
- state = data['firewall_internet_service_group']['state']
- else:
- state = True
- firewall_internet_service_group_data = data['firewall_internet_service_group']
- filtered_data = underscore_to_hyphen(filter_firewall_internet_service_group_data(firewall_internet_service_group_data))
-
- if state == "present":
- return fos.set('firewall',
- 'internet-service-group',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'internet-service-group',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_internet_service_group']:
- resp = firewall_internet_service_group(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_internet_service_group": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comment": {"required": False, "type": "str"},
- "member": {"required": False, "type": "list",
- "options": {
- "id": {"required": True, "type": "int"}
- }},
- "name": {"required": True, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ip_translation.py b/lib/ansible/modules/network/fortios/fortios_firewall_ip_translation.py
deleted file mode 100644
index 79fec1d5fe7..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_ip_translation.py
+++ /dev/null
@@ -1,359 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_ip_translation
-short_description: Configure firewall IP-translation in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and ip_translation category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_ip_translation:
- description:
- - Configure firewall IP-translation.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- endip:
- description:
- - "Final IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx)."
- type: str
- map_startip:
- description:
- - "Address to be used as the starting point for translation in the range (format xxx.xxx.xxx.xxx)."
- type: str
- startip:
- description:
- - "First IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx)."
- type: str
- transid:
- description:
- - IP translation ID.
- required: true
- type: int
- type:
- description:
- - "IP translation type (option: SCTP)."
- type: str
- choices:
- - SCTP
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure firewall IP-translation.
- fortios_firewall_ip_translation:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_ip_translation:
- endip: ""
- map_startip: ""
- startip: ""
- transid: "6"
- type: "SCTP"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_ip_translation_data(json):
- option_list = ['endip', 'map_startip', 'startip',
- 'transid', 'type']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_ip_translation(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_ip_translation'] and data['firewall_ip_translation']:
- state = data['firewall_ip_translation']['state']
- else:
- state = True
- firewall_ip_translation_data = data['firewall_ip_translation']
- filtered_data = underscore_to_hyphen(filter_firewall_ip_translation_data(firewall_ip_translation_data))
-
- if state == "present":
- return fos.set('firewall',
- 'ip-translation',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'ip-translation',
- mkey=filtered_data['transid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_ip_translation']:
- resp = firewall_ip_translation(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_ip_translation": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "endip": {"required": False, "type": "str"},
- "map_startip": {"required": False, "type": "str"},
- "startip": {"required": False, "type": "str"},
- "transid": {"required": True, "type": "int"},
- "type": {"required": False, "type": "str",
- "choices": ["SCTP"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_setting.py b/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_setting.py
deleted file mode 100644
index 658d686ad23..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_setting.py
+++ /dev/null
@@ -1,314 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_ipmacbinding_setting
-short_description: Configure IP to MAC binding settings in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall_ipmacbinding feature and setting category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- firewall_ipmacbinding_setting:
- description:
- - Configure IP to MAC binding settings.
- default: null
- type: dict
- suboptions:
- bindthroughfw:
- description:
- - Enable/disable use of IP/MAC binding to filter packets that would normally go through the firewall.
- type: str
- choices:
- - enable
- - disable
- bindtofw:
- description:
- - Enable/disable use of IP/MAC binding to filter packets that would normally go to the firewall.
- type: str
- choices:
- - enable
- - disable
- undefinedhost:
- description:
- - Select action to take on packets with IP/MAC addresses not in the binding list .
- type: str
- choices:
- - allow
- - block
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IP to MAC binding settings.
- fortios_firewall_ipmacbinding_setting:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- firewall_ipmacbinding_setting:
- bindthroughfw: "enable"
- bindtofw: "enable"
- undefinedhost: "allow"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_ipmacbinding_setting_data(json):
- option_list = ['bindthroughfw', 'bindtofw', 'undefinedhost']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_ipmacbinding_setting(data, fos):
- vdom = data['vdom']
- firewall_ipmacbinding_setting_data = data['firewall_ipmacbinding_setting']
- filtered_data = underscore_to_hyphen(filter_firewall_ipmacbinding_setting_data(firewall_ipmacbinding_setting_data))
-
- return fos.set('firewall.ipmacbinding',
- 'setting',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall_ipmacbinding(data, fos):
-
- if data['firewall_ipmacbinding_setting']:
- resp = firewall_ipmacbinding_setting(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "firewall_ipmacbinding_setting": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "bindthroughfw": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "bindtofw": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "undefinedhost": {"required": False, "type": "str",
- "choices": ["allow", "block"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_table.py b/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_table.py
deleted file mode 100644
index 5f1a468f31c..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_table.py
+++ /dev/null
@@ -1,359 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_ipmacbinding_table
-short_description: Configure IP to MAC address pairs in the IP/MAC binding table in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall_ipmacbinding feature and table category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_ipmacbinding_table:
- description:
- - Configure IP to MAC address pairs in the IP/MAC binding table.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- ip:
- description:
- - "IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx)."
- type: str
- mac:
- description:
- - "MAC address portion of the pair (format: xx:xx:xx:xx:xx:xx in hexidecimal)."
- type: str
- name:
- description:
- - Name of the pair (optional).
- type: str
- seq_num:
- description:
- - Entry number.
- type: int
- status:
- description:
- - Enable/disable this IP-mac binding pair.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IP to MAC address pairs in the IP/MAC binding table.
- fortios_firewall_ipmacbinding_table:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_ipmacbinding_table:
- ip: ""
- mac: ""
- name: "default_name_5"
- seq_num: "6"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_ipmacbinding_table_data(json):
- option_list = ['ip', 'mac', 'name',
- 'seq_num', 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_ipmacbinding_table(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_ipmacbinding_table'] and data['firewall_ipmacbinding_table']:
- state = data['firewall_ipmacbinding_table']['state']
- else:
- state = True
- firewall_ipmacbinding_table_data = data['firewall_ipmacbinding_table']
- filtered_data = underscore_to_hyphen(filter_firewall_ipmacbinding_table_data(firewall_ipmacbinding_table_data))
-
- if state == "present":
- return fos.set('firewall.ipmacbinding',
- 'table',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall.ipmacbinding',
- 'table',
- mkey=filtered_data['seq-num'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall_ipmacbinding(data, fos):
-
- if data['firewall_ipmacbinding_table']:
- resp = firewall_ipmacbinding_table(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_ipmacbinding_table": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "ip": {"required": False, "type": "str"},
- "mac": {"required": False, "type": "str"},
- "name": {"required": False, "type": "str"},
- "seq_num": {"required": False, "type": "int"},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ippool.py b/lib/ansible/modules/network/fortios/fortios_firewall_ippool.py
deleted file mode 100644
index 67def2f4d02..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_ippool.py
+++ /dev/null
@@ -1,428 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_ippool
-short_description: Configure IPv4 IP pools in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and ippool category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_ippool:
- description:
- - Configure IPv4 IP pools.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- arp_intf:
- description:
- - Select an interface from available options that will reply to ARP requests. (If blank, any is selected). Source system.interface.name.
- type: str
- arp_reply:
- description:
- - Enable/disable replying to ARP requests when an IP Pool is added to a policy .
- type: str
- choices:
- - disable
- - enable
- associated_interface:
- description:
- - Associated interface name. Source system.interface.name.
- type: str
- block_size:
- description:
- - Number of addresses in a block (64 to 4096).
- type: int
- comments:
- description:
- - Comment.
- type: str
- endip:
- description:
- - "Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx)."
- type: str
- name:
- description:
- - IP pool name.
- required: true
- type: str
- num_blocks_per_user:
- description:
- - Number of addresses blocks that can be used by a user (1 to 128).
- type: int
- pba_timeout:
- description:
- - Port block allocation timeout (seconds).
- type: int
- permit_any_host:
- description:
- - Enable/disable full cone NAT.
- type: str
- choices:
- - disable
- - enable
- source_endip:
- description:
- - "Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx)."
- type: str
- source_startip:
- description:
- - " First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx)."
- type: str
- startip:
- description:
- - "First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx)."
- type: str
- type:
- description:
- - IP pool type (overload, one-to-one, fixed port range, or port block allocation).
- type: str
- choices:
- - overload
- - one-to-one
- - fixed-port-range
- - port-block-allocation
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv4 IP pools.
- fortios_firewall_ippool:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_ippool:
- arp_intf: " (source system.interface.name)"
- arp_reply: "disable"
- associated_interface: " (source system.interface.name)"
- block_size: "6"
- comments: ""
- endip: ""
- name: "default_name_9"
- num_blocks_per_user: "10"
- pba_timeout: "11"
- permit_any_host: "disable"
- source_endip: ""
- source_startip: ""
- startip: ""
- type: "overload"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_ippool_data(json):
- option_list = ['arp_intf', 'arp_reply', 'associated_interface',
- 'block_size', 'comments', 'endip',
- 'name', 'num_blocks_per_user', 'pba_timeout',
- 'permit_any_host', 'source_endip', 'source_startip',
- 'startip', 'type']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_ippool(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_ippool'] and data['firewall_ippool']:
- state = data['firewall_ippool']['state']
- else:
- state = True
- firewall_ippool_data = data['firewall_ippool']
- filtered_data = underscore_to_hyphen(filter_firewall_ippool_data(firewall_ippool_data))
-
- if state == "present":
- return fos.set('firewall',
- 'ippool',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'ippool',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_ippool']:
- resp = firewall_ippool(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_ippool": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "arp_intf": {"required": False, "type": "str"},
- "arp_reply": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "associated_interface": {"required": False, "type": "str"},
- "block_size": {"required": False, "type": "int"},
- "comments": {"required": False, "type": "str"},
- "endip": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "num_blocks_per_user": {"required": False, "type": "int"},
- "pba_timeout": {"required": False, "type": "int"},
- "permit_any_host": {"required": False, "type": "str",
- "choices": ["disable", "enable"]},
- "source_endip": {"required": False, "type": "str"},
- "source_startip": {"required": False, "type": "str"},
- "startip": {"required": False, "type": "str"},
- "type": {"required": False, "type": "str",
- "choices": ["overload", "one-to-one", "fixed-port-range",
- "port-block-allocation"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ippool6.py b/lib/ansible/modules/network/fortios/fortios_firewall_ippool6.py
deleted file mode 100644
index 0dbd9b0413a..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_ippool6.py
+++ /dev/null
@@ -1,350 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_ippool6
-short_description: Configure IPv6 IP pools in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and ippool6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_ippool6:
- description:
- - Configure IPv6 IP pools.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- comments:
- description:
- - Comment.
- type: str
- endip:
- description:
- - "Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)."
- type: str
- name:
- description:
- - IPv6 IP pool name.
- required: true
- type: str
- startip:
- description:
- - "First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)."
- type: str
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 IP pools.
- fortios_firewall_ippool6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_ippool6:
- comments: ""
- endip: ""
- name: "default_name_5"
- startip: ""
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_ippool6_data(json):
- option_list = ['comments', 'endip', 'name',
- 'startip']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_ippool6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_ippool6'] and data['firewall_ippool6']:
- state = data['firewall_ippool6']['state']
- else:
- state = True
- firewall_ippool6_data = data['firewall_ippool6']
- filtered_data = underscore_to_hyphen(filter_firewall_ippool6_data(firewall_ippool6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'ippool6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'ippool6',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_ippool6']:
- resp = firewall_ippool6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_ippool6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "comments": {"required": False, "type": "str"},
- "endip": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "startip": {"required": False, "type": "str"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ipv6_eh_filter.py b/lib/ansible/modules/network/fortios/fortios_firewall_ipv6_eh_filter.py
deleted file mode 100644
index 49631b2851f..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_ipv6_eh_filter.py
+++ /dev/null
@@ -1,358 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_ipv6_eh_filter
-short_description: Configure IPv6 extension header filter in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and ipv6_eh_filter category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- firewall_ipv6_eh_filter:
- description:
- - Configure IPv6 extension header filter.
- default: null
- type: dict
- suboptions:
- auth:
- description:
- - Enable/disable blocking packets with the Authentication header .
- type: str
- choices:
- - enable
- - disable
- dest_opt:
- description:
- - Enable/disable blocking packets with Destination Options headers .
- type: str
- choices:
- - enable
- - disable
- fragment:
- description:
- - Enable/disable blocking packets with the Fragment header .
- type: str
- choices:
- - enable
- - disable
- hdopt_type:
- description:
- - Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255).
- type: int
- hop_opt:
- description:
- - Enable/disable blocking packets with the Hop-by-Hop Options header .
- type: str
- choices:
- - enable
- - disable
- no_next:
- description:
- - Enable/disable blocking packets with the No Next header
- type: str
- choices:
- - enable
- - disable
- routing:
- description:
- - Enable/disable blocking packets with Routing headers .
- type: str
- choices:
- - enable
- - disable
- routing_type:
- description:
- - Block specific Routing header types (max. 7 types, each between 0 and 255).
- type: int
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 extension header filter.
- fortios_firewall_ipv6_eh_filter:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- firewall_ipv6_eh_filter:
- auth: "enable"
- dest_opt: "enable"
- fragment: "enable"
- hdopt_type: "6"
- hop_opt: "enable"
- no_next: "enable"
- routing: "enable"
- routing_type: "10"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_ipv6_eh_filter_data(json):
- option_list = ['auth', 'dest_opt', 'fragment',
- 'hdopt_type', 'hop_opt', 'no_next',
- 'routing', 'routing_type']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_ipv6_eh_filter(data, fos):
- vdom = data['vdom']
- firewall_ipv6_eh_filter_data = data['firewall_ipv6_eh_filter']
- filtered_data = underscore_to_hyphen(filter_firewall_ipv6_eh_filter_data(firewall_ipv6_eh_filter_data))
-
- return fos.set('firewall',
- 'ipv6-eh-filter',
- data=filtered_data,
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_ipv6_eh_filter']:
- resp = firewall_ipv6_eh_filter(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "firewall_ipv6_eh_filter": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "auth": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "dest_opt": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "fragment": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "hdopt_type": {"required": False, "type": "int"},
- "hop_opt": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "no_next": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "routing": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "routing_type": {"required": False, "type": "int"}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ldb_monitor.py b/lib/ansible/modules/network/fortios/fortios_firewall_ldb_monitor.py
deleted file mode 100644
index 489dca5b06a..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_ldb_monitor.py
+++ /dev/null
@@ -1,388 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_ldb_monitor
-short_description: Configure server load balancing health monitors in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and ldb_monitor category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_ldb_monitor:
- description:
- - Configure server load balancing health monitors.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- http_get:
- description:
- - URL used to send a GET request to check the health of an HTTP server.
- type: str
- http_match:
- description:
- - String to match the value expected in response to an HTTP-GET request.
- type: str
- http_max_redirects:
- description:
- - The maximum number of HTTP redirects to be allowed (0 - 5).
- type: int
- interval:
- description:
- - Time between health checks (5 - 65635 sec).
- type: int
- name:
- description:
- - Monitor name.
- required: true
- type: str
- port:
- description:
- - Service port used to perform the health check. If 0, health check monitor inherits port configured for the server (0 - 65635).
- type: int
- retry:
- description:
- - Number health check attempts before the server is considered down (1 - 255).
- type: int
- timeout:
- description:
- - Time to wait to receive response to a health check from a server. Reaching the timeout means the health check failed (1 - 255 sec).
- type: int
- type:
- description:
- - Select the Monitor type used by the health check monitor to check the health of the server (PING | TCP | HTTP).
- type: str
- choices:
- - ping
- - tcp
- - http
- - passive-sip
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure server load balancing health monitors.
- fortios_firewall_ldb_monitor:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_ldb_monitor:
- http_get: ""
- http_match: ""
- http_max_redirects: "5"
- interval: "6"
- name: "default_name_7"
- port: "8"
- retry: "9"
- timeout: "10"
- type: "ping"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_ldb_monitor_data(json):
- option_list = ['http_get', 'http_match', 'http_max_redirects',
- 'interval', 'name', 'port',
- 'retry', 'timeout', 'type']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_ldb_monitor(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_ldb_monitor'] and data['firewall_ldb_monitor']:
- state = data['firewall_ldb_monitor']['state']
- else:
- state = True
- firewall_ldb_monitor_data = data['firewall_ldb_monitor']
- filtered_data = underscore_to_hyphen(filter_firewall_ldb_monitor_data(firewall_ldb_monitor_data))
-
- if state == "present":
- return fos.set('firewall',
- 'ldb-monitor',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'ldb-monitor',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_ldb_monitor']:
- resp = firewall_ldb_monitor(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_ldb_monitor": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "http_get": {"required": False, "type": "str"},
- "http_match": {"required": False, "type": "str"},
- "http_max_redirects": {"required": False, "type": "int"},
- "interval": {"required": False, "type": "int"},
- "name": {"required": True, "type": "str"},
- "port": {"required": False, "type": "int"},
- "retry": {"required": False, "type": "int"},
- "timeout": {"required": False, "type": "int"},
- "type": {"required": False, "type": "str",
- "choices": ["ping", "tcp", "http",
- "passive-sip"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py
deleted file mode 100644
index 702552be6a6..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py
+++ /dev/null
@@ -1,434 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_local_in_policy
-short_description: Configure user defined IPv4 local-in policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and local_in_policy category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_local_in_policy:
- description:
- - Configure user defined IPv4 local-in policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- action:
- description:
- - Action performed on traffic matching the policy .
- type: str
- choices:
- - accept
- - deny
- comments:
- description:
- - Comment.
- type: str
- dstaddr:
- description:
- - Destination address object from available options.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- ha_mgmt_intf_only:
- description:
- - Enable/disable dedicating the HA management interface only for local-in policy.
- type: str
- choices:
- - enable
- - disable
- intf:
- description:
- - Incoming interface name from available options. Source system.zone.name system.interface.name.
- type: str
- policyid:
- description:
- - User defined local in policy ID.
- required: true
- type: int
- schedule:
- description:
- - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group
- .name.
- type: str
- service:
- description:
- - Service object from available options.
- type: list
- suboptions:
- name:
- description:
- - Service name. Source firewall.service.custom.name firewall.service.group.name.
- required: true
- type: str
- srcaddr:
- description:
- - Source address object from available options.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- status:
- description:
- - Enable/disable this local-in policy.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure user defined IPv4 local-in policies.
- fortios_firewall_local_in_policy:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_local_in_policy:
- action: "accept"
- comments: ""
- dstaddr:
- -
- name: "default_name_6 (source firewall.address.name firewall.addrgrp.name)"
- ha_mgmt_intf_only: "enable"
- intf: " (source system.zone.name system.interface.name)"
- policyid: "9"
- schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
- service:
- -
- name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)"
- srcaddr:
- -
- name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_local_in_policy_data(json):
- option_list = ['action', 'comments', 'dstaddr',
- 'ha_mgmt_intf_only', 'intf', 'policyid',
- 'schedule', 'service', 'srcaddr',
- 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_local_in_policy(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_local_in_policy'] and data['firewall_local_in_policy']:
- state = data['firewall_local_in_policy']['state']
- else:
- state = True
- firewall_local_in_policy_data = data['firewall_local_in_policy']
- filtered_data = underscore_to_hyphen(filter_firewall_local_in_policy_data(firewall_local_in_policy_data))
-
- if state == "present":
- return fos.set('firewall',
- 'local-in-policy',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'local-in-policy',
- mkey=filtered_data['policyid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_local_in_policy']:
- resp = firewall_local_in_policy(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_local_in_policy": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "action": {"required": False, "type": "str",
- "choices": ["accept", "deny"]},
- "comments": {"required": False, "type": "str"},
- "dstaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "ha_mgmt_intf_only": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "intf": {"required": False, "type": "str"},
- "policyid": {"required": True, "type": "int"},
- "schedule": {"required": False, "type": "str"},
- "service": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py
deleted file mode 100644
index d5f7207335c..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py
+++ /dev/null
@@ -1,423 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_local_in_policy6
-short_description: Configure user defined IPv6 local-in policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and local_in_policy6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_local_in_policy6:
- description:
- - Configure user defined IPv6 local-in policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- action:
- description:
- - Action performed on traffic matching the policy .
- type: str
- choices:
- - accept
- - deny
- comments:
- description:
- - Comment.
- type: str
- dstaddr:
- description:
- - Destination address object from available options.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- intf:
- description:
- - Incoming interface name from available options. Source system.zone.name system.interface.name.
- type: str
- policyid:
- description:
- - User defined local in policy ID.
- required: true
- type: int
- schedule:
- description:
- - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group
- .name.
- type: str
- service:
- description:
- - Service object from available options. Separate names with a space.
- type: list
- suboptions:
- name:
- description:
- - Service name. Source firewall.service.custom.name firewall.service.group.name.
- required: true
- type: str
- srcaddr:
- description:
- - Source address object from available options.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- status:
- description:
- - Enable/disable this local-in policy.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure user defined IPv6 local-in policies.
- fortios_firewall_local_in_policy6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_local_in_policy6:
- action: "accept"
- comments: ""
- dstaddr:
- -
- name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)"
- intf: " (source system.zone.name system.interface.name)"
- policyid: "8"
- schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
- service:
- -
- name: "default_name_11 (source firewall.service.custom.name firewall.service.group.name)"
- srcaddr:
- -
- name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_local_in_policy6_data(json):
- option_list = ['action', 'comments', 'dstaddr',
- 'intf', 'policyid', 'schedule',
- 'service', 'srcaddr', 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_local_in_policy6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_local_in_policy6'] and data['firewall_local_in_policy6']:
- state = data['firewall_local_in_policy6']['state']
- else:
- state = True
- firewall_local_in_policy6_data = data['firewall_local_in_policy6']
- filtered_data = underscore_to_hyphen(filter_firewall_local_in_policy6_data(firewall_local_in_policy6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'local-in-policy6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'local-in-policy6',
- mkey=filtered_data['policyid'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_local_in_policy6']:
- resp = firewall_local_in_policy6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_local_in_policy6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "action": {"required": False, "type": "str",
- "choices": ["accept", "deny"]},
- "comments": {"required": False, "type": "str"},
- "dstaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "intf": {"required": False, "type": "str"},
- "policyid": {"required": True, "type": "int"},
- "schedule": {"required": False, "type": "str"},
- "service": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py
deleted file mode 100644
index 6f4056e2b1d..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py
+++ /dev/null
@@ -1,431 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_multicast_address
-short_description: Configure multicast addresses in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and multicast_address category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_multicast_address:
- description:
- - Configure multicast addresses.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- associated_interface:
- description:
- - Interface associated with the address object. When setting up a policy, only addresses associated with this interface are available.
- Source system.interface.name.
- type: str
- color:
- description:
- - Integer value to determine the color of the icon in the GUI (1 - 32).
- type: int
- comment:
- description:
- - Comment.
- type: str
- end_ip:
- description:
- - Final IPv4 address (inclusive) in the range for the address.
- type: str
- name:
- description:
- - Multicast address name.
- required: true
- type: str
- start_ip:
- description:
- - First IPv4 address (inclusive) in the range for the address.
- type: str
- subnet:
- description:
- - Broadcast address and subnet.
- type: str
- tagging:
- description:
- - Config object tagging.
- type: list
- suboptions:
- category:
- description:
- - Tag category. Source system.object-tagging.category.
- type: str
- name:
- description:
- - Tagging entry name.
- required: true
- type: str
- tags:
- description:
- - Tags.
- type: list
- suboptions:
- name:
- description:
- - Tag name. Source system.object-tagging.tags.name.
- required: true
- type: str
- type:
- description:
- - "Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address."
- type: str
- choices:
- - multicastrange
- - broadcastmask
- visibility:
- description:
- - Enable/disable visibility of the multicast address on the GUI.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure multicast addresses.
- fortios_firewall_multicast_address:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_multicast_address:
- associated_interface: " (source system.interface.name)"
- color: "4"
- comment: "Comment."
- end_ip: ""
- name: "default_name_7"
- start_ip: ""
- subnet: ""
- tagging:
- -
- category: " (source system.object-tagging.category)"
- name: "default_name_12"
- tags:
- -
- name: "default_name_14 (source system.object-tagging.tags.name)"
- type: "multicastrange"
- visibility: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_multicast_address_data(json):
- option_list = ['associated_interface', 'color', 'comment',
- 'end_ip', 'name', 'start_ip',
- 'subnet', 'tagging', 'type',
- 'visibility']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_multicast_address(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_multicast_address'] and data['firewall_multicast_address']:
- state = data['firewall_multicast_address']['state']
- else:
- state = True
- firewall_multicast_address_data = data['firewall_multicast_address']
- filtered_data = underscore_to_hyphen(filter_firewall_multicast_address_data(firewall_multicast_address_data))
-
- if state == "present":
- return fos.set('firewall',
- 'multicast-address',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'multicast-address',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_multicast_address']:
- resp = firewall_multicast_address(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_multicast_address": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "associated_interface": {"required": False, "type": "str"},
- "color": {"required": False, "type": "int"},
- "comment": {"required": False, "type": "str"},
- "end_ip": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "start_ip": {"required": False, "type": "str"},
- "subnet": {"required": False, "type": "str"},
- "tagging": {"required": False, "type": "list",
- "options": {
- "category": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "tags": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
- }},
- "type": {"required": False, "type": "str",
- "choices": ["multicastrange", "broadcastmask"]},
- "visibility": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py
deleted file mode 100644
index ee9c588c68d..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py
+++ /dev/null
@@ -1,400 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_multicast_address6
-short_description: Configure IPv6 multicast address in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and multicast_address6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_multicast_address6:
- description:
- - Configure IPv6 multicast address.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- color:
- description:
- - Color of icon on the GUI.
- type: int
- comment:
- description:
- - Comment.
- type: str
- ip6:
- description:
- - "IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx)."
- type: str
- name:
- description:
- - IPv6 multicast address name.
- required: true
- type: str
- tagging:
- description:
- - Config object tagging.
- type: list
- suboptions:
- category:
- description:
- - Tag category. Source system.object-tagging.category.
- type: str
- name:
- description:
- - Tagging entry name.
- required: true
- type: str
- tags:
- description:
- - Tags.
- type: list
- suboptions:
- name:
- description:
- - Tag name. Source system.object-tagging.tags.name.
- required: true
- type: str
- visibility:
- description:
- - Enable/disable visibility of the IPv6 multicast address on the GUI.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 multicast address.
- fortios_firewall_multicast_address6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_multicast_address6:
- color: "3"
- comment: "Comment."
- ip6: ""
- name: "default_name_6"
- tagging:
- -
- category: " (source system.object-tagging.category)"
- name: "default_name_9"
- tags:
- -
- name: "default_name_11 (source system.object-tagging.tags.name)"
- visibility: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_multicast_address6_data(json):
- option_list = ['color', 'comment', 'ip6',
- 'name', 'tagging', 'visibility']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_multicast_address6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_multicast_address6'] and data['firewall_multicast_address6']:
- state = data['firewall_multicast_address6']['state']
- else:
- state = True
- firewall_multicast_address6_data = data['firewall_multicast_address6']
- filtered_data = underscore_to_hyphen(filter_firewall_multicast_address6_data(firewall_multicast_address6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'multicast-address6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'multicast-address6',
- mkey=filtered_data['name'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_multicast_address6']:
- resp = firewall_multicast_address6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_multicast_address6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "color": {"required": False, "type": "int"},
- "comment": {"required": False, "type": "str"},
- "ip6": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "tagging": {"required": False, "type": "list",
- "options": {
- "category": {"required": False, "type": "str"},
- "name": {"required": True, "type": "str"},
- "tags": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }}
- }},
- "visibility": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py
deleted file mode 100644
index fc106c03617..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py
+++ /dev/null
@@ -1,451 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_multicast_policy
-short_description: Configure multicast NAT policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and multicast_policy category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_multicast_policy:
- description:
- - Configure multicast NAT policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- action:
- description:
- - Accept or deny traffic matching the policy.
- type: str
- choices:
- - accept
- - deny
- dnat:
- description:
- - IPv4 DNAT address used for multicast destination addresses.
- type: str
- dstaddr:
- description:
- - Destination address objects.
- type: list
- suboptions:
- name:
- description:
- - Destination address objects. Source firewall.multicast-address.name.
- required: true
- type: str
- dstintf:
- description:
- - Destination interface name. Source system.interface.name system.zone.name.
- type: str
- end_port:
- description:
- - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535).
- type: int
- id:
- description:
- - Policy ID.
- required: true
- type: int
- logtraffic:
- description:
- - Enable/disable logging traffic accepted by this policy.
- type: str
- choices:
- - enable
- - disable
- protocol:
- description:
- - Integer value for the protocol type as defined by IANA (0 - 255).
- type: int
- snat:
- description:
- - Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT).
- type: str
- choices:
- - enable
- - disable
- snat_ip:
- description:
- - IPv4 address to be used as the source address for NATed traffic.
- type: str
- srcaddr:
- description:
- - Source address objects.
- type: list
- suboptions:
- name:
- description:
- - Source address objects. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- srcintf:
- description:
- - Source interface name. Source system.interface.name system.zone.name.
- type: str
- start_port:
- description:
- - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535).
- type: int
- status:
- description:
- - Enable/disable this policy.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure multicast NAT policies.
- fortios_firewall_multicast_policy:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_multicast_policy:
- action: "accept"
- dnat: ""
- dstaddr:
- -
- name: "default_name_6 (source firewall.multicast-address.name)"
- dstintf: " (source system.interface.name system.zone.name)"
- end_port: "8"
- id: "9"
- logtraffic: "enable"
- protocol: "11"
- snat: "enable"
- snat_ip: ""
- srcaddr:
- -
- name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)"
- srcintf: " (source system.interface.name system.zone.name)"
- start_port: "17"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_multicast_policy_data(json):
- option_list = ['action', 'dnat', 'dstaddr',
- 'dstintf', 'end_port', 'id',
- 'logtraffic', 'protocol', 'snat',
- 'snat_ip', 'srcaddr', 'srcintf',
- 'start_port', 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_multicast_policy(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_multicast_policy'] and data['firewall_multicast_policy']:
- state = data['firewall_multicast_policy']['state']
- else:
- state = True
- firewall_multicast_policy_data = data['firewall_multicast_policy']
- filtered_data = underscore_to_hyphen(filter_firewall_multicast_policy_data(firewall_multicast_policy_data))
-
- if state == "present":
- return fos.set('firewall',
- 'multicast-policy',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'multicast-policy',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_multicast_policy']:
- resp = firewall_multicast_policy(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_multicast_policy": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "action": {"required": False, "type": "str",
- "choices": ["accept", "deny"]},
- "dnat": {"required": False, "type": "str"},
- "dstaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "dstintf": {"required": False, "type": "str"},
- "end_port": {"required": False, "type": "int"},
- "id": {"required": True, "type": "int"},
- "logtraffic": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "protocol": {"required": False, "type": "int"},
- "snat": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "snat_ip": {"required": False, "type": "str"},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "srcintf": {"required": False, "type": "str"},
- "start_port": {"required": False, "type": "int"},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py
deleted file mode 100644
index 0a2b09ac863..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py
+++ /dev/null
@@ -1,428 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_multicast_policy6
-short_description: Configure IPv6 multicast NAT policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and multicast_policy6 category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_multicast_policy6:
- description:
- - Configure IPv6 multicast NAT policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- action:
- description:
- - Accept or deny traffic matching the policy.
- type: str
- choices:
- - accept
- - deny
- dstaddr:
- description:
- - IPv6 destination address name.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.multicast-address6.name.
- required: true
- type: str
- dstintf:
- description:
- - IPv6 destination interface name. Source system.interface.name system.zone.name.
- type: str
- end_port:
- description:
- - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535).
- type: int
- id:
- description:
- - Policy ID.
- required: true
- type: int
- logtraffic:
- description:
- - Enable/disable logging traffic accepted by this policy.
- type: str
- choices:
- - enable
- - disable
- protocol:
- description:
- - Integer value for the protocol type as defined by IANA (0 - 255).
- type: int
- srcaddr:
- description:
- - IPv6 source address name.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address6.name firewall.addrgrp6.name.
- required: true
- type: str
- srcintf:
- description:
- - IPv6 source interface name. Source system.interface.name system.zone.name.
- type: str
- start_port:
- description:
- - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535).
- type: int
- status:
- description:
- - Enable/disable this policy.
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv6 multicast NAT policies.
- fortios_firewall_multicast_policy6:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_multicast_policy6:
- action: "accept"
- dstaddr:
- -
- name: "default_name_5 (source firewall.multicast-address6.name)"
- dstintf: " (source system.interface.name system.zone.name)"
- end_port: "7"
- id: "8"
- logtraffic: "enable"
- protocol: "10"
- srcaddr:
- -
- name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)"
- srcintf: " (source system.interface.name system.zone.name)"
- start_port: "14"
- status: "enable"
-'''
-
-RETURN = '''
-build:
- description: Build number of the fortigate image
- returned: always
- type: str
- sample: '1547'
-http_method:
- description: Last method used to provision the content into FortiGate
- returned: always
- type: str
- sample: 'PUT'
-http_status:
- description: Last result given by FortiGate on last operation applied
- returned: always
- type: str
- sample: "200"
-mkey:
- description: Master key (id) used in the last call to FortiGate
- returned: success
- type: str
- sample: "id"
-name:
- description: Name of the table used to fulfill the request
- returned: always
- type: str
- sample: "urlfilter"
-path:
- description: Path of the table used to fulfill the request
- returned: always
- type: str
- sample: "webfilter"
-revision:
- description: Internal revision number
- returned: always
- type: str
- sample: "17.0.2.10658"
-serial:
- description: Serial number of the unit
- returned: always
- type: str
- sample: "FGVMEVYYQT3AB5352"
-status:
- description: Indication of the operation's result
- returned: always
- type: str
- sample: "success"
-vdom:
- description: Virtual domain used
- returned: always
- type: str
- sample: "root"
-version:
- description: Version of the FortiGate
- returned: always
- type: str
- sample: "v5.6.3"
-
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.connection import Connection
-from ansible.module_utils.network.fortios.fortios import FortiOSHandler
-from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-
-
-def login(data, fos):
- host = data['host']
- username = data['username']
- password = data['password']
- ssl_verify = data['ssl_verify']
-
- fos.debug('on')
- if 'https' in data and not data['https']:
- fos.https('off')
- else:
- fos.https('on')
-
- fos.login(host, username, password, verify=ssl_verify)
-
-
-def filter_firewall_multicast_policy6_data(json):
- option_list = ['action', 'dstaddr', 'dstintf',
- 'end_port', 'id', 'logtraffic',
- 'protocol', 'srcaddr', 'srcintf',
- 'start_port', 'status']
- dictionary = {}
-
- for attribute in option_list:
- if attribute in json and json[attribute] is not None:
- dictionary[attribute] = json[attribute]
-
- return dictionary
-
-
-def underscore_to_hyphen(data):
- if isinstance(data, list):
- for i, elem in enumerate(data):
- data[i] = underscore_to_hyphen(elem)
- elif isinstance(data, dict):
- new_data = {}
- for k, v in data.items():
- new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
- data = new_data
-
- return data
-
-
-def firewall_multicast_policy6(data, fos):
- vdom = data['vdom']
- if 'state' in data and data['state']:
- state = data['state']
- elif 'state' in data['firewall_multicast_policy6'] and data['firewall_multicast_policy6']:
- state = data['firewall_multicast_policy6']['state']
- else:
- state = True
- firewall_multicast_policy6_data = data['firewall_multicast_policy6']
- filtered_data = underscore_to_hyphen(filter_firewall_multicast_policy6_data(firewall_multicast_policy6_data))
-
- if state == "present":
- return fos.set('firewall',
- 'multicast-policy6',
- data=filtered_data,
- vdom=vdom)
-
- elif state == "absent":
- return fos.delete('firewall',
- 'multicast-policy6',
- mkey=filtered_data['id'],
- vdom=vdom)
-
-
-def is_successful_status(status):
- return status['status'] == "success" or \
- status['http_method'] == "DELETE" and status['http_status'] == 404
-
-
-def fortios_firewall(data, fos):
-
- if data['firewall_multicast_policy6']:
- resp = firewall_multicast_policy6(data, fos)
-
- return not is_successful_status(resp), \
- resp['status'] == "success", \
- resp
-
-
-def main():
- fields = {
- "host": {"required": False, "type": "str"},
- "username": {"required": False, "type": "str"},
- "password": {"required": False, "type": "str", "default": "", "no_log": True},
- "vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": True},
- "ssl_verify": {"required": False, "type": "bool", "default": True},
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "firewall_multicast_policy6": {
- "required": False, "type": "dict", "default": None,
- "options": {
- "state": {"required": False, "type": "str",
- "choices": ["present", "absent"]},
- "action": {"required": False, "type": "str",
- "choices": ["accept", "deny"]},
- "dstaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "dstintf": {"required": False, "type": "str"},
- "end_port": {"required": False, "type": "int"},
- "id": {"required": True, "type": "int"},
- "logtraffic": {"required": False, "type": "str",
- "choices": ["enable", "disable"]},
- "protocol": {"required": False, "type": "int"},
- "srcaddr": {"required": False, "type": "list",
- "options": {
- "name": {"required": True, "type": "str"}
- }},
- "srcintf": {"required": False, "type": "str"},
- "start_port": {"required": False, "type": "int"},
- "status": {"required": False, "type": "str",
- "choices": ["enable", "disable"]}
-
- }
- }
- }
-
- module = AnsibleModule(argument_spec=fields,
- supports_check_mode=False)
-
- # legacy_mode refers to using fortiosapi instead of HTTPAPI
- legacy_mode = 'host' in module.params and module.params['host'] is not None and \
- 'username' in module.params and module.params['username'] is not None and \
- 'password' in module.params and module.params['password'] is not None
-
- if not legacy_mode:
- if module._socket_path:
- connection = Connection(module._socket_path)
- fos = FortiOSHandler(connection)
-
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- else:
- module.fail_json(**FAIL_SOCKET_MSG)
- else:
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
-
- fos = FortiOSAPI()
-
- login(module.params, fos)
- is_error, has_changed, result = fortios_firewall(module.params, fos)
- fos.logout()
-
- if not is_error:
- module.exit_json(changed=has_changed, meta=result)
- else:
- module.fail_json(msg="Error in repo", meta=result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_policy.py
deleted file mode 100644
index 537acc3015c..00000000000
--- a/lib/ansible/modules/network/fortios/fortios_firewall_policy.py
+++ /dev/null
@@ -1,1533 +0,0 @@
-#!/usr/bin/python
-from __future__ import (absolute_import, division, print_function)
-# Copyright 2019 Fortinet, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'status': ['preview'],
- 'supported_by': 'community',
- 'metadata_version': '1.1'}
-
-DOCUMENTATION = '''
----
-module: fortios_firewall_policy
-short_description: Configure IPv4 policies in Fortinet's FortiOS and FortiGate.
-description:
- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
- user to set and modify firewall feature and policy category.
- Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.5
-version_added: "2.8"
-author:
- - Miguel Angel Munoz (@mamunozgonzalez)
- - Nicolas Thomas (@thomnico)
-notes:
- - Requires fortiosapi library developed by Fortinet
- - Run as a local_action in your playbook
-requirements:
- - fortiosapi>=0.9.8
-options:
- host:
- description:
- - FortiOS or FortiGate IP address.
- type: str
- required: false
- username:
- description:
- - FortiOS or FortiGate username.
- type: str
- required: false
- password:
- description:
- - FortiOS or FortiGate password.
- type: str
- default: ""
- vdom:
- description:
- - Virtual domain, among those defined previously. A vdom is a
- virtual instance of the FortiGate that can be configured and
- used as a different unit.
- type: str
- default: root
- https:
- description:
- - Indicates if the requests towards FortiGate must use HTTPS protocol.
- type: bool
- default: true
- ssl_verify:
- description:
- - Ensures FortiGate certificate must be verified by a proper CA.
- type: bool
- default: true
- version_added: 2.9
- state:
- description:
- - Indicates whether to create or remove the object.
- This attribute was present already in previous version in a deeper level.
- It has been moved out to this outer level.
- type: str
- required: false
- choices:
- - present
- - absent
- version_added: 2.9
- firewall_policy:
- description:
- - Configure IPv4 policies.
- default: null
- type: dict
- suboptions:
- state:
- description:
- - B(Deprecated)
- - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
- - HORIZONTALLINE
- - Indicates whether to create or remove the object.
- type: str
- required: false
- choices:
- - present
- - absent
- action:
- description:
- - Policy action (allow/deny/ipsec).
- type: str
- choices:
- - accept
- - deny
- - ipsec
- app_category:
- description:
- - Application category ID list.
- type: list
- suboptions:
- id:
- description:
- - Category IDs.
- required: true
- type: int
- app_group:
- description:
- - Application group names.
- type: list
- suboptions:
- name:
- description:
- - Application group names. Source application.group.name.
- required: true
- type: str
- application:
- description:
- - Application ID list.
- type: list
- suboptions:
- id:
- description:
- - Application IDs.
- required: true
- type: int
- application_list:
- description:
- - Name of an existing Application list. Source application.list.name.
- type: str
- auth_cert:
- description:
- - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name.
- type: str
- auth_path:
- description:
- - Enable/disable authentication-based routing.
- type: str
- choices:
- - enable
- - disable
- auth_redirect_addr:
- description:
- - HTTP-to-HTTPS redirect address for firewall authentication.
- type: str
- av_profile:
- description:
- - Name of an existing Antivirus profile. Source antivirus.profile.name.
- type: str
- block_notification:
- description:
- - Enable/disable block notification.
- type: str
- choices:
- - enable
- - disable
- captive_portal_exempt:
- description:
- - Enable to exempt some users from the captive portal.
- type: str
- choices:
- - enable
- - disable
- capture_packet:
- description:
- - Enable/disable capture packets.
- type: str
- choices:
- - enable
- - disable
- comments:
- description:
- - Comment.
- type: str
- custom_log_fields:
- description:
- - Custom fields to append to log messages for this policy.
- type: list
- suboptions:
- field_id:
- description:
- - Custom log field. Source log.custom-field.id.
- type: str
- delay_tcp_npu_session:
- description:
- - Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
- type: str
- choices:
- - enable
- - disable
- devices:
- description:
- - Names of devices or device groups that can be matched by the policy.
- type: list
- suboptions:
- name:
- description:
- - Device or group name. Source user.device.alias user.device-group.name user.device-category.name.
- required: true
- type: str
- diffserv_forward:
- description:
- - Enable to change packet's DiffServ values to the specified diffservcode-forward value.
- type: str
- choices:
- - enable
- - disable
- diffserv_reverse:
- description:
- - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
- type: str
- choices:
- - enable
- - disable
- diffservcode_forward:
- description:
- - Change packet's DiffServ to this value.
- type: str
- diffservcode_rev:
- description:
- - Change packet's reverse (reply) DiffServ to this value.
- type: str
- disclaimer:
- description:
- - Enable/disable user authentication disclaimer.
- type: str
- choices:
- - enable
- - disable
- dlp_sensor:
- description:
- - Name of an existing DLP sensor. Source dlp.sensor.name.
- type: str
- dnsfilter_profile:
- description:
- - Name of an existing DNS filter profile. Source dnsfilter.profile.name.
- type: str
- dscp_match:
- description:
- - Enable DSCP check.
- type: str
- choices:
- - enable
- - disable
- dscp_negate:
- description:
- - Enable negated DSCP match.
- type: str
- choices:
- - enable
- - disable
- dscp_value:
- description:
- - DSCP value.
- type: str
- dsri:
- description:
- - Enable DSRI to ignore HTTP server responses.
- type: str
- choices:
- - enable
- - disable
- dstaddr:
- description:
- - Destination address and address group names.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name.
- required: true
- type: str
- dstaddr_negate:
- description:
- - When enabled dstaddr specifies what the destination address must NOT be.
- type: str
- choices:
- - enable
- - disable
- dstintf:
- description:
- - Outgoing (egress) interface.
- type: list
- suboptions:
- name:
- description:
- - Interface name. Source system.interface.name system.zone.name.
- required: true
- type: str
- firewall_session_dirty:
- description:
- - How to handle sessions if the configuration of this firewall policy changes.
- type: str
- choices:
- - check-all
- - check-new
- fixedport:
- description:
- - Enable to prevent source NAT from changing a session's source port.
- type: str
- choices:
- - enable
- - disable
- fsso:
- description:
- - Enable/disable Fortinet Single Sign-On.
- type: str
- choices:
- - enable
- - disable
- fsso_agent_for_ntlm:
- description:
- - FSSO agent to use for NTLM authentication. Source user.fsso.name.
- type: str
- global_label:
- description:
- - Label for the policy that appears when the GUI is in Global View mode.
- type: str
- groups:
- description:
- - Names of user groups that can authenticate with this policy.
- type: list
- suboptions:
- name:
- description:
- - Group name. Source user.group.name.
- required: true
- type: str
- icap_profile:
- description:
- - Name of an existing ICAP profile. Source icap.profile.name.
- type: str
- identity_based_route:
- description:
- - Name of identity-based routing rule. Source firewall.identity-based-route.name.
- type: str
- inbound:
- description:
- - "Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN."
- type: str
- choices:
- - enable
- - disable
- internet_service:
- description:
- - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
- type: str
- choices:
- - enable
- - disable
- internet_service_custom:
- description:
- - Custom Internet Service name.
- type: list
- suboptions:
- name:
- description:
- - Custom Internet Service name. Source firewall.internet-service-custom.name.
- required: true
- type: str
- internet_service_id:
- description:
- - Internet Service ID.
- type: list
- suboptions:
- id:
- description:
- - Internet Service ID. Source firewall.internet-service.id.
- required: true
- type: int
- internet_service_negate:
- description:
- - When enabled internet-service specifies what the service must NOT be.
- type: str
- choices:
- - enable
- - disable
- internet_service_src:
- description:
- - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
- type: str
- choices:
- - enable
- - disable
- internet_service_src_custom:
- description:
- - Custom Internet Service source name.
- type: list
- suboptions:
- name:
- description:
- - Custom Internet Service name. Source firewall.internet-service-custom.name.
- required: true
- type: str
- internet_service_src_id:
- description:
- - Internet Service source ID.
- type: list
- suboptions:
- id:
- description:
- - Internet Service ID. Source firewall.internet-service.id.
- required: true
- type: int
- internet_service_src_negate:
- description:
- - When enabled internet-service-src specifies what the service must NOT be.
- type: str
- choices:
- - enable
- - disable
- ippool:
- description:
- - Enable to use IP Pools for source NAT.
- type: str
- choices:
- - enable
- - disable
- ips_sensor:
- description:
- - Name of an existing IPS sensor. Source ips.sensor.name.
- type: str
- label:
- description:
- - Label for the policy that appears when the GUI is in Section View mode.
- type: str
- learning_mode:
- description:
- - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
- type: str
- choices:
- - enable
- - disable
- logtraffic:
- description:
- - Enable or disable logging. Log all sessions or security profile sessions.
- type: str
- choices:
- - all
- - utm
- - disable
- logtraffic_start:
- description:
- - Record logs when a session starts and ends.
- type: str
- choices:
- - enable
- - disable
- match_vip:
- description:
- - Enable to match packets that have had their destination addresses changed by a VIP.
- type: str
- choices:
- - enable
- - disable
- name:
- description:
- - Policy name.
- type: str
- nat:
- description:
- - Enable/disable source NAT.
- type: str
- choices:
- - enable
- - disable
- natinbound:
- description:
- - "Policy-based IPsec VPN: apply destination NAT to inbound traffic."
- type: str
- choices:
- - enable
- - disable
- natip:
- description:
- - "Policy-based IPsec VPN: source NAT IP address for outgoing traffic."
- type: str
- natoutbound:
- description:
- - "Policy-based IPsec VPN: apply source NAT to outbound traffic."
- type: str
- choices:
- - enable
- - disable
- ntlm:
- description:
- - Enable/disable NTLM authentication.
- type: str
- choices:
- - enable
- - disable
- ntlm_enabled_browsers:
- description:
- - HTTP-User-Agent value of supported browsers.
- type: list
- suboptions:
- user_agent_string:
- description:
- - User agent string.
- type: str
- ntlm_guest:
- description:
- - Enable/disable NTLM guest user access.
- type: str
- choices:
- - enable
- - disable
- outbound:
- description:
- - "Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN."
- type: str
- choices:
- - enable
- - disable
- per_ip_shaper:
- description:
- - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name.
- type: str
- permit_any_host:
- description:
- - Accept UDP packets from any host.
- type: str
- choices:
- - enable
- - disable
- permit_stun_host:
- description:
- - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
- type: str
- choices:
- - enable
- - disable
- policyid:
- description:
- - Policy ID.
- required: true
- type: int
- poolname:
- description:
- - IP Pool names.
- type: list
- suboptions:
- name:
- description:
- - IP pool name. Source firewall.ippool.name.
- required: true
- type: str
- profile_group:
- description:
- - Name of profile group. Source firewall.profile-group.name.
- type: str
- profile_protocol_options:
- description:
- - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name.
- type: str
- profile_type:
- description:
- - Determine whether the firewall policy allows security profile groups or single profiles only.
- type: str
- choices:
- - single
- - group
- radius_mac_auth_bypass:
- description:
- - Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
- type: str
- choices:
- - enable
- - disable
- redirect_url:
- description:
- - URL users are directed to after seeing and accepting the disclaimer or authenticating.
- type: str
- replacemsg_override_group:
- description:
- - Override the default replacement message group for this policy. Source system.replacemsg-group.name.
- type: str
- rsso:
- description:
- - Enable/disable RADIUS single sign-on (RSSO).
- type: str
- choices:
- - enable
- - disable
- rtp_addr:
- description:
- - Address names if this is an RTP NAT policy.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- rtp_nat:
- description:
- - Enable Real Time Protocol (RTP) NAT.
- type: str
- choices:
- - disable
- - enable
- scan_botnet_connections:
- description:
- - Block or monitor connections to Botnet servers or disable Botnet scanning.
- type: str
- choices:
- - disable
- - block
- - monitor
- schedule:
- description:
- - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name.
- type: str
- schedule_timeout:
- description:
- - Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
- type: str
- choices:
- - enable
- - disable
- send_deny_packet:
- description:
- - Enable to send a reply when a session is denied or blocked by a firewall policy.
- type: str
- choices:
- - disable
- - enable
- service:
- description:
- - Service and service group names.
- type: list
- suboptions:
- name:
- description:
- - Service and service group names. Source firewall.service.custom.name firewall.service.group.name.
- required: true
- type: str
- service_negate:
- description:
- - When enabled service specifies what the service must NOT be.
- type: str
- choices:
- - enable
- - disable
- session_ttl:
- description:
- - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- type: int
- spamfilter_profile:
- description:
- - Name of an existing Spam filter profile. Source spamfilter.profile.name.
- type: str
- srcaddr:
- description:
- - Source address and address group names.
- type: list
- suboptions:
- name:
- description:
- - Address name. Source firewall.address.name firewall.addrgrp.name.
- required: true
- type: str
- srcaddr_negate:
- description:
- - When enabled srcaddr specifies what the source address must NOT be.
- type: str
- choices:
- - enable
- - disable
- srcintf:
- description:
- - Incoming (ingress) interface.
- type: list
- suboptions:
- name:
- description:
- - Interface name. Source system.interface.name system.zone.name.
- required: true
- type: str
- ssh_filter_profile:
- description:
- - Name of an existing SSH filter profile. Source ssh-filter.profile.name.
- type: str
- ssl_mirror:
- description:
- - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
- type: str
- choices:
- - enable
- - disable
- ssl_mirror_intf:
- description:
- - SSL mirror interface name.
- type: list
- suboptions:
- name:
- description:
- - Mirror Interface name. Source system.interface.name system.zone.name.
- required: true
- type: str
- ssl_ssh_profile:
- description:
- - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name.
- type: str
- status:
- description:
- - Enable or disable this policy.
- type: str
- choices:
- - enable
- - disable
- tcp_mss_receiver:
- description:
- - Receiver TCP maximum segment size (MSS).
- type: int
- tcp_mss_sender:
- description:
- - Sender TCP maximum segment size (MSS).
- type: int
- tcp_session_without_syn:
- description:
- - Enable/disable creation of TCP session without SYN flag.
- type: str
- choices:
- - all
- - data-only
- - disable
- timeout_send_rst:
- description:
- - Enable/disable sending RST packets when TCP sessions expire.
- type: str
- choices:
- - enable
- - disable
- traffic_shaper:
- description:
- - Traffic shaper. Source firewall.shaper.traffic-shaper.name.
- type: str
- traffic_shaper_reverse:
- description:
- - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name.
- type: str
- url_category:
- description:
- - URL category ID list.
- type: list
- suboptions:
- id:
- description:
- - URL category ID.
- required: true
- type: int
- users:
- description:
- - Names of individual users that can authenticate with this policy.
- type: list
- suboptions:
- name:
- description:
- - Names of individual users that can authenticate with this policy. Source user.local.name.
- required: true
- type: str
- utm_status:
- description:
- - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- type: str
- choices:
- - enable
- - disable
- uuid:
- description:
- - Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- type: str
- vlan_cos_fwd:
- description:
- - "VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest."
- type: int
- vlan_cos_rev:
- description:
- - "VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.."
- type: int
- vlan_filter:
- description:
- - Set VLAN filters.
- type: str
- voip_profile:
- description:
- - Name of an existing VoIP profile. Source voip.profile.name.
- type: str
- vpntunnel:
- description:
- - "Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name."
- type: str
- waf_profile:
- description:
- - Name of an existing Web application firewall profile. Source waf.profile.name.
- type: str
- wanopt:
- description:
- - Enable/disable WAN optimization.
- type: str
- choices:
- - enable
- - disable
- wanopt_detection:
- description:
- - WAN optimization auto-detection mode.
- type: str
- choices:
- - active
- - passive
- - off
- wanopt_passive_opt:
- description:
- - WAN optimization passive mode options. This option decides what IP address will be used to connect server.
- type: str
- choices:
- - default
- - transparent
- - non-transparent
- wanopt_peer:
- description:
- - WAN optimization peer. Source wanopt.peer.peer-host-id.
- type: str
- wanopt_profile:
- description:
- - WAN optimization profile. Source wanopt.profile.name.
- type: str
- wccp:
- description:
- - Enable/disable forwarding traffic matching this policy to a configured WCCP server.
- type: str
- choices:
- - enable
- - disable
- webcache:
- description:
- - Enable/disable web cache.
- type: str
- choices:
- - enable
- - disable
- webcache_https:
- description:
- - Enable/disable web cache for HTTPS.
- type: str
- choices:
- - disable
- - enable
- webfilter_profile:
- description:
- - Name of an existing Web filter profile. Source webfilter.profile.name.
- type: str
- wsso:
- description:
- - Enable/disable WiFi Single Sign On (WSSO).
- type: str
- choices:
- - enable
- - disable
-'''
-
-EXAMPLES = '''
-- hosts: localhost
- vars:
- host: "192.168.122.40"
- username: "admin"
- password: ""
- vdom: "root"
- ssl_verify: "False"
- tasks:
- - name: Configure IPv4 policies.
- fortios_firewall_policy:
- host: "{{ host }}"
- username: "{{ username }}"
- password: "{{ password }}"
- vdom: "{{ vdom }}"
- https: "False"
- state: "present"
- firewall_policy:
- action: "accept"
- app_category:
- -
- id: "5"
- app_group:
- -
- name: "default_name_7 (source application.group.name)"
- application:
- -
- id: "9"
- application_list: " (source application.list.name)"
- auth_cert: " (source vpn.certificate.local.name)"
- auth_path: "enable"
- auth_redirect_addr: ""
- av_profile: " (source antivirus.profile.name)"
- block_notification: "enable"
- captive_portal_exempt: "enable"
- capture_packet: "enable"
- comments: ""
- custom_log_fields:
- -
- field_id: " (source log.custom-field.id)"
- delay_tcp_npu_session: "enable"
- devices:
- -
- name: "default_name_23 (source user.device.alias user.device-group.name user.device-category.name)"
- diffserv_forward: "enable"
- diffserv_reverse: "enable"
- diffservcode_forward: ""
- diffservcode_rev: ""
- disclaimer: "enable"
- dlp_sensor: " (source dlp.sensor.name)"
- dnsfilter_profile: " (source dnsfilter.profile.name)"
- dscp_match: "enable"
- dscp_negate: "enable"
- dscp_value: ""
- dsri: "enable"
- dstaddr:
- -
- name: "default_name_36 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name)"
- dstaddr_negate: "enable"
- dstintf:
- -
- name: "default_name_39 (source system.interface.name system.zone.name)"
- firewall_session_dirty: "check-all"
- fixedport: "enable"
- fsso: "enable"
- fsso_agent_for_ntlm: " (source user.fsso.name)"
- global_label: ""
- groups:
- -
- name: "default_name_46 (source user.group.name)"
- icap_profile: " (source icap.profile.name)"
- identity_based_route: " (source firewall.identity-based-route.name)"
- inbound: "enable"
- internet_service: "enable"
- internet_service_custom:
- -
- name: "default_name_52 (source firewall.internet-service-custom.name)"
- internet_service_id:
- -
- id: "54 (source firewall.internet-service.id)"
- internet_service_negate: "enable"
- internet_service_src: "enable"
- internet_service_src_custom:
- -
- name: "default_name_58 (source firewall.internet-service-custom.name)"
- internet_service_src_id:
- -
- id: "60 (source firewall.internet-service.id)"
- internet_service_src_negate: "enable"
- ippool: "enable"
- ips_sensor: " (source ips.sensor.name)"
- label: ""
- learning_mode: "enable"
- logtraffic: "all"
- logtraffic_start: "enable"
- match_vip: "enable"
- name: "default_name_69"
- nat: "enable"
- natinbound: "enable"
- natip: ""
- natoutbound: "enable"
- ntlm: "enable"
- ntlm_enabled_browsers:
- -
- user_agent_string: ""
- ntlm_guest: "enable"
- outbound: "enable"
- per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)"
- permit_any_host: "enable"
- permit_stun_host: "enable"
- policyid: "82"
- poolname:
- -
- name: "default_name_84 (source firewall.ippool.name)"
- profile_group: " (source firewall.profile-group.name)"
- profile_protocol_options: "